個人情報保護方針

Effective as of Oct 15, 2018

1. General

The protection of your personal data is very important to us. At this point, we would like to inform you about data protection in our company. Your personal data will solely be used within statutory data protection regulations, such as the General Data Protection Regulation (GDPR) or the new Federal Data Protection Act (BDSG). Our employees and agents are obliged to comply with data protection regulations. Below you will find information about the nature, scope and purpose of the collection and use of your personal data and your rights. These notes can be accessed at any time on the internet at https://www.brainlab.com/privacy-policy/.

2. When you visit our website

2.1  Scope of data collection and storage


Ser. Nr. Data Purpose Legal basis
1. Browser data (date and time of access, URL (address) of the referring website, accessed file, amount of transmitted data, browser type and version, operating system, IP address) Connecting to the website Art. 6 Sec. 1 lit. f GDPR
2. web analytics data * Audience measurement, website optimization, interest-based advertising, retargeting Art. 6 Sec. 1 lit. f GDPR

* web analytics

To continually improve and optimize our website content and usability, we use analytics technologies from Google LLC, Facebook Inc., Twitter Inc., LinkedIn, Yandex N.V. and WordPress. The session and interaction data of the website visitors are collected and statistically evaluated. Cookies are used for this purpose. The session and interaction data are never processed in personalized form, but only anonymously.

In part, analysis data is transmitted to and stored on a server of the respective analytics service in a Member State of the EU or in a third country outside the EU (for example in the USA). The information may be transferred to third parties, if this is legally permissible or if third parties process this data on behalf of our service provider. Neither we nor the web analytics services will associate your IP address with any other data stored by us or the service provider. The website uses the following analytics services:

  • Brainlab/Wordpress

    Maintains the states of the user on all page requests.

  • Google Tag Manager

    Google Tag Manager does not collect personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. We use the Google Tag Manager for all services listed in section 2.1 below. If you’ve opted out, Google Tag Manager will consider that opt out. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/.

  • Google Analytics

    This website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, California 94043, USA). The IP Anonymization feature in Google Analytics sets the last octet for IPv4 user IP addresses and for the last 80 bits in memory for IPv6 addresses to zero, just after being sent to the Analytics data collection network for collection. In this case, the full IP address will never be written to disk. Further information on anonymization can be found here: https://support.google.com/analytics/answer/2763052.

  • Google AdWords und Conversion Tracking

    We use the Google AdWords online advertising program and Google AdWords conversion tracking. Google Conversion Tracking is an analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”):

    To promote our services, we run Google Adwords ads using Google Conversion Tracking for personalized, interest-based, and location-based online advertising. The option to anonymize the IP addresses is controlled by the Google Tag Manager via an internal setting, which is not visible in the source of this page. This internal setting is set so that an anonymization of the IP addresses is achieved. Ads appear after searches on Google Network sites. We have the opportunity to combine our ads with specific keywords. Cookies allow us to serve ads based on previous visits by a user to our website.

    When an ad is clicked, Google places a cookie on the user’s computer. For more information on the cookie technology used, please refer to Google’s Guidance on Website Statistics and Privacy Policy.

    Using this technology, Google and we as a customer receive information that a user has clicked on an ad and has been redirected to our websites. The information obtained here is used exclusively for a statistical evaluation for ad optimization. We do not receive any information that personally identifies visitors. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, if applicable, whether they have been redirected to a conversion-tagged page of our website. Based on these statistics, we can understand which search terms were used most often on our ad and which ads lead to contact via the contact form by the user.

    If you do not want this, you can prevent the storage of the cookies required for these technologies, for example through the settings of your browser. In this case your visit will not be included in the user statistics.

    You also have the option of selecting the types of Google ads or disabling interest-based ads on Google using the ad settings. Alternatively, you can disable the use of third-party cookies by calling the network advertising initiative’s opt-out help.

    However, we and Google continue to receive statistical information on how many users visited this page. If you also do not want to be included in these statistics, you can prevent this with the help of additional programs for your browser (for example with the add-on Ghostery).

  • Google Dynamic Remarketing

    On our website we use the dynamic remarketing feature of Google AdWords. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website.

  • Google DoubleClick

    We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to serve user-based ads. The cookies recognize which ad has already been displayed in your browser and whether you have accessed a website via a switched ad. The cookies do not collect any personal information and cannot be associated with such information.

    If you do not want to receive user-based advertising, you can disable the delivery of ads using Google’s Ads Preferences.

    You can read more about how Google uses cookies in Google’s privacy policy.

  • Facebook Tracking Pixel

    With the Facebook Pixel, the behavior of users can be tracked, after they have been redirected to the website of the provider by clicking on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help to optimize future advertising efforts. The data collected is anonymous to us, so they do not provide us with any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage directive (https://www.facebook.com/about/privacy/). You can enable Facebook and its affiliates to display ads on and off Facebook. A cookie may be stored on your computer for these purposes. Facebook is able to link the data to your Facebook account and use the data for its own promotional purposes, in accordance with Facebook’s privacy policy at: https://www.facebook.com/about/privacy/. Brainlab uses this tracking pixel only on the career subpages.

  • Yandex Metrica

    Registers a unique ID that is used to generate statistical data about how the visitor uses the site.

  • Twitter Analytics
    Twitter Conversion Tracking

    Collects anonymous data about user visits to the site, such as the number of visits, the average time spent on the website, and which pages were loaded to personalize and improve the Twitter service.

    Twitter Advertising

    Collects anonymous data about user visits to the website, such as the number of visits, the average time spent on the website, and which pages were loaded to personalize and improve the Twitter service.

  • LinkedIn Analytics / LinkedInAds

    Used by the social networking service LinkedIn for tracking the use of embedded services.

The duration of the used cookies is limited to max. 14 months, unless otherwise stated below. A cookie is a small text file that allows a website to recognize a browser. Cookies are stored in a text file on the computer and retrieved and read the next time the web server is contacted. As a user, you can use your browser settings to decide for yourself whether and which cookies you want to allow, block or delete. You can find instructions for your browser here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also use so-called adblockers, such as Ghostery.

However, the collection and storage of data for the purpose of website optimization can also be objected to at any time with future effect via the following opt-out link http://www.youronlinechoices.com/de/praferenzmanagement/. Use the link above to manage your preferences for usage-based online advertising. If you object to a usage-based online ad using the preference manager, it will only apply to the specific business data collection from the web browser you are using. The preference management is cookie-based. Deleting all browser cookies also removes the preferences you set with the preference manager.

If you want to deactivate Google Analytics, you can alternatively also download a corresponding add-on for your web browser at: https://tools.google.com/dlpage/gaoptout.

For US Residents: Except as otherwise specified in this Privacy Policy, Brainlab does not alter the practices detailed herein based upon your selection of the “do not track” setting or other “opt out” setting or feature that may be offered by your browser; however, Brainlab reserves the right to do so in the future.

2.2 Pursued legitimate interests, provided legal basis is Art. 6 Sec. 1 lit. f GDPR

See purpose in Section 2.1

2.3 Source, unless the data was collected from the data subject

Sec. 2.1 Ser. No. Source
1 and 2 Terminal device of the user

2.4 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is the limited usability of the website.

There is no automated decision-making including profiling according to Art. 22 GDPR.

3. Product information

You may contact us for information about products or services via the product information form.

3.1  Scope of data collection and storage

Ser. Data Purpose Legal Basis
1 Contact form data (first name, last name, telephone number, e-mail address, country, postal code, message, consent data) Processing and answering the contact, information on products and services * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

3.2 Pursued legitimate interests, provided legal basis is Art. 6 Sec.1 lit. f GDPR

See purpose Sec. 3.1

3.3 Source, unless the data was collected from the data subject

Sec. 3.1 ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.

3.4 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide you with the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

Clinical Research

You have the opportunity to contact us for a clinical trial with Brainlab products via the Clinical Research Form.

4.1  Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (first name, last name, e-mail address, country, institution, message, consent data) Processing and answering the contact * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

4.2  Pursued legitimate interests, provided that legal basis is Art. 6 Sec. 1 lit. f GDPR

See purpose in Sec. 4.1

4.3 Source, unless the data was collected from the data subject

Sec. 4.1 ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

4.4 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide you with the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

5. Customer locations

You can contact us to make an appointment for a customer location visit using the Reference Locations form.

5.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (first name, last name, telephone number, e-mail address, country, postal code, institution, message, consent data) Processing and answering the contact to make an appointment* Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

5.2 Source, unless the data was collected from the data subject

Sec. 5.1 ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

5.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

6. Press releases

You can subscribe to up-to-date press information via the Press Releases form.

6.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (first name, last name, publisher, media title, e-mail address, country, consent data) Processing and answering the contact, sending current press releases * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

6.2 Source, unless the data was collected from the data subject

Sec. 6.1 Ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

6.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

7. Newsletter registration

You can register for news about current publications on our blog by using the newsletter registration form.

7.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (title, first name, last name, institution, e-mail address, function, consent data) Submission of blog articles, information on products and services * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

 * Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

7.2 Source, unless the data was collected from the data subject

Sec. 7.1 Ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.

7.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is hat we cannot provide the requested information. There is no automated decision-making including profiling according to Art. 22 GDPR.

8. General contact

You can contact us for any kind of request via the general contact form.

8.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (first name, last name, e-mail address, message, consent data) Processing and answering the contact * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

8.2 Source, unless the data was collected from the data subject

Sec. 8.1 Ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

8.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

9. Event date

You can make an appointment for an event via the event date form.

9.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Contact form data (first name, last name, e-mail address, message, consent data) Processing and answering the contact for making an appointment * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

9.2 Source, unless the data was collected from the data subject

Sec. 9.1 Ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.

9.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot arrange an appointment for an event.

There is no automated decision-making including profiling according to Art. 22 GDPR.

10. Event registration

You can register for an event.

10.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1 Registration form data (title, first name, last name, institution, function, e-mail address, bill recipient, billing address, consent data) Processing and answering the registration for the event, creation of personalized participant documents * Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

10.2 Source, unless the data was collected from the data subject

Sec. 10.1 Ser. No. Source
1 IP address, server log file: Terminal device of the user, time, URL

10.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is hat you cannot register for the event.

There is no automated decision-making including profiling according to Art. 22 GDPR.

11. Applications

You can apply for a job via the career portal. Your personal data will be processed as follows:

11.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis
1
  • contact information (e.g.: address, telephone number, e-mail address)
  • CV data (e.g.: education, vocational training, work experience, language skills)
  • Profiles in social networks (e.g.: Xing, LinkedIn, Facebook)
  • documents related to applications (e.g.: application photo, cover letter, certificates, supporting documents)
Recruiting Para. 26 Abs. 1 S. 1 Federal Data Protection Act – BDSG
2 Browser data (date and time of access, URL (address) of the referring website, retrieved file, amount of data sent, browser type and version, operating system, IP address) Connecting to the website Art. 6 Sec.1 lit. f GDPR

11.2 Pursued legitimate interests, provided legal basis is Art. 6 Sec.1 lit. f GDPR

See purpose in Sec. 5.1

11.3 Source, unless the data was collected from the data subject

Sec. 5.1 Ser. No. Source
2 IP address, server log file: Terminal device of the user, time, URL

11.4 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that the job application of the user cannot be taken into account in the recruiting process and the user cannot be recruited.

There is no automated decision-making including profiling according to Art. 22 GDPR.

12. Transfer of personal data

Your personal data may be transferred to the following recipients:

Recipients or categories of recipients

Transfer to public authorities or by court order

At the request of the competent authorities, we must provide information on personal data (inventory data) on a case-by-case basis for the purpose of law enforcement, security, compliance with the statutory functions of the constitutional protection agencies or the Military Shielding Service or for the enforcement of intellectual property rights.

Waiver of social plugins

We waive the integration of social plugins in our website to protect your privacy when visiting our website. We have only integrated graphic links from social network providers (e.g. www.facebook.com) into our website. This means that your browser is not initially able to establish a direct connection with the server of the social network provider. For information on how to deal with your personal data when using this website, please refer to the respective privacy policy of the provider. Brainlab AG assumes no liability for the privacy policies and procedures of the linked sites.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

For anonymised data for Google Analytics und for Conversion Tracking, see above. Google is subject to the EU-US. Privacy Shield. Existing EU-US Privacy Shield certifications can be viewed at https://www.privacyshield.gov/list. The Implementing Decision (EU) 2016/1250 of the EU Commission of 12 July 2016 recognizes the level of protection of the EU US Privacy Shields as equivalent to the level of protection of the Union.

Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA

Facebook is subject to the EU-US. Privacy Shield. Existing EU-US Privacy Shield certifications can be viewed at https://www.privacyshield.gov/list. The Implementing Decision (EU) 2016/1250 of the EU Commission of 12 July 2016 recognizes the level of protection of the EU US Privacy Shields as equivalent to the level of protection of the Union.

softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin *

schalk&friends – Agentur für digitale Lösungen GmbH, Lindwurmstraße 124, 80337 Munich

Brainlab Corporate Services GmbH, Olof-Palme-Straße 9, 81829 Munich

Brainlab Sales GmbH, Olof-Palme-Straße 9, 81829 Munich

Brainlab Ltd. (UK), Regus House, 1010 Cambourne Business Park, Cambourne, Cambridge, CB36DP, UK

Brainlab Ltd. (Israel), 35 Efal Street, Petach-Tikva, 4951132, Israel

Brainlab Italia s.r.l., Via Monte di Pietá 21, 20121 Milano, Italy

Succursale de Brainlab Sales GmbH (F), Tour Ariane 5, Place de la Pyramide, 92088 Paris La Défense Cedex, France

Brainlab, Inc., 5 Westbrook Corporate Center, Suite 1000, Westchester, IL 60154 USA

Brainlab Ltda., Avenida Angélica, nº 2.071, conj. 41, CEP 01227-200, Consolação São Paulo, Brazil

Brainlab Beijing, Medical Equipment Trading Co., Ltd, Unit B9-1, Guanghualu SOHO2 No.9 Guanghua Road, Chaoyang District, Beijing 100020, China

Brainlab Ltd. Unit 2102, 21/F, The Hennessy, 256 Hennessy Road, Wan Chai, Hong Kong

Brainlab Médica, S.L. Plaza Ángel Carbajo, 6, Entresuelo Izquierda, 28020 Madrid, Spain

Brainlab India Pvt. Ltd., #411 Time Tower, M G Road, Gurgaon-122002, Haryana, India

Brainlab K.K., Tamachi East Bldg. 2F, 3-2-16 Shibaura, Minato-ku, Tokyo 108-0023, Japan

Brainlab Ltd. (Malaysia), Level 36, Menara Citibank 165 Jalan Ampang 50450 Kuala Lumpur, Malaysia

Brainlab Australia Pty. Ltd., Suite 1, Building 1, 14 Aquatic Drive, Frenchs Forest, NSW 2086, Australia

Brainlab Ltd. (Seoul Branch), Unit 704, 7th Floor Shinwon Plaza Building, 85 Dokseodang-ro, Yongsan-Gu, Seoul 04419, Republic of Korea

Brainlab Ltd. (Singapore Branch), 73 Upper Paya Lebar Road #04-01, Centro Bianco, Singapore 534818

Bainlab Sales GmbH (Dubai Branch), Dubai Airport Free Zone, Building: 5WB, Office: 151, Dubai, UAE

In some cases, we also use service providers for hardware maintenance, software maintenance and provision of technical services, which may then come into contact with your data.

* Transfer to this recipient will only be made if you have consented thereto.

Your personal information will only be disclosed to affiliates and service partners, provided that they act on our behalf and assist us in providing our services. Processing of your personal data by service providers commissioned by us takes place within the scope of a processing on behalf acc. to Art. 28 GDPR. The aforementioned service providers only have access to personal information required to perform the respective activity. These recipients are prohibited from using personal information for other, in particular for their own advertising purposes. Insofar as external service providers come into contact with personal data, we have ensured through legal, technical and organizational measures as well as through regular inspections that these too comply with the applicable data protection regulations.

There is no transfer of your personal data to third parties for purposes other than those listed. We only share your personal information with third parties if:

  • you have given your explicit consent,

  • the transfer is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,

  • in the event that there is a legal obligation to disclose or

  • it is permitted by law and is required for the execution of contractual relationships with you.

13. Transfer of personal data to third countries

In this context, we transfer personal data to the third countries listed above. In order to ensure an adequate level of data protection in these third countries either adequacy decisions of the EU Commission1 or adequate and appropriate guarantees exist in the form of:

  • EU-U.S. Privacy Shield Certification2

  • Standard data protection clauses of the Commission (EU standard contract clauses)6

1Further information on the recognition of safe third countries can be found on the website of the EU-Commission.. 2Present US-US Privacy Shield Certifications can be viewed at https://www.privacyshield.gov/list. The The Implementing Decision (EU) 2016/1250 of the EU Commission of 12 July 2016 recognizes the level of protection of the EU-US Privacy Shield as equivalent to the Union’s level of protection.3 We will provide you with a copy upon request.

14. Duration of Storage

WWe process and store your personal data in as far as necessary for the duration of our business relationship, which includes, for example, the initiation and execution of a contract and the regular limitation period of three years to defend against or assert legal claims.

In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (HGB) or the Tax Code (AO). The retention periods specified therein are six to ten years. During this time, the processing of the data is limited. The retention obligation begins at the end of the calendar year in which the offer was made or the contract was fulfilled. For example, commercial or tax-relevant accounting documents are kept for ten years and contract and tax-relevant documents for at least six years.

In legal matters supervised by lawyers, the related data are stored for at least six years; for enforcement titles, the retention period can be up to thirty years due to the statute of limitations.

Applicant data will be retained for six months in the event of recruitment or rejection, unless you have explicitly given us your consent to store your data for a longer period. At the end of this period, the data will be anonymised in order to be available for later statistical evaluations.

IP addresses are usually temporarily stored for connection, if we also use them for website optimization or for advertising purposes, they are immediately anonymized and processed only anonymously. The duration of used cookies is limited to 14 months.

15. Rights

You have the right

  • pursuant to Art. 15 GDPR to request information about your personal data processed by us;

  • pursuant to Art. 16 GDPR to demand the rectification of inaccurate or the completion of incomplete personal data stored by us;

  • pursuant to Art. 17 GDPR to demand the deletion of your personal data stored by us;

  • pursuant to Art. 18 GDPR to obtain the restriction of the processing of your personal data

  • pursuant to Art. 20 GDPR to receive your personal data, you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller;

  • pursuant to Art. 21 (i), under certain conditions, to object to the processing of your personal data based on Art. 6 Sec. 1 lit. e GDPR (in the public interest) or pursuant to Art. 6 Sec. 1 lit. f GDPR (for safeguarding a legitimate interest), or (ii) to object to the processing for direct marketing purposes;

  • pursuant to Art. 7 Sec. 3 GDPR to withdraw a consent once given to us at any time. This also applies to the withdrawals of consents that were given to us prior to the entry into force of the General Data Protection Regulation, ie before 25 May 2018. As a result, we will not be allowed to continue the processing based on this consent for the future without affecting the legality of the processing carried out on the basis of the consent until the withdrawal;

  • pursuant to Art. 77 GDPR lodge a complaint with a supervisory authority.

For asserting the statutory data subject rights and for all other questions about data processing, please write to the address of Brainlab AG listed below or send an e-mail to [email protected]. The exercise of your above rights is free of charge for you.

For US Residents: You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications.

Notice to California Residents: The California Civil Code permits California residents to request that we not share your Personally Identifiable Information with third parties for their direct marketing purposes. If you are a California resident, you may contact [email protected] to request information regarding whether and how we share personally information with third parties for their direct marketing purposes and/or to request that such information not be shared with third parties for such purposes.

16. Contact details of the controller and the data protection officer

Controller Legal representatives Data protection officer

Brainlab AG

Olof-Palme-Straße 9

81829 Munich

Chairman of the supervisory board:

Dietrich von Buttlar

Board of Directors

Stefan Vilsmeier (CEO)
Rainer Birkenbach
Jan Merker

Katharina Ruhenstroth

c/o intersoft consulting services AG

Beim Strohhause 17

20097 Hamburg

www.intersoft-consulting.de

17. Changes to the privacy policy

We reserve the right to change or amend this Privacy Policy at any time in accordance with applicable data protection laws.

For inquiries, please contact[email protected].

Additional Policies for US Residents:

Governing Law

If you are a resident of the United States, any dispute between you and Brainlab arising out of or relating to this Privacy Policy, the website or its content shall be governed by, and will be construed in accordance with, the laws of the States of New York, without regard to choice of law principles. You irrevocably agree that the courts located in or for the State of Illinois, Cook County, are the sole and exclusive forum and venue for any dispute, as the most convenient and appropriate to address any disputes, and you agree to submit to the jurisdiction and venue of such courts.

Use and Transfer of Non-Personally Identifiable Information

“Non-Personally Identifiable Information” refers to data stored anonymously in a protocol file, collected by cookies or similar technology, as well as information collected by Google Analytics, AdWords and Brainlab’s display networks, and any other information that does not personally identify the individual to whom the information relates, such as information that is aggregated by Brainlab or a third party, or information that is not linked to personally identifiable information of an individual.

In addition to the uses discussed above, Brainlab may use and share non-Personally Identifiable Information in a variety of ways so long as Brainlab uses such information in its de-identified form. These uses may include, without limitation, uses for website administration; analysis of website trends and how the site is used; improving navigation of the site; analysis of the performance of the website and diagnosis of problems; improving the services we offer; analysis and developing advertisements and advertising campaigns; analysis of website user demographics, interests and preferences.

Brainlab also may use your non-Personally Identifiable Information to present you with targeted content and advertisements (including on third party websites and apps) based on your past visits to the website and your non-Personally Identifiable Information collected over time by us and third parties, optimize and determine the effectiveness of content and advertisements, analyse your interactions with content and advertisements, and how those interactions relate to your visits to the website. Some of our third party partners may participate in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioural Advertising and allow consumers the ability to opt-out of targeted advertising based on web activity tracking. For more information regarding the foregoing, please Click here or visit http://www.aboutads.info/choices/. Please note that even if our third party partners participate in this program and you opt-out of targeted advertising based on web activity tracking, you still may receive standard advertisements from us and targeted advertisements from third parties. You may need to re-click the link and follow the instructions provided therein if you delete cookies or similar technology or use a different computer, device or browser.

Children

Brainlab will not knowingly collect, use or disclose any information submitted by children under the age of majority in the jurisdiction where they reside. Parents are encouraged to educate their children about their use of the Internet, and particularly about security issues regarding the disclosure of personally identifiable information to websites.

Links

You may have the opportunity to follow links on the website to other sites that may be of interest to you. Neither Brainlab nor its affiliates are responsible for the privacy practices of any other sites or the content provided thereon. Therefore, the privacy policies with respect to other sites may differ from those applicable to the website. We encourage you to review the privacy policies of each other site.

No Medical Advice

Brainlab is not a healthcare institution or medical facility and neither Brainlab nor the website provides any medical advice. You are solely responsible for all medical decisions, including any diagnosis, use of medical professionals, treatment or treatment plan, made by you as the result of the use of the website or any communications with Brainlab, regardless of any referral or suggestion made by Brainlab.

Changes to this Privacy Policy

Any revisions to this Privacy Policy will be effective immediately upon posting. Any material changes in the manner that we use personally identifiable information will apply only to information collected thereafter, unless we provide notice or have other communications with you, e.g. with a pop-up cookie notification banner. Each time you access, use, or browse the website, provide information to Brainlab online, or click on Brainlab’s digital advertisements on third party websites or applications, you signify your acceptance of the then-current Privacy Policy. If you do not accept this Privacy Policy, you are not authorized to access, use or browse the website, to provide information to Brainlab, or to click on Brainlab’s digital advertisements on third party websites or applications.

個人情報保護方針

第2.0版
2019年4月1日
ブレインラボ株式会社
代表取締役社長 松村 友隆

ブレインラボ株式会社(以下「当社」といいます。)は医療機器販売及び保守管理を核とした事業活動を通じて取得したお客様及びお取引先、また当社従業員の個人情報(氏名、性別、電話番号、Eメールアドレスなど個人に関する情報であって、当該情報に含まれる内容により、又は複数の情報を組み合わせることにより、特定の個人を識別できることとなるものをいいます。以下同じ。)を確実に保護することを、当社の重要な社会的責務と認識しております。当社は次の事項を含むこの個人情報保護方針及び「個人情報の取扱いについて」(以下、併せて「本方針等」といいます。)を定め、これを実施し、かつ、維持することを宣言いたします。

1. 当社は、すべての事業で取扱う個人情報及び従業員等の個人情報の取扱いに関し、「個人情報の保護に関する法律」をはじめとする個人情報の取扱いに関する法令、国が定める指針その他の規範を遵守いたします。さらに、日本工業規格「個人情報保護マネジメントシステム―要求事項」(JIS Q15001)に準拠した個人情報保護マネジメントシステムを策定し、個人情報を保護いたします。

2.当社は、個人情報の取得、利用にあたっては、その利用目的を特定することとし、特定された利用目的の達成に必要な範囲を超えた個人情報の取扱い(目的外利用)はいたしません。また、目的外利用を行わないために、適切な管理措置を講じます。

3.当社は、法令に定める場合を除き、事前に本人の同意を得ることなく、第三者への個人情報の提供は行いません。

4.当社は、個人情報の取扱いに関する苦情及び相談を受けた場合は、その内容について迅速に事実関係等を調査し、合理的な期間内に誠意をもって対応いたします。

5.当社は、個人情報を正確かつ最新の状態に保ち、個人情報の不正アクセス・紛失・破損・改ざん・漏洩などを防止するため、適正なセキュリティシステムの維持・管理体制の整備・社員教育の徹底等の必要な措置を講じ、個人情報の厳重な管理を行ないます。

6.当社は、保有する個人情報に関して適用される日本の法令、その他規範を遵守するとともに、本方針等の内容を適宜見直し、その改善に努めます。

[個人情報保護方針の内容についてのお問い合わせ先]

ブレインラボ株式会社  個人情報相談窓口

メールアドレス:[email protected]


個人情報の取扱いについて

ブレインラボ株式会社
個人情報保護管理者 

ブレインラボ株式会社(以下「当社」といいます。)は、以下のとおり個人情報の取扱いについて定め、個人情報(当社の個人情報保護方針に定めるところによります。以下同じ。)の保護を促進いたします。

1.個人情報の利用目的について

当社は、個人情報を下記業務ならびに利用目的の達成に必要な範囲で利用いたします。

 (1)業務内容

    ① 医療機器販売に関する業務

    ② 医療機器の保守管理に関する業務

 (2)利用目的

  <お客様・お取引先に関する個人情報>

※① 当社業務に関する契約や法律等に基づく権利の行使や義務の履行のため

※② お取引に伴う業務上の連絡や挨拶状の送付等、お客様とのお取引の適切かつ円滑な遂行のため

※③ ニュースレターの配信のため

※④ 安全管理通知のため

※⑤ エンドオブサービス通知のため

※⑥ 製品回収のため

※⑦ 製品改修のため

※⑧ サービス向上のため

※⑨ その他当社業務の適切かつ円滑な遂行のため

  <従業員、採用応募者、退職者に関する個人情報>

※① 当社の採用選考のため

※② 従業員の雇用管理のため

※③ 退職者への情報提供及び連絡等のため

  <従業員・採用活動における内定者・外部有識者等の特定個人情報>

※① 当社が、法令に基づき、従業員・採用活動における内定者・外部有識者等の個人番号を、給与所得の源泉徴収票、支払調書、健康保険・厚生年金保険被保険者資格取得届等の書類に記載して、行政機関等及び健康保険組合等に提出する事務のため

上記(2)のうち、保有個人データの利用目的を、※で示しています。

2.個人情報の共同利用について

 当社では、前記1で公表する利用目的の範囲内で、個人情報の共同利用を行います。

(1) 共同して利用される個人情報の項目

<当社のお客様・お取引先に関する個人情報>

氏名、性別、役職、勤務先、勤務先住所、電話番号、Eメールアドレス、写真

<当社の従業員に関する個人情報>

    氏名、性別、国籍、生年月日、Eメールアドレス、所属部署、写真

(2)共同して利用する者の範囲

<個人情報を共同利用する共同利用先企業>

Brainlab AG (ドイツ本社)

(3)共同して利用する者の利用目的

前記1で公表している利用目的と同内容です。

(4)共同して利用する個人情報の管理について責任を有する者の名称

ブレインラボ株式会社 個人情報保護管理者

(5)取得方法

ドイツ本社との共有システムを通じたデータ連携

3.匿名加工情報の作成及び提供に関する公表事項

   当社は、「個人情報の保護に関する法律」第2条第9項に定められる「匿名加工情報」の作成及び提供は行いません。

4.個人情報の第三者への委託

   個人情報を第三者に委託する場合は、慎重に委託先を選定し、委託業務以外への個人情報の利用の制限、機密保持の遵守、その他個人情報の取扱いに関して適切な管理を行うよう指示・監督いたします。

5.開示、訂正等の手続きについて

   当社は、ご本人からの保有個人データの開示、利用目的の通知、保有個人データの内容が事実に反する場合等における訂正等、個人情報保護法301項に規定する場合における利用停止等及び第三者提供の停止(以下「開示等」という。)のご請求を受付いたします。

 (1)開示等の求めの申し出先

    個人情報相談窓口担当

メールアドレス:[email protected]

 (2)ご提出いただくもの

① 個人情報 開示等請求書

② 本人確認のための書類(運転免許証写し、パスポート写しなど)

③ 法定代理人の場合は、上記②に加え、法定代理権があることを確認する書類

④ 任意代理人の場合は、上記②に加え、当社所定の委任状及び本人の印鑑証明書

※ご提出いただいた書類に、個人番号や要配慮個人情報が記載されている場合、あらかじめ塗り潰した上でご提出下さい。当社受領時に塗り潰されていない場合は、当社にて塗り潰すことにより取得しないものとさせていただきます。

※当社所定の様式については、別途ご案内いたします。

 (3)手数料

    当該ご請求のうち、開示のご請求及び利用目的の通知のご請求につきましては、1回のご請求につき、1,000円(税込)の手数料をご負担いただきますので、あらかじめご了承ください。

開示等のご請求の具体的な手続きにつきましては、下記の窓口までお問い合わせください。

6.個人情報の取扱いに関するご相談・苦情について

当社の個人情報の取扱いに関するご相談や苦情等のお問い合わせについては、下記の窓口までご連絡いただきますよう、お願い申し上げます。

[個人情報保護方針の内容についてのお問い合わせ先]

ブレインラボ株式会社 個人情報相談窓口

メールアドレス:[email protected]