Data Protection Policy
§ 1 Person responsible/ data protection officer
- Zimmer Group (responsible organization: Zimmer GmbH, Im Salmenkopf 5, 77866 Rheinau, Germany) places great importance on the protection of your personal information and your right to privacy. Observing and complying with the regulations governing protection of personal information and data security are a matter of course with us. We designate any information that is specific to you as a person, such as your greeting, first name, last name, address, telephone number, fax number, e-mail address, IP address, etc., as personal information. We want to let you know when we collect any of your personal information and how we use it.
- If you have any questions or concerns regarding data security, please contact the data protection officer by e-mail at firstname.lastname@example.org or by mail at Datenschutzbeauftragter [Data Protection Officer], Zimmer GmbH, Im Salmenkopf 5, 77866 Rheinau, Germany.
§ 2 Your data subject rights
- You may exercise the following rights at any time under the declared contact data of our data protection officer:
- Information about your data stored at our company and the processing thereof (Art. 15 GDPR),
- Rectification of inaccurate personal data (Art. 16 GDPR),
- Deletion of all of your data stored at our company (Art. 17 GDPR),
- Restriction of data processing, in the event that we are not allowed to delete your data due to statutory obligations (Art. 18 GDPR),
- Objection to the processing of your data stored at our company (Art. 21 GDPR) and
- Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).
- If you have granted us consent, you may revoke this at any time with effect for the future.
- If you have a complaint, you may appeal to a regulatory agency at any time, e.g. to the appropriate regulatory agency of the country of your place of residence or to the agency representing the responsible authority for us.
- Landesbeauftragter für den Datenschutz und die Informationsfreiheit [State Commissioner for Data Protection and Freedom of Information]
- Address: Königstrasse 10 a, 70173 Stuttgart
- Postal address: Postfach 10 29 32, 70025 Stuttgart, Germany
- Phone: 0711/615541-0, Fax: 0711/615541-15,
- E-mail: email@example.com
§ 3 Website access
Each instance you access our website is logged, as well as each instance you call up data stored on the website. This logging is done for internal system-related purposes. The following information is logged: Date and time of access, called URL, protocol used for calling (e.g., http/1.1), origin, i.e., which site the access originates from (e.g., Google), and the user agent of the caller (browser information, e-mail client, etc.). For security reasons, the IP address is also logged. This log can only be accessed in the event of security breaches for the purpose of criminal prosecution, and the length of time this data is retained is 10 weeks. No user profiles specific to individuals are generated! The legal basis is Art. 6 Para. 1 lit. f GDPR.
§ 4 Contact form
When you contact us through our website, we collect a variety of personal information when you use our contact form. The mandatory fields we require to be able to reasonably handle your inquiry with the least amount of your data are: First name, last name, company, company address (street, city), your e-mail address, telephone number for questions, and the message itself. Providing the sales tax ID for your company is voluntary, as is any other additional information, such as a callback request or your fax number. Lastly, you confirm via a reCAPTCHA field that you are a person, so that we can block botnet or automated inquiries to protect against spam. This information provided by you causes an application with temporary storage to generate an unencrypted e-mail that you send to us by pressing Send. Please note that the e-mail is unencrypted, so we ask that you not provide any confidential data or information in this way. The legal basis is Art. 6 Para. 1 lit. a, f GDPR.
§ 5 File upload
A link to the secure online portal Fileshare is provided in the service area for sending files to us. You must provide your e-mail address and first and last name upon registration. The purpose of this is so we can contact you in order to route your inquiry within our company.
§ 6 Cookies
§ 7 Google Analytics
- This website uses Google Analytics. This is a web analysis service of Google Ireland Limited (“Google”), a company that is registered and operated in accordance with Irish law (register number: 368047) with the main office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
- Google Analytics uses “cookies”. The information generated by the cookie about how you use our online services (including your IP address) is transferred to a Google server in the USA and stored there. It shall not be ruled out that in the course of this, data processing takes place outside of the scope of EU law. Google has acceded to the EU-US Privacy Shield Framework, and as such, Google guarantees that EU data protection standards are adhered to.
- Google Analytics uses “cookies”, text files that are stored on your computer and that make it possible to analyze how you use the website. Google will use this information on behalf of the operating company of the website to analyze your use of the website, to compile reports on website activity, and to perform other services associated with the use of the website and Internet usage for the website operator. The IP address transmitted by your browser for the purpose of Google Analytics will not be merged with other data by Google. You can prevent cookies from being stored by changing the corresponding setting in your browser; however, please note that you may not be able to fully use all of the functions of this website in that case. You can also prevent Google from collecting data generated by the cookie (including your IP address) related to your use of the website and prevent Google from processing it by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout).
- You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set that will prevent any further collection of your information when you visit this website: Deactivate Google Analytics
Please note that the code "gat._anonymizeIp();" has been added to the Google Analytics on this website in order to ensure that the collection of IP addresses is anonymized ("IP masking").
§ 8 WiredMinds
- Our website uses tracking pixel technology from WiredMinds AG (https://www.wiredminds.de/en/) for the purposes of visitor behavior analysis. WiredMinds is WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany.
- Data is collected, processed, and stored for this purpose and used to create user profiles using a pseudonym. Wherever possible and reasonable, these user profiles are completely anonymized. Cookies may be used for this purpose. Cookies are small text files that are stored by the visitor's browser and used to recognize the Internet browser. The collected information, which can also include personal information, is transmitted to WiredMinds or collected directly by WiredMinds. WiredMinds may use information shared on web pages during visits to create anonymized user profiles. The information gathered in this way is not used to personally identify the user of this website without the explicit permission of the user in question and is not merged with personal information about the bearer of the pseudonym.
- You can object to the collection, processing, and storage of your information at any time, with effect for the future, by clicking on the link below. Exclude from website tracking
- Further information, as well as the valid WiredMinds data protection regulations, can be retrieved at https://www.wiredminds.de/en/privacy-statement/
- The processing of data takes place on the basis of consent of the user (Art. 6 Para. 1 lit. a GDPR).
- The recipient of the data, as the data processing company, is WiredMinds GmbH.
- In cases where IP addresses are recorded, they are anonymized immediately by the deletion of the last number block.
- The provision of your personal data is made voluntarily, solely on the basis of your consent. If you prohibit access, function restrictions of the website may result.
- Using the tools of WiredMinds, the behavior of website visitors can be assessed and interests are analyzed. Furthermore, this enables an improvement in online services. For this purpose, we generate a pseudonymous user profile.
§ 9 Use of social media plug-ins
- We have no influence on the collected data and data processing operations used, nor do we have any knowledge on the full scope of data collection, the purposes of processing or the periods of storage. In addition, we do not have any information regarding the deletion of the data collected by the plug-in provider.
- The plug-in provider stores the data collected about you as user profiles and uses this data for the purposes of advertising, market research and/or to design its website to meet the needs of users. This data is evaluated especially to display targeted advertising (including for users who are not signed in) and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and can exercise this right by contacting the respective plug-in provider. The plug-ins make it possible for you to interact with the social networks and other users, thereby enabling us to improve our online services and make them more attractive and useful for you as a user. The legal basis for the provision of plug-ins is Art. 6 Para. 1 S. 1 lit. f GDPR.
- The data is forwarded irrespective of whether you have an account with the plug-in provider and are signed in there. If you are signed in with the plug-in provider, your data that is collected by us is associated directly with your existing account with the plug-in provider. If, for example, you press the Activate button and link to the page, the plug-in provider also stores this information to your user account and publicly shares it with your contacts. After using a social network, we recommend that you sign out regularly, especially before you activate the button, because by doing so, you can prevent the plug-in provider from associating this data to your profile.
- You can obtain further information regarding the purpose and scope of the data collection and its processing by the plug-in provider from the data protection policies of these providers as listed below. Here, you also obtain further information on your rights and settings options for the protection of your privacy.
- Addresses for the respective plug-in providers and URL that includes their data protection policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php further information relating to data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info. Facebook is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
- XING AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland https://twitter.com/privacy
§ 10 Incorporation of YouTube videos
- We have incorporated YouTube videos into our online services which are stored on www.YouTube.com and can be played directly from our website. [These are all integrated in the “advanced data protection mode”, which means that no data about you as a user is transmitted to YouTube if you do not play back the videos. The data referred to in Paragraph 2 is transmitted only if you play back the videos. We have no control over this data transmission.]
- When you visit the website, YouTube receives the information that you have accessed the respective subpage of our website. The data specified in § 3 of this policy is also transmitted. This is done regardless of whether YouTube provides a user account that you are signed in to, or whether a user account exists. If you are signed in to Google, your data is associated directly with your account. If you do not want to allow your profile to be associated with YouTube, you have to sign out before you activate the button. YouTube stores your data as a usage profile and uses this for the purposes of advertising, market research and/or to design its website to meet the needs of users. This data is evaluated especially for the provision of targeted advertising (even for users who are not signed in) and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile; however, you have to contact YouTube to exercise this right.
- For further information regarding the purpose and scope of data collection and its processing by YouTube, see its data protection policy. Here, you also obtain further information on your rights and settings options for the protection of your privacy: https://policies.google.com/privacy.
§ 11 Data protection policy – Social media
- By providing a Facebook FanPage, a XING, Instagram or LinkedIn company page, or a company profile on YouTube, for one thing, we collect data from you, the user, and for another, the respective operating company processes your data. This is done irrespective of whether you have a user account with the operating company or not. This fact only influences the type of data processing that is carried out by Facebook and Instagram; however, it does not influence the question as to whether data is processed in the first place. This is done in any event.
- We cannot assume responsibility for data processing by the operating company. We also cannot comment on this extensively for you, but instead at this point refer you to a judgment by the Court of Justice of the European Union (EuGH), dated 2018-06-05, that a shared responsibility, with reference to the Facebook FanPages, has been determined. The case law is transferable to other operating companies.
- Please refer to the data protection policies of the respective operating companies for the part on the responsibilities of the operating companies.
- Upon your visit to our Facebook FanPage, a XING, Instagram or LinkedIn company page, or our company profile on YouTube, we can record the following:
- The domain name
- The IP address of your computer,
- The file request of the client (file name and URL), the http-response-code and the
- Internet site from which you visited us.
- Interactions with our articles (“likes”)
- Interactions with us
- We automatically gather the data that accrues during visits to our web pages.
- We maintain the web pages to communicate with users there and to be able to advert postings and services, among other things.
- For a detailed display of the respective processings and objection options (opt-out), we refer you to the information linked in § 9 Para. VI and § 10 Para. III.
§ 12 Incorporation of Google Maps
- On this website, we use the service from Google Maps. This means that we can display interactive maps to you directly in the website, offering you the convenient use of the map function.
- When you visit the website, Google receives the information that you have accessed the respective subpage of our website. The data specified in § 3 of this policy is also transmitted. This is done regardless of whether Google provides a user account that you are signed in to, or whether a user account exists. If you are signed in to Google, your data is associated directly with your account. If you do not want to allow your profile to be associated with Google, you have to sign out before you activate the button. Google stores your data as a usage profile and uses this for the purposes of advertising, market research and/or to design its website to meet the needs of users. This data is evaluated especially for the provision of targeted advertising (even for users who are not signed in) and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of this usage profile; however, you have to contact Google to exercise this right.
- You can obtain further information regarding the purpose and scope of the data collection and its processing by the plug-in provider from the data protection policies of the providers. Here, you also obtain further information on your rights and settings options for the protection of your privacy:
§ 13 Google reCAPTCHA
- We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Ireland Limited (“Google”), a company that is registered and operated in accordance with Irish law (register number: 368047) with the main office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). https://policies.google.com/privacy
- The use of reCAPTCHA shall be able to verify whether data is being input into our website (e.g. into an electronic contact form) by a person or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of website visitors on the basis of various characteristics. This analysis begins automatically once the website user enters the website. For the purposes of analysis, reCAPTCHA evaluates various information (e.g. IP address, length of the visitor's stay on the website or mouse movements effected by the user). The data that is recorded during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. It is not expressly indicated to website users that an analysis is taking place.
Data processing takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The operating company of the website has a legitimate interest in protecting their web services against fraudulent automated spying and against spam. Refer to the following links for further information on Google reCAPTCHA as well as the data protection policy from Google: https://policies.google.com/privacy and https://www.google.com/recaptcha/intro/android.html.
§ 14 DoubleClick by Google
- Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and continued use of the data collected through the use of this tool by Google and therefore we inform you to the best of our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our online content or that you clicked on one of our ads. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or you are not signed in, there is a possibility that the provider will find and store your IP address.
- There are several ways in which you can prevent participation in this tracking process:
- By adjusting your browser software accordingly; in particular, the suppression of third-party cookies will prevent you from receiving any advertisements by third-party providers;
- By disabling the cookies for conversion tracking in that you set your browser to block cookies from the domain “www.googleadservices.com”,https://adssettings.google.com, whereby this setting will be deleted if you delete your cookies;
- By disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign, via the link www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;
- By permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. Please note that in such a case, you may not be able to use all of the functions of this online service in full.
- The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f GDPR. For more information about DoubleClick by Google, visit https://marketingplatform.google.com/about/enterprise/, and for Google data protection in general: https://policies.google.com/privacy.
§ 15 Usage and forwarding of personally identifiable data
- If you have provided us with personal information, we will use it only to respond to your inquiries, for technical administration and, provided you have given your permission, for marketing purposes. Your personal information will not be disclosed or otherwise transmitted to third parties unless doing so is required to fulfill an agreement (particularly, communication of order information to suppliers), for billing purposes, if we are required to do so by law, or if you have given your permission in advance.
- You have the right to withdraw any permission you have given at any time, with effect for the future.
- Your stored personal information is deleted when you withdraw your permission for us to store it, when knowing it is no longer necessary to perform the task associated with the storage of the information, that is, the process has been completed and there are no legally binding retention periods preventing its deletion, or when storing it is not permitted for other legal reasons. In the event that your information cannot be deleted, it will be precluded from further processing until any legally required retention periods have expired.
§ 16 Miscellaneous
We do not use any kind of automated processing that could lead to automated decision-making/profiling regarding you personally.
§ 17 Security advice
Taking every technical and organizational step possible, we make every effort to store your information in such a way that it is not accessible to third parties. When communicating via unsecured e-mail, we cannot ensure complete data security; for this reason, we recommend that you send any confidential information through regular postal service.