1. Data protection at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. You will find detailed information on the subject of data protection in our data protection declaration listed under this text.

This privacy policy applies to the website: excelsius-medical.de

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by, Excelsius Medical GmbH. Our contact details can be found in the website’s required legal notice.

How do we collect your information?

Your data is collected when you communicate it to us. This may be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit our website. These are mainly technical data (e.g. Internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected in order to ensure error-free provision of the website. Other data can be used to analyze user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of data protection. You also have the right of appeal to the competent supervisory authority.

Third-party analysis and tools

When you visit our website, surfing behavior can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.

When do we delete your data

The duration of the storage of personal data is determined by the relevant legal retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is necessary for contract fulfilment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer necessary for these purposes or if you make use of your right of revocation or objection.

2. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data are data with which you can be personally identified. This data protection declaration explains which data we collect and for what we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.

Note on the responsible party

The responsible body for data processing on this website is:

Operator of the website:

Excelsius Medical GmbH
Lina-Ammon-Str. 15, 90471 Nuremberg, Germany, info@excelsius-medical.com,       General Manager George Huang

Revocation of your consent to data processing

Many data processing processes are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing up to the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the event of breaches of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found on the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

The following contact person is responsible for our company:

The representative from the Bavarian department for data protection
Dr. Thomas Petri
Postfach 22 12 19
D-80502 München
or:
Wagmüllerstr. 18
D-80538 München
Telephone: 089/21 26 72-0
Fax: 089/21 26 72-50
Email: poststelle@datenschutz-bayern.de
Homepage: http://www.datenschutz-bayern.de

Right to data transferability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.

Information, blocking, deletion

You have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.

Objection against advertising mails

We herewith object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.
Contact details of our data protection officer:

Excelsius Medical GmbH
Data protection officer
Lina-Ammon-Str. 15, 90471 Nuremberg, Germany, info@excelsius-medical.com,       General Manager George Huang

4. Data collection on our website

Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

Cookies, which are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping basket function), are stored on the basis of Art. 6 paragraph 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for technically error-free and optimized provision of his services. As far as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these will be treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data are not combined with other data sources.

We collect the listed data to ensure a smooth connection establishment of the website and to enable a comfortable use of our website by the users. The log files are also used to evaluate system security and stability as well as for administrative purposes. The basis for data processing is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, these data may be temporarily stored by us. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. These data are not evaluated in anonymous form except for statistical purposes. These data are not combined with data from other data sources.

Brochure Download

On our website we offer the free download of product and advertising brochures for our laser systems. For this purpose, we collect payment terms and payment (when applicable), the email address and the country of the interested party in a form before the download. The offer is directed exclusively at commercial customers for the purpose of initiating a contractual relationship as well as for advertising information of our products. After entering the data, the interested party receives a download link by email, with which he can then download the documents.

The legal basis of data processing in the initiation of a contractual relationship is Art. 6 para. 1 lit. b GDPR. For general advertising purposes, Art. 6 para. 1 lit. f GDPR is the legal basis. Our legitimate interest results from the security of preventing misuse of our advertising material and enabling the download of brochures in the applicable language.

We store and use the data for advertising purposes until we receive an objection. If data is stored for contract fulfilment or contract initiation, it is deleted when the data is no longer required for these purposes. The statutory retention periods remain unaffected by this.

Registration in the portal

As a user of our products or as a sales partner you have the opportunity to register on our website in a closed portal and create a user profile. We collect and use the following personal data during registration and setup:

• First name, surname: Registering with our resource center requires the user to enter name and Surname and probable organization or company. This way we can ensure that the user has read and received the current document downloaded from our resource center. The user can always delete his account, when desired.
• User’s email address: We need the e-mail address for identifying the user account, when logging in. 
• Date and time of registration

Mandatory data provided for the purpose of registration are marked with an asterisk in the input mask as a mandatory field.

Your user account gives you the opportunity to receive our training and information offers from Customer Support and Technical Service, Sales and Marketing Support as well as Congresses and Events. In addition, you will always find the latest marketing materials such as brochures and videos, images and presentations.

As part of the registration process, we obtain your consent to the processing of your data. If consent is given, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the provision of the requested services.

Your data will be deleted as soon as the user account on our website is deleted and insofar as there are no legal storage obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a message to the responsible person named at the beginning.

As a user you have the possibility to cancel the registration at any time by deleting the created account. In this case all data will be deleted by us. Furthermore, you can change the data stored about you at any time. If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Links to other Internet sites or apps for downloading

If our website contains links to other Internet pages of Excelsius Medical or affiliated companies (e.g. to the website for experts) or to Internet pages of third party companies or offers apps for download, this data protection declaration does not apply. Please refer to the other websites or apps for information on the data protection regulations applicable there.

6. Analytics tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 Par. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both his website and his advertising.

IP anonymization

We have activated the IP anonymization function on this website. This will cause your IP address to be cut by Google within Member States of the European Union or in other countries party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

Data that is automatically collected and stored

As part of the measurement of activities on our website (performance measurement), Excelsius Medical may automatically collect the following data about your visit and temporarily store this data:

• Internet address of the website from which you linked to this website
• Internet Protocol (IP) address of your computer only in abbreviated form (exe. IP 123.456.789.xxx)
• Domain from which you use the Internet
• Date and time of connection to our website, duration and selection of pages visited
• If applicable, operating system and browser software of your computer

In compliance with the Performance Measurement Principles, Excelsius Medical is free to commission third parties to evaluate the collected data. But even here, Excelsius Medical never obtains information about the identity of a visitor. Third parties involved are required to observe the Excelsius Medical data protection standard, to transmit data in aggregated (e.g. merged) form and to use the collected data for the intended purpose and subsequently destroy it.

Browser plugin to deactivate Google Analytics (Google Analytics Opt-out Browser Add-on)

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Objecting to data collection by Google Analytics

As an alternative to the browser plug-in, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the deactivation link below. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. No new window opens, just click on this opt-out link:

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

7. Links to other Internet sites or apps for downloading

Within our online offer, we make no representations or warranties of any kind based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offerings of third parties to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as be linked to such information from other sources.

If our website contains links to other Internet pages of the Excelsius Medical group of companies (e.g. to the website for experts) or to Internet pages of third party companies or offers apps for download, this data protection declaration does not apply. Please refer to the other websites or apps for information on the data protection regulations applicable there.

10. Data protection information for applicants

Data protection information in the application process

We process the applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations in the context of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany § 26 BDSG additionally applies).

The application procedure requires that applicants provide us with their data. If we offer an online form, the necessary applicant data are marked otherwise result from the job descriptions and generally include personal data, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated within the scope of the application procedure, they are additionally processed in accordance with Art. 9 para. 2 letter b GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for the exercise of the profession).

If made available, applicants can send us their applications via an online form on our website. The data is encrypted and transmitted to us according to the state of the art.

Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend that you use an online form or the postal dispatch. Instead of using the online application form and email, applicants can still send us their application by post.

If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.

The deletion will take place after a period of six months, subject to a justified revocation by the applicant, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.