Table of Contents
Responsible department according to Data Protection Act, in particular the EU General Data Protection Regulation (EU-GDPR), is:
Atesos Medical AG
Telephone: +41 (0)62 823 15 15
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the federal government (Data Protection Act), everyone has the right to the protection of their privacy and protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. In cooperation with our hosting providers, we strive to protect the databases as good as possible from unauthorized access, loss, misuse or falsification. We would like to point out that data transmission over the internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible. By using this website, you consent to the collection, processing and use of data as described below. In principle, this website can be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.
Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with the Swiss data protection law. In addition, we process – to the extent and insofar as the EU GDPR is applicable – personal data in accordance with the following legal bases in connection with Art. 6 Paragraph 1 GDPR:
- Consent (Art. 6 Para. 1 p. 1 lit. a. GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
- Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 p. 1 lit. b. GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject person.
- Legal obligation (Art. 6 Para. 1 p. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
- Protection of vital interests (Art. 6 Para. 1 p. 1 lit. d. GDPR) – Processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests (Art. 6 Para. 1 p. 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject are the protection require personal data predominate.
- Application procedure as a pre-contractual or contractual relationship (Art. 9 Paragraph 2 lit. b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 Paragraph 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are included in the application process ) are requested from applicants so that the person responsible or the person concerned can exercise his or her rights arising from labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing takes place in accordance with Art. 9 Paragraph 2 lit. b. GDPR, in the case of the protection of the vital interests of applicants or other persons in accordance with Art. 9 Paragraph 2 lit. c. GDPR or for health care or occupational medicine purposes, for assessing the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 Paragraph 2 lit. h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing takes place on the basis of Art. 9 Para. 2 lit. a. GDPR
We process personal data for the duration that is necessary for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we limit the processing accordingly.
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and to carry out contractual measures for answering inquiries is Article 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or they are disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
Insofar as we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies takes place, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we process the data only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
A distinction is made between the following types of cookies and functions:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies are saved even after you close the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used to measure reach or for marketing purposes can also be stored in such a cookie.
- First-party cookies: We set first-party cookies ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g., to save logins or other user inputs or for security reasons).
Notes on legal bases:
If we do not provide you with any explicit information on the storage duration of permanent cookies (e.g. in the context of a so-called cookie opt-in), please assume that the storage duration can be up to two years.
In addition, you can receive further objection notices in the context of the information on the service providers and cookies used.
Processing of cookie data on the basis of consent:
The declaration of consent is saved in order not to have to repeat the query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server and / or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his/her device.
Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of the consent (e.g. which categories of cookies and / or service providers) as well as the browser, system and end device used.
- Processed data types: usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Legal basis:
- Consent (Art. 6 Para. 1 p. 1 lit. a. GDPR),
- Legitimate interests (Art. 6 Par. 1 p. 1 lit. f. GDPR).
This website uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- The operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
This website uses Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam and YouTube for embedding videos.
Google is committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shields.
Further information can be found in Google’s data protection declaration.
This website uses Google Maps. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account that you are logged into or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the cookie button.
Google is saving your data as a usage profile and is using it for advertising, market research and / or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these usage profiles, although you must contact Google to exercise this right. For more information on the purpose and scope of data collection and its processing by Google, as well as further information on your rights in this regard and setting options to protect your privacy, go to: https://policies.google.com/privacy?hl=en&gl=en.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland, hereinafter referred to as “Google”. The purpose of reCAPTCHA is to check whether data is entered on our website (e.g. in a contact form) by a person or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the visitor on the website or mouse movements made by the user). The data collected during the analysis are forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.
Wir setzen Adobe Fonts zur visuellen Gestaltung unserer Website ein. Adobe Fonts ist ein Dienst der Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), der uns den Zugriff auf eine Schriftartenbibliothek gewährt. Zur Einbindung der von uns benutzten Schriftarten, muss Ihr Browser eine Verbindung zu einem Server von Adobe in den USA aufbauen und die für unsere Website benötigte Schriftart herunterladen. Adobe erhält hierdurch die Information, dass von Ihrer IP-Adresse unsere Website aufgerufen wurde. Weitere Informationen zu Adobe Fonts, finden Sie in den Datenschutzhinweisen von Adobe, die Sie hier abrufen können: https://www.adobe.com/uk/privacy/policies/adobe-fonts.html
Functions of the “YouTube” service are integrated into this website. “YouTube” belongs to Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
Every affected person has the right to request confirmation from the operator of the website as to whether personal data concerning the affected person is being processed. If you would like to make use of this right of confirmation, you can contact the data protection officer at any time.
Any person affected by the processing of personal data has the right to receive free information from the operator of this website about the personal data stored about him/her and a copy of this information at any time. In addition, the following information can be provided if necessary:
- the purposes of the processing
- the categories of personal data that are processed
- the recipients to whom the personal data have been disclosed or are still being disclosed
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- The existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing
- The right to lodge a complaint with a supervisory authority
- if the personal data are not collected from the affected person: all available information on the origin of the data.
Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission. If you would like to make use of this right to information, you can contact our data protection officer at any time.
Every person affected by the processing of personal data has the right to request the immediate correction of incorrect personal data concerning them. Furthermore, the affected person has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – including by means of a supplementary declaration. If you would like to exercise this right to correction, you can contact our data protection officer at any time.
Any person affected by the processing of personal data has the right to demand that the person responsible for this website delete the personal data relating to them immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary
- The affected person revokes their consent on which the processing was based and there is no other legal basis for the processing
- The affected person objects to the processing for reasons that arise from their particular situation and there are no higher legitimate reasons for the processing, or the affected person objects to the processing in the case of direct mail and associated profiling
- The personal data was processed unlawfully
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject
- The personal data was collected in relation to services offered directly to a child
If one of the above reasons applies and you want to have personal data deleted that is stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer for this website will immediately arrange the request for deletion to be complied with.
Every person affected by the processing of personal data has the right to demand restriction of processing of the data by the operator of the website if one of the following conditions is met:
- The correctness of the personal data is contested by the affected person for a period of time that enables the person responsible to check the correctness of the personal data
- The processing is unlawful, the affected person refuses to delete the personal data and instead requests that the use of the personal data be restricted
- The person responsible no longer needs the personal data for the purposes of processing, but the person concerned needs them to assert, exercise or defend legal claims
- The affected person has lodged an objection to the processing for reasons that arise from their particular situation and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the affected person.
If one of the above conditions is met and you want to restrict personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer for this website will arrange for the processing to be restricted.
Every person affected by the processing of personal data has the right to receive the personal data relating to them in a structured, common and machine-readable format. You also have the right to have this data transmitted to another person responsible if the legal requirements are met. Furthermore, the person concerned has the right to have the personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible and provided that this does not impair the rights and freedoms of other persons. To assert the right to transferring data, you can contact the data protection officer appointed by the operator of this website at any time.
Every person affected by the processing of personal data has the right to object to the processing of personal data concerning them at any time for reasons that arise from their particular situation. The operator of this website will no longer process the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the affected person, or if the processing requires the assertion, exercise or defense of legal claims. To exercise the right to object, you can contact the data protection officer for this website directly.
Every person affected by the processing of personal data has the right to withdraw consent given to the processing of personal data at any time. If you would like to assert your right to withdraw your consent, you can contact our data protection officer at any time.
We hereby object to the use of the contact data published in the context of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.
We process the data of our customers in accordance with the data protection regulations of the Swiss federal government (Data Protection Act) and the EU-GDPR as part of our contractual services.
We process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, etc.), contract data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), usage – and metadata (e.g. in the context of evaluating and measuring the success of marketing measures). Those affected include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of processing is to provide contractual services, billing and our customer service. The legal basis for processing results from Art. 6 Paragraph 1 lit. b. GDPR (contractual services), Art. 6 Paragraph 1 lit. f. GDPR (analysis, statistics, optimization, security measures). We process data that are necessary for the establishment and fulfillment of the contractual services and point out that it is necessary to provide them. Disclosure to external parties only takes place if it is necessary in the context of an order. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements for order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those in accordance with the order.
We delete the data after the expiry of statutory warranty and comparable obligations. The need to store the data is checked at irregular intervals. In the case of legal archiving obligations, the deletion takes place after their expiry. In the case of data that has been disclosed to us in the context of an order by the client, we delete the data in accordance with the specifications of the order, generally after the end of the order.
We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.
We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the business organisation. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the persons concerned (e.g. to telecommunications, transport and other auxiliary services involved as well Subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
We inform the contractual partners before or as part of the data collection, e.g. in online forms, by special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally, which data are required for the aforementioned purposes.
We delete the data after the expiry of statutory warranty and comparable obligations. For the traceability of delivered goods, the obligation to keep all batch documents and the technical documentation according to the MDR is 30 years. This can also contain customer master data, as the customers must be contacted in the event of a recall. Customer surveys and general quality-relevant documents are archived for 5 years, tax-related documents for 10 years. We delete data that has been disclosed to us by the contractual partner in the context of an order in accordance with the specifications of the order. Patient-related data is anonymised as part of post-market surveillance activities and deleted after these activities have been completed.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers. According to ISO 13485, the control measures applied on suppliers to maintain product conformity are recorded in writing in quality assurance agreements and are regularly checked by the manufacturer (Atesos).
Analyses and market research: For business reasons and in order to be able to recognize market trends, wishes of the contractual partners and customers, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby contractual partners, interested parties, customers, visitors are included in the group of persons concerned and users of our services.
The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can, if available, take into account the profiles of customers including their details, e.g. on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized, values. Furthermore, we take the privacy of users and especially patients into account and process the data for analysis purposes as pseudonymously and, if possible, anonymously (e.g. as summarized data).
The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.
Whoever commits a copyright infringement without the consent of the respective rights holder can make himself liable to prosecution and possibly liable for damages.
All information on this website has been carefully checked. We endeavor to keep our information offering up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and actuality of information, including journalistic and editorial information. Liability claims for material or immaterial damage caused by the use of the information provided are excluded, unless it can be proven that there was willful intent or gross negligence.
The publisher can change or delete texts at his own discretion and without notice and is not obliged to update the content of this website. Use of or access to this website is at the visitor’s own risk. The publisher, its clients or partners are not responsible for damage, such as direct, indirect, accidental, specifically to be determined in advance or consequential damage, which allegedly resulted from visiting this website and consequently assume no liability for this.
If activities are undertaken using information and products from this website and otherwise obtained information that is expressly reserved only for trained medical healthcare practitioners, does not correspond to the intended use of the certified products and is therefore illegal, the manufacturer, partner, importer or dealer does not assume any responsibility for possible damage to the personnel carrying out the work, the patient or any other person involved.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that is contrary to common decency.
We can adapt this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change in the event of an update by e-mail or in another suitable manner.
If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organisation listed at the beginning of the data protection declaration.
- ISO 13485:2016