Last revised 27.07.2018
KARL STORZ, as identified in Sec. 6 (Contact us) below, is pleased about your visit to its websites as well as your interest in our company and our products. We take the protection of your personal data serious and we want you to feel comfortable visiting our websites. The protection of your privacy in the processing of personal data is an important concern for us, which we take into account in our business processes.
Table of contents
- Categories of personal data, processing purposes and legal bases
- Third parties and international transfers
- What rights do you have and how can you assert your rights?
- Cookies, other tracking technologies and interactive online content
- How long do we keep your personal data?
- Contact us
When you visit our Website we will generally collect the following website data that result from your usage of the Website (inter alia): browser type and version, operating system used, website from which you are visiting us (referrer URL), website you are visiting, date and time of accessing our Website, and internet protocol (IP) address. Your IP address will be used to enable your access to our Website (please see also below Sec. 4 (Cookies, other tracking technologies and interactive online content) for additional information on Cookies and other tracking technologies).
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service, to achieve the transmission of the communication and to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications.
Other online forms and general communications with us:
If you have questions, suggestions or comments you can send those to us. If you contact us (e.g., by using an online form) we may collect and process the following personal data about you (inter alia): name, gender (salutation), title, area of practice (e.g., human medicine), name of your organization, postal address, email address, telephone number, fax number, and you inquiry. We process such personal data for purposes of answering your request.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
In general, the provision of your personal data is voluntary, but in certain cases it is necessary in order to enter into a contract with us or to receive our services/products as requested by you.
Not providing your personal data may result in disadvantages for you – for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
Recipients within the KARL STORZ Group
Your personal data may be received by different recipients within the KARL STORZ Group. Depending on the categories of personal data and the purposes for which the personal data has been collected, different KARL STORZ entities and the internal departments within the KARL STORZ entities may receive your personal data. For example, our IT department may have access to your account data, and our marketing and sales departments may have access to your account data or data relating to product orders. Moreover, other departments within the KARL STORZ Group may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department or internal auditing.
Transfer to service providers
We may engage external and internal service providers, who act as our data processor in order to provide certain services to us, such as website service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you in any other way. When providing such services, the external service or internal providers may have access to and/or may process your personal data. We require those service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
We may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without permission.
International transfers of personal data
The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). For recipients located outside of the EEA, some are certified under the EU-U.S. Privacy Shield and others are located in countries with adequacy decisions (in particular, Argentina, Canada (for non-public organizations subject to the Canadian Personal Information Protection and Electronic Documents Act) and Switzerland), and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective. We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Sec. 6 (Contact us) below.
If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you can withdraw this consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing (free of charge) without incurring any costs other than the transmission costs in accordance with the basic tariffs (see below for further information on the right to object).
Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; (vi) object to the processing of your personal data (including objection to profiling); and (vii) exercise other rights in connection with automated decision-making.
Please note that the abovementioned rights might be modified under the applicable data protection law. Below please find further information on your rights to the extent that the GDPR applies:
(i) Right to request access to your personal data
You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to request rectification
You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to request erasure (right to be forgotten)
Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
(iv) Right to request restriction of processing
Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
(v) Right to request data portability
Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
(vi) Right to object
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if KARL STORZ collects and processes your personal data for profiling purposes in order to better understand your business interests in KARL STORZ' products and services. Further you may object to the use of your data for direct marketing via personal visits, postal mail or – in case of an ongoing business relationship - email. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. To exercise this right please contact us as stated under Sec. 6 (Contact us) below.
However, such a right to object may in particular not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
In case you have given us your consent for direct marketing purposes (e.g., you actively subscribed to our newsletters) you can withdraw your consent as described at the top of this Sec. 3.
(vii) Other rights in connection with automated decision-making
Furthermore, under certain circumstances with respect to automated individual decision-making, you have the right to obtain human intervention, express your point of view, and contest the decision.
To exercise your rights, please contact us as stated under Sec. 6 (Contact us) below.
You also have the right to lodge a complaint with the competent data protection supervisory authority. You can execute this right at a supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Cookies and other tracking technologies
- Beacons are small graphical images (also known as "pixel tags" or "clear GIFs") that may be included on our Websites and typically work in conjunction with cookies to identify our users and user behavior.
- An embedded script is a programming code that is designed to collect information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the Websites, and is deactivated or deleted thereafter.
The above technologies are used in administering the Website, analyzing trends, services and products, and tracking users’ movements around the Website.
The table below sets out more detailed information on the cookies and similar technologies we use on the Websites, their purpose, and how you may opt out of our use of these cookies and similar technologies.
The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.
My visit data is used for web analysis. My visit data is not used for web analysis.
Further information on data protection with etracker can be found here.
Friendly Captcha (Bot/Spam Protection)
We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor's end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted after 30 days.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
Interactive online content
Our Website uses technologies to display certain content to you, such as video players, locations maps or other interactive online content. Such technologies are stored on a service provider's server and cookies and other tracking technology may be used by the service provider. Moreover, we may use certain auto-complete functions to assist you when filling in your address details. Also this data may be shared with a service provider making this functionality available to you.
We may carry out the processing of your personal data with regard to cookies, other tracking technologies and interactive online content on the following legal bases: The processing is necessary to provide you with the service, to achieve the transmission of the communication and to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications. Moreover, you have given your consent to the processing of your data for one or more specific purposes. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once you have deleted your account or otherwise ended your relationship with us, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply (such as for taxation purposes). We may retain your contact details and interests in our products or services for a longer period of time if KARL STORZ is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
KARL STORZ SE & Co. KG
Dr.-Karl-Storz-Straße 34, 78532 Tuttlingen, Germany
Tel. +49 7461 708-0
The contact details of our data protection officer are as follows:
KARL STORZ SE & Co. KG
ATTN: KARL STORZ Data Protection Officer
Dr.-Karl-Storz-Straße 34, 78532 Tuttlingen, Germany
Tel. +49 7461 708-0