Data Protection Policy
1.1 This data protection policy and general information on data protection apply to all data processing activities carried out by ELvation Medical GmbH, Ludwig-Wolf-Str. 6, 75249 Kieselbronn, E-Mail: firstname.lastname@example.org as the Controller as defined in Art. 4 of the EU General Data Protection Regulation (“GDPR”). Our data protection officer, Mr. Frederic Reisser, can be contacted at email@example.com or by mail to our address, marked for the attention of the data protection officer.
1.2 The protection of your personal data – and particularly your personal rights when we process and use your information – is important to us. This document sets out how we collect personal data when you use our website. Personal data is all data that relates specifically to you as an individual, such as your name, address, email addresses, and user behaviors.
- Automated data collection and processing by your browser
2.1 Like all websites, our server automatically collects data provided by your browser and stores it temporarily in server log files, if you have not deactivated this function. If you wish to use our website, we will collect the following data from you to enable us to display our site to you and to guarantee the stability and security of our site (legal basis Art. 6 (1) f GDPR):
- IP address of the requesting computer
- File request of the client
- http status code
- Website you are visiting from (referrer URL)
- Time of server request
- Browser type and version
- Operating system installed on the requesting computer
The server log files are not analyzed in a way that would make you personally identifiable. The provider cannot identify specific individuals from this data at any point. This data is not merged with data from other sources.
2.2 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”) to enable us to analyze the use of and implement regular improvements to our website. The statistics generated via this service enable us to improve our offering and make our website more appealing for our users. Google Analytics uses “cookies”, which are text files stored on your computer to enable your use of the website to be analyzed. According to Google, cookies remain active for up to two years. After this point, they are automatically deactivated. The information generated by the cookie on your use of this website is generally transmitted to a Google server in the USA and stored there. We use Google Analytics with the “_anonymizeIp()” extension. This means that IP addresses are processed in a shortened form so that they cannot be traced back to specific individuals. If the data collected could be used to personally identify you, the extension excludes this information and the personal data is immediately deleted. On our behalf, Google uses the information to analyze the use of the website, to compile reports on website activity, and to provide other services in connection with website and internet use.
According to Google, the IP address provided by your browser as part of the Google Analytics service will not be merged with other data held by Google. For exceptional cases in which personal data is transmitted to the USA, Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can also configure your browser software to block the storage of cookies; however, please note that if you do this, you may not be able to use all of the features of our website, or the functionality of some features may be limited. You can also prevent the data generated by the cookie on your use of the website (incl. your IP address) from being recorded or processed by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent data from being recorded by Google Analytics by clicking on the following link. This action places an opt-out cookie on your computer, which will prevent your data from being recorded on future visits to this website: Deactivate Google Analytics.
2.3 Google Ads
This website also uses Google Ads to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that these advertisements can be displayed to users who are likely to have an interest in their content. This enables us to more effectively target our advertising for and within our online offering so that users are only shown advertisements that are likely to match their interests. If a user is shown, for example, advertisements for products that he or she has shown an interest in on other websites, this is referred to as “remarketing”. For this purpose, when you visit our website or other websites that use the Google Ads network, Google immediately runs a code and integrates so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) into the website.
The Google Ads network processes user data anonymously. This means that Google does not store or process data such as user names or email addresses, but processes the relevant data from specific cookies within anonymous user profiles. Google is therefore not managing or displaying advertisements to specific identified persons, but to the owner of the cookie, regardless of who that person is. This does not apply if the user has granted Google specific permission to process data without anonymization. The data collected on each user is transmitted to Google and stored on Google servers in the USA.
When you visit our website, Google will be informed that you have done so. To achieve this, Google uses a web beacon to place a cookie on your computer. The data described in clause 2.1 of this policy is transmitted. We have no control over the data collected and we do not know the full extent of the data collected nor how long this data is retained. Your data is transmitted to the USA and analyzed there. If you are logged in with your Google account, your data may be directly linked to your user information. If you do not want your data to be linked to your Google profile, you will need to log out. This data may be transferred to contractual partners of Google, third parties, and authorities. The legal basis for the processing of your data is Art. 6 (1) f GDPR.
You can prevent the installation of cookies by Google Ads in various ways: a) by configuring your browser software; in particular, rejecting third-party cookies will prevent any third-party advertisements from appearing; b) by deactivating targeted advertising from Google via https://www.google.de/ads/preferences; this setting is deleted if you delete your cookies; c) by deactivating targeted advertising from providers who are part of the self-regulated “About Ads” campaign via https://www.aboutads.info/choices; this setting is deleted if you delete your cookies; d) by permanently deactivating cookies in your Firefox, Internet Explorer, or Google Chrome browser at https://www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to use all of the features of this website, or the functionality of some features may be limited. Further information on the purpose and scope of data collection and processing, and further information on your rights in this regard and how you can configure your settings to protect your privacy, can be obtained from: Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; data protection terms for advertising: https://www.google.de/intl/de/policies/technologies/ads.
2.4 Facebook remarketing
The website also uses the remarketing function “Custom Audiences” provided by Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”). This means that users of the website may be shown targeted advertising (“Facebook Ads”) when they visit the social network Facebook or other websites also using the function. We use this function to show you advertisements that are of interest to you to make our website more appealing to you.
As a result of the marketing tool used (“Facebook Pixel”), your browser will automatically establish a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool. We do know that, through the integration of Facebook Custom Audiences, Facebook will be informed that you have visited websites that form part of our online presence or have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can link this visit to your account. Even if you are not registered with or are not logged into Facebook, there is a possibility that the provider may obtain and store your IP address and other identifying data.
The “Facebook Custom Audiences” function can be deactivated by logged-in users at https://www.facebook.com/settings/?tab=ads#_. Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy.
2.5 LinkedIn Insights
The website also uses the marketing function “Insights” provided by LinkedIn Inc., 2029 Stierlin Court, Mountain View, California, 94043, USA (“LinkedIn”). This means that users of the website may be shown targeted advertising when they visit the social network LinkedIn or other websites also using the function. We use this function to show you advertisements that are of interest to you to make our website more appealing to you.
To provide this service, LinkedIn uses “cookies”, which are text files stored on your computer to enable your use of the website to be analyzed. According to LinkedIn, cookies remain active for between 30 days and three months. As a result of the cookies used, your browser will automatically establish a direct connection with the LinkedIn server. We have no influence on the scope and further use of the data collected by LinkedIn through the use of this tool. We do know that, through the integration of LinkedIn Insights, LinkedIn will be informed that you have visited websites that form part of our online presence or have clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can link this visit to your account. Even if you are not registered with or are not logged into LinkedIn, there is a possibility that the provider may obtain and store your IP address and other identifying data.
The “LinkedIn Insights” function can be deactivated by logged-in users at https://www.linkedin.com/psettings/enhanced-advertising. Further information on data processing by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy. Information on the cookies used is provided at https://www.linkedin.com/legal/l/cookie-table.
- Collection and processing of data provided on a voluntary basis
3.1 General contact
When you share personal data with us by email or via our website (surname, name, email address, mail address), this is generally done on a voluntary basis. This data is used in the performance of your contract, to process your queries and orders, and to conduct our own market/opinion research and marketing by mail and email. We will not use this data for any other purposes; in particular, your data will not be transferred to third parties for advertising or market/opinion research. Data collected in this way will be deleted when it is no longer required; if a statutory retention period applies, we will restrict the processing of the data until it can be deleted. The legal basis for this is Art. 6 (1) b GDPR or Art. 6 (1) f GDPR.
With your consent, you can subscribe to our newsletter, which provides the latest news on offers that may be of interest to you. The goods and services advertised are specified in the declaration of consent.
We use a double opt-in procedure for users wishing to register for our newsletter. This means that, after you have registered, we send an email to the address you specify asking you to confirm that you wish to receive our newsletter. If you do not confirm your registration within 24 hours, your information will be locked and automatically deleted after one month. We also store the IP addresses you use and the times of your registration and confirmation. The aim of this process is to be able to prove your registration and investigate any possible misuse of your personal data that may occur in the future.
The only mandatory information you must provide to receive our newsletter is your email address. The provision of any additional, separately marked information is voluntary and is used by us to address you personally. Following your confirmation, we will store the data you have provided for the purpose of sending you our newsletter (the legal basis for this is Art. 6 (1) a GDPR).
You may revoke your consent to receive the newsletter and cancel your subscription at any time. You can revoke your consent by clicking on the link provided in each newsletter email or by sending an email to Communication@elvation.de.
3.3 Data processing for performance of the contract
Personal data of our customers, clients, interested parties, and other contractual partners (referred to collectively as “Contractual partners”) is processed in accordance with Art. 6 (1) b GDPR. This takes place within the framework of our contractual or pre-contractual services towards our Contractual partners. The data processed, and the type, scope, purpose, and the necessity of their processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our Contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers), as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history). We only process special categories of personal data if these are components of commissioned or contractual processing. This data will not be passed on to third parties, unless this is required to pursue our claims in accordance with Art. 6 (1) f GDPR or where there is a legal obligation in accordance with Art. 6 (1) c GDPR.
The data will be deleted when it is no longer required for the fulfillment of a contractual or legal duty of care or in connection with any warranty or other obligations. The need to retain the data will be checked every three years; in all other cases, the statutory retention periods apply.
3.4 Electronic applications
On our careers page, you can submit a speculative application or apply for a specific role by email. Your data (name, email address, contact information, application documents) will be processed only in connection with the relevant job advertisement (Art. 6 (1) b GDPR, § 26 German Federal Data Protection Act) or for other job advertisements where you have granted consent for us to do so (Art. 6 (1) a GDPR). If you grant your consent for us to process your application data, you may revoke this consent at any time.
Note on sensitive data: Application documents, including résumés, references, and other documents you provide to us, may contain sensitive information relating to your physical and mental health, race or ethnic origin, political opinion, religious or philosophical beliefs, trade union or political party memberships, or your sex life.
If you provide such information in your online application, you consent to us processing this data for the purposes of your application. This data will be processed in accordance with this data protection policy and other applicable legal regulations.
If your application is unsuccessful, the data provided will be deleted at the earliest three months after the end of the application process. This does not apply if we are not permitted to delete the data by law or if we are required to retain the data for evidence purposes or if you have agreed to a longer retention period.
- Transfer to third parties
4.1 If you have provided us with personal data, this data will not generally be transferred to third parties. The data will only be transferred:
- If you have provided your consent for us to do so (see clause 3.2). When we collect your data, you will be informed of the recipients or categories of recipients.
- To process your queries and orders and, in connection with the use of our services, to authorized subcontractors who will only receive the data required to provide their contracted service and will only use it for this purpose.
- To an external service provider contracted to provide data processing services in accordance with art. 28 GDPR. Such external providers are carefully selected by us and are required to follow our instructions and comply with the provisions of the GDPR; they are regularly audited by us.
- To fulfill legal obligations to bodies authorized to request information.
4.2 This website uses social plug-ins. Social plug-ins are web applications that connect this website to selected social networks. The social plug-ins are not directly integrated, but must be activated with a separate click. A connection to the social network is only established after the user activates the plug-in, regardless of whether or not you actually click on the social plug-ins. Through this connection, your IP address and user data for the social network in question will be transmitted to the social network. Further information on the social plug-ins used is provided in clause 6.
- Transient cookies (see 5.2)
- Persistent cookies (see 5.3).
5.2 Transient cookies are automatically deleted when you close your browser. Session cookies are one of the most common types of transient cookie. These cookies store a session ID, which is used to assign various requests from your browser to the same session. This enables us to recognize your computer when you return to our website. Session cookies are deleted when you log out or close your browser.
5.3 Persistent cookies are automatically deleted after a set period of time, which differs depending on the cookie. You can delete cookies at any time in your browser security settings.
5.4 You can configure your browser settings to suit your preferences, for example to accept third-party cookies or reject all cookies. Please note that you may not be able to use all of the features of this website if you reject all cookies.
- Social networks
Our website contains links to the social network YouTube. The following data protection information applies to these links:
To present our videos, we use the video service provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). The legal basis for this is Art. 6 (1) f GDPR.
Where YouTube videos are directly integrated into our website, the contents of the embedded videos are sent directly to your browser by email. At the same time, certain data from your browser is sent to YouTube. This occurs regardless of whether or not you click on the video. We have no influence on the scope of the data that YouTube collects in this way. According to the latest information we have received, YouTube collects the following data, in particular to display embedded YouTube videos:
- the page you visited on our website that contains the video,
- the data generally transmitted by your browser (IP address, browser type and version, operating system, time),
- for registered and logged in YouTube and Google users, your Google username.
Embedded YouTube videos can also be hidden by browser add-ons, which prevents YouTube from collecting any data. If you are logged into Google, your data will be directly linked to your account. If you do not want your data to be linked to your YouTube profile, you will need to log out before activating the button. YouTube stores your data as a usage profile and uses it for advertising, market research, and/or to optimize the design of its website. In particular, this kind of analysis takes place (even if you are not logged in) for the purpose of delivering targeted advertising and to inform other users of the social network of your activities on our website. You can object to the creation of this user profile by contacting YouTube.
- Retention period
Your data will only be used as long as necessary for the existing customer relationship, unless you have given us your consent or we have a legitimate interest in further processing. In such cases, we process your data until you revoke your consent or until you object to our legitimate interests. Regardless of this, we are obliged by regulatory, commercial, and tax law requirements to store your address, payment, and order data for a period of ten years.
- Your rights
8.1 In your relationship with us, you have the following rights with regard to your personal data:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
Please send your written request to ELvation Medical GmbH, Ludwig-Wolf-Str. 6, 75249 Kieselbronn, E-Mail: firstname.lastname@example.org ..
8.2 You also have the right to complain to a data protection supervisory authority about our processing of your personal data.