I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:
Kinesis Medical B.V.
5144 NV Waalwijk
Phone: +31 (0)85 303 4979
II. Name and address of the data protection officer
The controller’s data protection officer is:
Data Protection Officer
Nies van der Schansstraat 9
5161 CE Sprang-Capelle
We would like to provide you with the following notes and information regarding the way that we carefully protect your private details and the extensive level of confidentiality when handling your data:
III. General information on data processing
1. The scope of processing personal data
We generally only gather and use personal data from our users if this is necessary to make available a well-functioning website as well as our content and services. The collection and usage of our users’ personal data normally takes place only after users have provided their consent for this. An exception applies in those situations where it is impossible to obtain any consent in advance for practical reasons and where the processing of data is allowed by statutory provisions.
2. The legal basis for processing personal data
If we obtain consent from the persons concerned to process their personal data, Article 6 Para. 1 a) of the EU General Data Protection Regulation (GDPR) acts as the legal basis for this.
When processing personal data, which is necessary to complete a contract, in which the person concerned is a party to the contract, Article 6 Para. 1 b) of the GDPR acts at the legal basis for this. This also applies to processing procedures that are necessary to complete pre-contractual measures.
If it is necessary to process personal data to satisfy a legal obligation, to which our company is subject, Article 6 Para. 1 c) of the GDPR acts as the legal basis for this.
If absolutely essential interests of the person concerned or of a different natural person make it necessary to process personal data, Article 6 Para. 1 d) of the GDPR acts as the legal basis for this.
If the processing of the data is necessary to maintain a legitimate interest of our company or of a third party and if the interests, basic rights and basic freedoms of the person concerned do not override the interest that was first mentioned, Article 6 Para. 1 f) of the GDPR acts as the legal basis for processing the data.
3. Deleting data and storage period
The personal data of the person concerned shall be deleted or blocked as soon as the purpose of the storage has lapsed. Storage may take place beyond this if this has been envisaged by the European or national laws, in EU legal regulations, acts or other provisions, to which the controller is subject. Any blockage or deletion of data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data in order to sign an agreement or perform a contract.
IV. Making available the website and generating log files
1. Anonymous data collection
In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you come and the corporate websites that you visit. This information is assessed with the date and time details for internal statistical purposes related to advertising, website analysis and for designing our websites to meet needs. You remain completely anonymous as a user in this process. No pseudonymised user profiles are generated.
2. The legal basis for any processing of data
The legal basis for temporarily storing the data is found in Article 6 Para. 1 f) of the GDPR.
3. The purpose of processing data
The temporary storage of the IP address by the system is necessary in order to enable the website to be sent to the user’s computer. The user’s IP address must be stored for the duration of the session. Our legitimate interest in processing data is also found in Article 6 Para. 1 f) of the GDPR for these purposes.
4. The length of time that data is stored
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was gathered. When gathering data to make available the website, deletion occurs once the session in question has ended.
5. Opportunity to object and to have the data removed
The logging of data for making available the website and storing data in log files is absolutely necessary to operate the Internet site. There is therefore no opportunity for the user to object to this.
V. Using cookies
a.) Description and scope of the data processing
Cookies cannot do any damage to your computer. They do not cause any security risk in the sense of viruses or spying on your computer. You control how cookies are handled yourself. Please use the help function in your browser to allow, reject, view and delete them.
- language settings
- search terms that are entered
b.) The legal basis for processing the data
c.) The purpose of processing data
The purpose of using cookies that are required for technical purposes is to simplify the usage of the website for users. Some functions of our website are not available without using cookies. It is essential for them that the browser is recognised again after a change of site. We need cookies for the following applications:
- to take over language settings
The user data collected through the cookies required for technical purposes is not used to draw up any user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to see how the website is being used and we are then able to continually optimise our services. The following analysis cookies are used:
- to note search terms
Our legitimate interest in processing personal data for this purpose can be found in Article 6 Para. 1 f) of the GDPR.
d.) The length of time that data is stored and the opportunity to object and to have the data removed
VI. Contact form and email contact
1. Description and scope of managing the data
There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:
- your first name
- your surname
- your e-mail adress
- your telephone number (optional)
- your website (optional)
- the text of the message
Your consent to process the data is obtained as part of the sending procedure and reference is made to this data protection declaration.
Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.
No data is forwarded to third parties in conjunction with this. The data is exclusively used to process the conversation.
2. The legal basis for processing the data
Article 6 Para. 1 a) of the GDPR forms the legal basis for processing the data, provided that the user has given consent for this.
Article 6 Para. 1 f) of the GDPR forms the legal basis for processing the data that is transmitted when an email is sent. If the email contact is aimed at signing an agreement, Article 6 Para. 1 b) of the GDPR forms an additional legal basis for processing the data.
3. The purpose of processing the data
Any processing of the personal data from the input form is solely for the purpose of processing the first contact. If contact is made in the form of an email, there is also a legitimate and necessary interest in processing the data.
The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems.
4. The length of time that data is stored
The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.
The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.
5. Opportunity to object and to have the data removed
Users have the opportunity of cancelling their consent for the personal data to be processed at any time. If users make contact with us by email, they can object to any storage of their personal data at any time. If this is the case, the conversation cannot be continued.
All the personal data, which is stored as part of the contact making procedure, is then deleted in this case.
VII. Google Analytics
This website makes use of functions provided by the web analysis service known as Google Analytics. The provider of this is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics makes use of so-called “cookies”. They are text files that are stored on your computer and enable an analysis of the use of the website. The information generated by the cookie about your use of this website is normally sent to a server operated by Google in the USA and stored there.
a.) IP pseudonymisation
We have activated the IP pseudonymisation function on this website. This means that your IP address is abbreviated by Google within the member states of the European Union or in other signatory countries to the Agreement on the European Economic Area before being sent to the USA. The complete IP address is only sent to a Google server in the USA in exceptional cases before being abbreviated there. Google will use this information on behalf of the operator of this website in order to assess your usage of the website, to compile reports about the website activities and to enable the website operator to provide other services associated with the use of the website and the Internet. The IP address sent from your browser by Google Analytics is not combined with any other data held by Google.
b.) Browser plug-ins
You can prevent the cookies from being stored by making the appropriate setting in your browser software; however, we would point out that you may not be able to fully make use of all the functions of this website, if you do so. You can also prevent the logging of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google or Google’s ability to process this data by downloading and installing the browser plug-in that is available at this link: tools.google.com/dlpage/gaoptout
c.) Objecting to the logging of data
You can prevent the logging of your data by Google by clicking on the following link. This generates an opt-out cookie, which will prevent any of your data being logged during future visits to this website: tools.google.com/dlpage/gaoptout
You can obtain more information about how user data is handled at Google Analytics in Google’s data privacy declaration: https://support.google.com/analytics/answer/6004245?hl=en
d.) Contract data processing
We have signed an agreement with Google to cover contract data processing and fully implement the strict stipulations of the German data protection authorities when using Google Analytics.
e.) Demographic features with Google Analytics
This website uses the “demographic features” function within Google Analytics. This means that it is possible to generate reports that contain statements about the age, gender and interests of the visitors to the site. This data comes from Google’s advertising that is related to interests and from visitor data from third-party providers. This data cannot be assigned to any particular person. You can deactivate this function by using the advertising settings in your Google account at any time or generally prohibit the logging of your data by Google Analytics, as demonstrated in the paragraph on “Objecting to the logging of data”.
Our website makes use of functions from the LinkedIn network. The provider here is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time that you access one of our sites, which contains the LinkedIn functions, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our Internet sites with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our Internet site to you and your user account. We would point out that we as the provider of the sites do not know the content of the data that is transmitted or how LinkedIn uses this.
You can find more information on this in LinkedIn’s data privacy declaration at: https://www.linkedin.com/legal/privacy-policy
LinkedIn Insight Tag
The LinkedIn Insight Tag allows us to gather data about visits to our website, including the URL, referrer URL, IP address, device and browser properties, time stamp and pages viewed. This data is encrypted and then anonymised within seven days, and the anonymised data is deleted within 90 days. LinkedIn does not share personal data with us, it only provides summary reports about the website target group and ad performance. LinkedIn also provides a retargeting service for website visitors that allows us to use this data to show targeted adverts outside our website without identifying the member. LinkedIn members can manage the use of their personal data for advertising purposes in their account settings.
a) Purpose of data processing
The LinkedIn Insight Tag is used for the purpose of compiling detailed campaign reports and gathering information about visitors to our website, and thereby for the purpose of our advertising and marketing interests. As a customer of LinkedIn marketing solutions, we use the LinkedIn Insight Tag in order to track conversions, to carry out retargeting of our website visitors and to gather additional information about the LinkedIn members who see our adverts.
b) Legal basis for data processing
The legal basis for the processing of personal data is Article 6 Paragraph 1 Point f GDPR, that is a legitimate interest on our part. Our legitimate interest in this regard rests on the purposes outlined above.
c) Duration of storage
The data is encrypted, and then anonymised within seven days, and the anonymised data is deleted within 90 days.
d) Objection and deletion options / Opt-out
If you are a LinkedIn member and do not want LinkedIn to gather data about you via our website and link that data to LinkedIn data relating to your membership, you will need to log out of LinkedIn before you visit our website.
Additionala you can deactivate the cookie completely, regardless of being a LinkedIn member. To do so, please click here.
You can change your Twitter privacy settings in the account settings at https://twitter.com/account/settings.
X . The rights of people concerned
1. The right to information
You may request confirmation from the controller about whether we are processing any personal data related to you.
If this kind of processing is taking place, you can request information about the following details from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;
(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;
(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;
(6) the existence of a right to make a complaint to a supervisory authority;
(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;
(8) the existence of an automated individual decision-making facility, including profiling, according to Article 22 Para. 1 and 4 of the GDPR and – at least in these cases – clear information about the logics involved as well as the scope and the envisaged effects of this kind of processing for the person concerned.
You have the right to request information about whether the personal data related to you is being sent to a third country or to an international organisation. In this connection, you can demand that you are informed about the suitable guarantees according to Article 46 of the GDPR in connection with any transfer of data.
2. The right to correction
You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.
3. The right to restrict the data processing
You may demand restrictions on the processing of the personal data related to you in the following situations:
(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;
(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;
(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or
(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.
If any restrictions have been imposed on processing the personal data related to you, this data may only be processed with your consent – apart from storing it – or to assert, exercise or defend legal claims or to protect the rights of a different natural person or legal entity or for reasons justifying an important public interest for the Union or a member state.
If the restriction for processing the data has been limited in line with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. The right to deletion
a) The obligation to delete data
You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;
(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;
(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;
(4) the personal data related to you has been processed illegally;
(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;
(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.
b) Information forwarded to third parties
If the controller has published the personal data related to you and if it is obliged to delete it according to Article 17 Para. 1 of the GDPR, it shall adopt suitable measures, taking into account the available technology and the implementation costs, including those of a technical nature, to inform those responsible for processing the personal data that you, as the person concerned, have requested the deletion of all the links to this personal data or copies or replicas of this personal data.
There is no right to have the data deleted if the processing of the data is required:
(1) to exercise the right of free expression and information;
(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;
(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;
(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or
(5) to assert, exercise or defend legal claims.
5. The right to information
If you have asserted the right to have the processing of the data corrected, deleted or restricted by the controller, the latter is obliged to inform all the recipients, to which the personal data related to you has been disclosed, to have the data corrected or deleted or the processing of it restricted, unless this proves to be impossible or is associated with a disproportionate amount of effort and expense.
You also have the right to be informed about these recipients by the controller.
6. The right to data portability
You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if
(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and
(2) the processing of the data takes place using automated procedures.
When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.
The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.
7. The right to object
You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations.
The controller shall no longer process the personal data related to you, unless it can prove that there are compelling reasons needing to be protected for the processing of the data, which override your interests, rights and freedoms, or if the processing of the data is used to assert, exercise or defend legal claims.
If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing.
If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
You have the opportunity of exercising your right to object by means of automated procedures where technical specifications are used in conjunction with the use of information society services – regardless of Directive 2002/58/EC.
8. The right to cancel the declaration of consent under data protection law
You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.
9. Automated decision-making in an individual case, including profiling
You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – which takes legal effect with regard to you or significantly impairs you in a similar manner. This shall not apply if the decision
(1) is required to conclude or perform a contract between you and the controller,
(2) is permissible on the basis of legal stipulations in the Union or the member states, to which the controller is subject, and these legal stipulations contain appropriate measures to maintain your rights and freedoms and your legitimate interests or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data in line with Article 9 Para. 1 of the GDPR, if Article 9 Para. 2 a) or g) of the GDPR does not apply and appropriate measures to protect the rights and freedoms and your legitimate interests have been adopted.
As regards the cases cited in paragraphs (1) and (3), the controller shall adopt appropriate measures in order to maintain the rights and freedoms as well as your legitimate interests, which must at least include the right to enable the intervention of a person with the controller to outline your own point of view and to contest the decision.
10. The right to lodge a complaint to a supervisory authority
Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.
The supervisory authority, to which the complaint was lodged, shall inform the person lodging the complaint about the status and the results of the complaint, including the possibility of judicial remedies in line with Article 78 of the GDPR.
If you have a question about data protection at Kinesis Medical, please contact us.