Data Privacy Policy

Information on data processing according to Art. 13 and 14 General Data Protection Regulation (GDPR)

We care about the protection of your personal data and your privacy. For this reason, we will inform you in the following about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them and the data protection claims and rights to which you are entitled. When we subsequently talk about data, we mean your personal information. This is all the information that identifies you as a person, directly or indirectly.

Please read the following information carefully.

About this Policy

This policy explains when and why we collect personal information, how we use it and how we keep it secure and your rights in relation to it. We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you. We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check our website (www.stiwell.medel.com) regularly for any amendments (but amendments will not be made retrospectively). We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the "controller" of all personal data we hold about you.

Who is responsible for data processing?

MED-EL Elektromedizinische Geräte Gesellschaft m.b.H. | Business Unit Neurorehabilitation STIWELL
Fürstenweg 77a
6020 Innsbruck
Österreich
Tel.: +43 5 77 88
Tel.: +43 5 77 88 56 52
stiwell@medel.com

The responsible data protection officer can be contacted directly:

privacy.at@medel.com

oder

MED-EL Elektromedizinische Geräte GmbH
z.Hd. Datenschutzbeauftragter
Fürstenweg 77a
6020 Innsbruck
Austria

Which data are being processed and from which sources does this data come from?

We process personal data that we receive from you in the course of the business relationship. In addition, we process personal data that we receive from third parties and/or public accessible sources (eg business register, register of associations, country register, press, media) in a permissible manner (eg for the fulfillment of orders / contracts, fulfillment of legal obligations or consent granted by you).

Your personal data includes in particular:

  • Name
  • Contact information including e-mail address and phone numbers
  • Demographic information such as postal code, geographic location, preferences and interests
  • Data for direct invoicing to health insurance companies (STIWELL rental)
  • Data for the individual configuration of your STIWELL device
  • Further information that is needed to provide our services
  • Other information relevant to market research studies
  • IP-Adress
  • Usernames and Passwords for protected areas of the website
  • For job applications, in addition to name and contact details, the personal data you provide, training, further knowledge and qualifications, earlier employers and sent documents such as CV, certificates, etc.

For what purposes and on what legal basis is your data being processed?

We process your personal data in accordance with the data protection regulations (DSGVO and the Data Protection Act (DSG) in the current version).

 

Who receives your data?

Within MED-EL Elektromedizinische Geräte Gesellschaft m.b.H | Business Unit Neurorehabilitation STIWELL, only those departments or employees receive your data, as far as they need it for processing for the corresponding purposes. In addition, commissioned by us processors (IT service providers, printing services, marketing, etc.) receive your data, if they need the data to fulfill their respective performance. All processors have been carefully selected and take appropriate technical and organisational measures to ensure that your data is processed in accordance with data protection obligations and that your rights are protected. Above all, contract processors are not permitted to use your personal data for their own purposes. With regard to a transfer of data to other third parties, we point out that such a transfer is made only on the basis of a valid legal basis and for pre-determined purposes.

Update

The updating of your personal data takes place primarily on the basis of your direct feedback or change notices to us. However, updating is also possible due to information from third parties or the use of publicly available information.

How long will your data be stored?

We process your personal data, as far as necessary, for the duration of our business relationship (initiation, processing and termination of a contract) as well as in accordance with the statutory storage and documentation obligations arising from the Austrian Commercial Code (UGB) and the Federal Tax Code (BAO) or to assert, exercise or defend legal claims. In addition, the storage period is also judged by the statutory limitation periods, which may be, for example, under the General Civil Code (ABGB) usually 30 years, in some cases, but only 3 years. Basically, your data will therefore be deleted after complete execution of the contract, revocation of your consent or your objection, if the storage for the fulfillment of a legal obligation or for the establishment, exercise or defence of legal claims is not required. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved any further data processing that is permitted by law. There is the possibility that anonymisation of the data is carried out instead of a deletion. In this case, any personal reference is irretrievably removed, which is why the data protection cancellation obligations no longer apply. In this case, no personal reference can be restored.

Your rights

Under the GDPR you have the following rights:

  • Right of access - Art. 15 GDPR:
    The right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access to the personal data;
  • Right to rectification - Art. 16 GDPR:
    The right to obtain without undue delay the rectification of inaccurate personal data concerning yourself;
  • Right to erasure ('right to be forgotten') - Art. 17 GDPR:
    The right to obtain the erasure of your personal data concerning yourself without undue delay;
  • Right to restriction of processing - Art. 18 GDPR:
    The right to obtain restriction of processing of your personal data;
  • Right to data portability  - Art. 20 GDPR:
    The right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance;
  • Right to object  - Art. 21 GDPR:
    The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 (1) lit. e) or f) GDPR.

Should you wish to access your information, change your contact preferences, or raise any questions or concerns about this privacy policy or how we handle your personal information, please email privacy.at@medel.com oor contact the Business Unit Neurorehabilitation STIWELL: stiwell@medel.com Although we will strive to address any questions or concerns you may have, if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria the data protection authority is responsible.

Is there an obligation to provide data?

As part of the business relationship, you only need to provide the personal information that is required to establish and conduct the business relationship or that we are required to collect by law. You are also required to notify us of any changes in your data. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the contract or an existing contract can no longer be performed and consequently terminated.

Is my data used for automated decision making including profiling?

We do not use automated decision-making according to Art. 22 GDPR.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

About cookies on this website

In order to offer you an optimal user experience (e.g. your preferred language or page settings), we use cookies to save your login data, to ensure secure login, to collect statistical data to optimize website functions and to provide you with tailored content. Cookies are also important for the correct functioning of our website.

Click on „Accept all Cookies“, to accept all cookies and navigate directly to the website; or click on „Cookies Settings“, to get a detailed description of the types of cookies we use and to decide whether certain cookies should be saved.

We use the following providers for the improvement and optimal operation of our website:

 

This Policy was last updated in December 2020.