Are you in %country%? Do you want to visit our website in another language?

Privacy Policy

Effective as of February 1st, 2023

1. General

The protection of your personal data is very important to us. At this point, we would like to inform you about data protection in our company. Your personal data will solely be used within statutory data protection regulations, such as the General Data Protection Regulation (GDPR) or the German Federal Data Protection Act (BDSG). Our employees and agents are obliged to comply with data protection regulations. Below you will find information about the nature, scope and purpose of the collection and use of your personal data and your rights. These notes can be accessed at any time on the internet at https://www.brainlab.com/privacy-policy/.

2. When you visit our website

2.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1.

Browser data (date and time of access, URL (address) of the referring website, accessed file, amount of transmitted data, browser type and version, operating system, IP address)

Connecting to the website

Art. 6 Sec. 1 lit. f GDPR

2.

web analytics data *

Audience measurement, website optimization, interest-based advertising, retargeting

Art. 6 Sec. 1 lit. a GDPR

* web analytics: Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

To continually improve and optimize our website content and usability, we use analytics technologies from Google LLC, Facebook Inc., Twitter Inc., LinkedIn, Yandex N.V. and WordPress. The session and interaction data of the website visitors are collected and statistically evaluated. Cookies are used for this purpose. The session and interaction data are never processed in personalized form, but only aggregated.

In part, analysis data is transmitted to and stored on a server of the respective analytics service in a Member State of the EU or in a third country outside the EU (for example in the USA). The information may be transferred to third parties, if this is legally permissible or if third parties process this data on behalf of our service provider. Neither we nor the web analytics services will associate your IP address with any other data stored by us or the service provider. The website uses the following analytics services:

  • Brainlab/Wordpress

Maintains the states of the user on all page requests.

  • Google Tag Manager

Google Tag Manager does not collect personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. We use the Google Tag Manager for all services listed in section 2.1 below. If you’ve opted out, Google Tag Manager will consider that opt out. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/.

  • Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, California 94043, USA). Controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The IP Anonymization feature in Google Analytics sets the last octet for IPv4 user IP addresses and for the last 80 bits in memory for IPv6 addresses to zero, just after being sent to the Analytics data collection network for collection. In this case, the full IP address will never be written to disk. Further information on anonymization can be found here: https://support.google.com/analytics/answer/2763052.

  • Google AdWords und Conversion Tracking

We use the Google AdWords online advertising program and Google AdWords conversion tracking. Google Conversion Tracking is an analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). Controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To promote our services, we run Google Adwords ads using Google Conversion Tracking for personalized, interest-based, and location-based online advertising. The option to anonymize the IP addresses is controlled by the Google Tag Manager via an internal setting, which is not visible in the source of this page. This internal setting is set so that an anonymization of the IP addresses is achieved. Ads appear after searches on Google Network sites. We have the opportunity to combine our ads with specific keywords. Cookies allow us to serve ads based on previous visits by a user to our website.

When an ad is clicked, Google places a cookie on the user’s computer. For more information on the cookie technology used, please refer to Google’s Guidance on Website Statistics and Privacy Policy.

Using this technology, Google and we as a customer receive information that a user has clicked on an ad and has been redirected to our websites. The information obtained here is used exclusively for a statistical evaluation for ad optimization. We do not receive any information that personally identifies visitors. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, if applicable, whether they have been redirected to a conversion-tagged page of our website. Based on these statistics, we can understand which search terms were used most often on our ad and which ads lead to contact via the contact form by the user.

Google Dynamic Remarketing

On our website we use the dynamic remarketing feature of Google AdWords. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website.

  • Google DoubleClick

We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to serve user-based ads. The cookies recognize which ad has already been displayed in your browser and whether you have accessed a website via a switched ad. The cookies do not collect any personal information and cannot be associated with such information.

  • Yandex Metrica

Registers a unique ID that is used to generate statistical data about how the visitor uses the site.

  • Twitter Analytics
    Twitter Conversion Tracking

Collects anonymous data about user visits to the site, such as the number of visits, the average time spent on the website, and which pages were loaded to personalize and improve the Twitter service.

Twitter Advertising

Collects anonymous data about user visits to the website, such as the number of visits, the average time spent on the website, and which pages were loaded to personalize and improve the Twitter service.

  • LinkedIn Analytics / LinkedInAds

Used by the social networking service LinkedIn for tracking the use of embedded services.

  • YouTube

We use services on our website from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a Google Inc. company, Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the enhanced privacy option provided by YouTube to protect your personal information. When you visit a page that has a YouTube video embedded, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. However, according to YouTube, in “enhanced privacy mode”, data is only sent to the YouTube server when you actively launch the video. If you are logged in to YouTube at that time, the information about the videos you watch will be associated with your YouTube membership account. You can prevent this by logging out of your member account before visiting our site.

More information about YouTube’s privacy policy is available from Google at the following link: https://www.google.de/intl/de/policies/privacy/”.

The duration of the used cookies is limited to max. 14 months, unless otherwise stated below. A cookie is a small text file that allows a website to recognize a browser. Cookies are stored in a text file on the computer and retrieved and read the next time the web server is contacted.

For US Residents: Except as otherwise specified in this Privacy Policy, Brainlab does not alter the practices detailed herein based upon your selection of the do not track setting or other opt out setting or feature that may be offered by your browser; however, Brainlab reserves the right to do so in the future.

2.2 Source, unless the data was collected from the data subject

Sec. 2.1 Ser. No. Source

1 and 2

Terminal device of the user

2.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is the limited usability of the website.

There is no automated decision-making including profiling according to Art. 22 GDPR.

3. Product information

You may contact us for information about products or services via the product information form.

3.1 Scope of data collection and storage

Ser. No. Data Purpose Legal Basis

1

Contact form data (first name, last name, telephone number, e-mail address, country, postal code, message, consent data)

Processing and answering the contact, information on products and services *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

3.2 Source, unless the data was collected from the data subject

Sec. 3.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.

3.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide you with the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

4. Clinical Research

You have the opportunity to contact us for a clinical trial with Brainlab products via the Clinical Research Form.

4.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, e-mail address, country, institution, message, consent data)

Processing and answering the contact *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

4.2 Source, unless the data was collected from the data subject

Sec. 4.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

4.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide you with the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

5. Customer and Vendor Administration

We process personal data of our customers and vendors to conclude, manage and exercise contractual relationships.

5.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, telephone number, e-mail address, country, postal code, institution, message, consent data)

Administration and Management of contractual relationships, Compliance (e.g. Screening of EU-Terror-Lists)*

Art. 6 Sec.1 lit. f GDPR 

5.2 Source, unless the data was collected from the data subject

Sec. 5.1 Ser. No. Source

1

Employer of contact person

5.3 Obligation to provide data and automated decision-making

Regularly, there is no legal or contractual obligation to provide personal data. The provision of personal data might be required for the conclusion of a contract. Possible consequence of not providing personal data of contact persons is that we cannot conclude the contract or provide the service in accordance to our contracts.

There is no automated decision-making including profiling according to Art. 22 GDPR.

6. Customer locations

You can contact us to make an appointment for a customer location visit using the Reference Locations form.

6.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, telephone number, e-mail address, country, postal code, institution, message, consent data)

Processing and answering the contact to make an appointment*

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

6.2 Source, unless the data was collected from the data subject

Sec. 6.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

6.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

7. Press releases

You can subscribe to up-to-date press information via the Press Releases form.

7.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, publisher, media title, e-mail address, country, consent data)

Processing and answering the contact, sending current press releases *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

7.2 Source, unless the data was collected from the data subject

Sec. 7.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

7.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

8. Newsletter registration

You can register for news about current publications on our blog by using the newsletter registration form.

8.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (title, first name, last name, institution, e-mail address, function, consent data)

Submission of blog articles, information on products and services *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

8.2 Source, unless the data was collected from the data subject

Sec. 8.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.

8.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information. There is no automated decision-making including profiling according to Art. 22 GDPR.

9. General contact

You can contact us for any kind of request via the general contact form.

9.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, e-mail address, message, consent data)

Processing and answering the contact *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

9.2 Source, unless the data was collected from the data subject

Sec. 9.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

9.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information.

There is no automated decision-making including profiling according to Art. 22 GDPR.

10. Support Hotline

You can contact us via our support telephone hotline if you have questions about your Brainlab product. In this case, personal data may be processed to answer your inquiry.

10.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, e-mail address, message, consent data)

Processing and answering support requests

Art. 6 Sec.1 lit. f GDPR ; Art. 6 Sec.1 lit. b GDPR

10.2 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot arrange an appointment for an event.

There is no automated decision-making including profiling according to Art. 22 GDPR.

11. Facebook Fanpage

Social media have become an integral part of the Internet and modern communication. To stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook.

11.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

User interactions (postings, likes etc.)

User communication (presentation of our company and our products)

Art. 6 Sec.1 lit. f GDPR

2

Facebook-Cookies*

Advertising for target groups

Art. 6 Sec.1 lit. f GDPR

3

Demographic data (e.g. based on age, gender, gender

place of residence, language or gender)

Advertising for target groups

Art. 6 Sec.1 lit. f GDPR

4

Statistical data on user interactions in aggregated

form, i.e. without any personal reference for us

(for example, page activities, page views, page previews,

Likes, recommendations, contributions, videos,

page subscriptions including origin, times of day)

Advertising for target groups

Art. 6 Sec.1 lit. f GDPR

*In any case, regardless of whether you are registered with Facebook or not, your IP address is transmitted and cookies are set. If you are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account. According to Facebook, the cookies used by Facebook are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analysis and research. Details about the cookies used by Facebook (e.g., cookie names, function duration, content collected and purpose) can be found here: https://www.facebook.com/policies/cookies/ by following the links there.

11.2 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. When visiting the fan page, however, personal data is automatically collected by Facebook.

There is no automated decision-making including profiling according to Art. 22 GDPR.

11.3 Transmission and use of personal data

As far as you interact within Facebook, Facebook naturally also has access to your data.

We expressly point out that Facebook stores the data (e.g. IP address, preferences and personal interests, behavior on the pages of Facebook, any personal information stored on Facebook, etc.) of users and uses it for business purposes.

We have no influence on the processing and further use of this data, as Facebook alone determines the processing. To what extent, where and for how long the data is stored, to what extent the data is linked and evaluated and to whom the data is passed on is not comprehensible to us. We also have no insight and no influence with regard to deletion periods, i.e. whether and to what extent deletion periods are observed.

If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our site to your user account. If you want to prevent Facebook from linking data about your visit to our fan page with your membership data stored on Facebook, you must

– log out of Facebook before each visit to our fan page

– delete the cookies present on the device

– and exit and restart your browser.

According to Facebook, this will delete all information that can be used by Facebook to identify you.

11.4 Joint Data controller

Brainlab AG, Olof-Palme-Strasse 9, 81829 Munich, Germany and Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland

According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for processing your personal data. The decision of the ECJ of 05.06.2018 can be found here.

By virtue of the joint responsibility, we inform you with regard to Art. 26 DS-GVO about the essence of the agreement on joint responsibility between us and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

12. Event date

You can make an appointment for an event via the event date form.

12.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Contact form data (first name, last name, e-mail address, message)

Processing and answering the contact for making an appointment 

Art. 6 Sec.1 lit. f GDPR 

2

Contact form data (first name, last name, e-mail address, message, consent data)

Information on upcoming events *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

12.2 Source, unless the data was collected from the data subject

Sec. 12.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

12.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot arrange an appointment for an event.

There is no automated decision-making including profiling according to Art. 22 GDPR.

13. Event registration

You can register for an event/webinar.

13.1 Scope of data collection and storage

Ser. No. Data Purpose Legal basis

1

Registration form data (title, first name, last name, country, institution, medical field, function, job title, e-mail address, bill recipient, billing address, consent data)

Processing and answering the registration for the event or a webinar, creation of personalized participant documents *

Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG)

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

13.2 Source, unless the data was collected from the data subject

Sec. 13.1 Ser. No. Source

1

IP address, server log file: Terminal device of the user, time, URL

13.3 Obligation to provide data and automated decision-making

There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that you cannot register for the event.

There is no automated decision-making including profiling according to Art. 22 GDPR.

14. Brainlab ID

The Brainlab ID is the single sign-on system for Brainlab customers. With a Brainlab ID, customers can register with various Brainlab services without having to create their own user accounts. To verify your authorization, your data is matched once within our system. By registering, a Brainlab ID will be created. Within the scope of registration, the following personal data will be processed:

Ser. No. Data Purpose Legal basis

1

Registration form data (first name, last name, title, institution, e-mail address, department, job title, city, country, company)

Processing and answering the registration for the event or a webinar, creation of personalized participant documents *

The data collection and storage within the registration process is based on customers consent pursuant to Art. 6 Sec.1 lit. a GDPR. This consent may be revoked with effect for the future. After revocation of the consent, we delete you Brainlab ID and the data we collected with it.

* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.

15. Applications

You can apply for a job via the career portal. For more information about the processing of our personal data, please refer to the privacy policy on our application platform.

16. Transfer of personal data

Your personal data may be transferred to the following recipients:

Recipients or categories of recipients

Transfer to public authorities or by court order

At the request of the competent authorities, we must provide information on personal data (inventory data) on a case-by-case basis for the purpose of law enforcement, security, compliance with the statutory functions of the constitutional protection agencies or the Military Shielding Service or for the enforcement of intellectual property rights.

Waiver of social plugins

We waive the integration of social plugins in our website to protect your privacy when visiting our website. We have only integrated graphic links from social network providers (e.g. www.facebook.com) into our website. This means that your browser is not initially able to establish a direct connection with the server of the social network provider. For information on how to deal with your personal data when using this website, please refer to the respective privacy policy of the provider. Brainlab AG assumes no liability for the privacy policies and procedures of the linked sites.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA

Salesforce UK Limited, Floor 26 Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY, UK

salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 München, Germany

softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin *

SmartRecruiters GmbH, Winsstraße 62/63, 10405 Berlin *

schalk&friends – Agentur für digitale Lösungen GmbH, Lindwurmstraße 124, 80337 Munich

Brainlab Corporate Services GmbH, Olof-Palme-Straße 9, 81829 Munich

Brainlab Sales GmbH, Olof-Palme-Straße 9, 81829 Munich

Brainlab Ltd. (UK), Regus House, 1010 Cambourne Business Park, Cambourne, Cambridge, CB36DP, UK

Brainlab Ltd. (Israel), 35 Efal Street, Petach-Tikva, 4951132, Israel

Brainlab Italia s.r.l., Via Monte di Pietá¡ 21, 20121 Milano, Italy

Succursale de Brainlab Sales GmbH (F), Tour Ariane 5, Place de la Pyramide, 92088 Paris La Défense Cedex, France

Brainlab, Inc., 5 Westbrook Corporate Center, Suite 1000, Westchester, IL 60154 USA

Brainlab Ltda., Avenida Angélica, nº 2.071, conj. 41, CEP 01227-200, Consolação São Paulo, Brazil

Brainlab Beijing, Medical Equipment Trading Co., Ltd, Unit B9-1, Guanghualu SOHO2 No.9 Guanghua Road, Chaoyang District, Beijing 100020, China

Brainlab Ltd. Unit 2102, 21/F, The Hennessy, 256 Hennessy Road, Wan Chai, Hong Kong

Brainlab Médica, S.L. Plaza Ángel Carbajo, 6, Entresuelo Izquierda, 28020 Madrid, Spain

Brainlab India Pvt. Ltd., #411 Time Tower, M G Road, Gurgaon-122002, Haryana, India

Brainlab K.K., Tamachi East Bldg. 2F, 3-2-16 Shibaura, Minato-ku, Tokyo 108-0023, Japan

Brainlab Ltd. (Malaysia), Level 36, Menara Citibank 165 Jalan Ampang 50450 Kuala Lumpur, Malaysia

Brainlab Australia Pty. Ltd., Suite 1, Building 1, 14 Aquatic Drive, Frenchs Forest, NSW 2086, Australia

Brainlab Ltd. (Seoul Branch), Unit 704, 7th Floor Shinwon Plaza Building, 85 Dokseodang-ro, Yongsan-Gu, Seoul 04419, Republic of Korea

Brainlab Ltd. (Singapore Branch), 73 Upper Paya Lebar Road #04-01, Centro Bianco, Singapore 534818

Bainlab Sales GmbH (Dubai Branch), Dubai Airport Free Zone, Building: 5WB, Office: 151, Dubai, UAE

In some cases, we also use service providers for hardware maintenance, software maintenance and provision of technical services, which may then come into contact with your data.

* Transfer to this recipient will only be made if you have consented thereto.

Your personal information will only be disclosed to affiliates and service partners, provided that they act on our behalf and assist us in providing our services. Processing of your personal data by service providers commissioned by us takes place within the scope of a processing on behalf acc. to Art. 28 GDPR. The aforementioned service providers only have access to personal information required to perform the respective activity. These recipients are prohibited from using personal information for other, in particular for their own advertising purposes. Insofar as external service providers come into contact with personal data, we have ensured through legal, technical and organizational measures as well as through regular inspections that these too comply with the applicable data protection regulations.

There is no transfer of your personal data to third parties for purposes other than those listed. We only share your personal information with third parties if:

  • you have given your explicit consent,
  • the transfer is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to disclose or
  • it is permitted by law and is required for the execution of contractual relationships with you.

17. Transfer of personal data to third countries

In this context, we transfer personal data to the third countries listed above. In order to ensure an adequate level of data protection in these third countries either adequacy decisions of the EU Commission or adequate and appropriate guarantees exist in the form of:

  • Standard data protection clauses of the Commission (EU standard contract clauses)

18. Duration of Storage

We process and store your personal data in as far as necessary for the duration of our business relationship, which includes, for example, the initiation and execution of a contract and the regular limitation period of three years to defend against or assert legal claims.

In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (HGB) or the Tax Code (AO). The retention periods specified therein are six to ten years. During this time, the processing of the data is limited. The retention obligation begins at the end of the calendar year in which the offer was made or the contract was fulfilled. For example, commercial or tax-relevant accounting documents are kept for ten years and contract and tax-relevant documents for at least six years.

In legal matters supervised by lawyers, the related data are stored for at least six years; for enforcement titles, the retention period can be up to thirty years due to the statute of limitations.

Applicant data will be retained for six months in the event of recruitment or rejection, unless you have explicitly given us your consent to store your data for a longer period. At the end of this period, the data will be anonymised in order to be available for later statistical evaluations.

IP addresses are usually temporarily stored for connection, if we also use them for website optimization or for advertising purposes, they are immediately anonymized and processed only anonymously. The duration of used cookies is limited to 14 months.

19. Rights

You have the right

  • pursuant to Art. 15 GDPR to request information about your personal data processed by us;
  • pursuant to Art. 16 GDPR to demand the rectification of inaccurate or the completion of incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR to demand the deletion of your personal data stored by us;
  • pursuant to Art. 18 GDPR to obtain the restriction of the processing of your personal data
  • pursuant to Art. 20 GDPR to receive your personal data, you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller;
  • pursuant to Art. 21 (i), under certain conditions, to object to the processing of your personal data based on Art. 6 Sec. 1 lit. e GDPR (in the public interest) or pursuant to Art. 6 Sec. 1 lit. f GDPR (for safeguarding a legitimate interest), or (ii) to object to the processing for direct marketing purposes;
  • pursuant to Art. 7 Sec. 3 GDPR to withdraw a consent once given to us at any time. This also applies to the withdrawals of consents that were given to us prior to the entry into force of the General Data Protection Regulation, ie before 25 May 2018. As a result, we will not be allowed to continue the processing based on this consent for the future without affecting the legality of the processing carried out on the basis of the consent until the withdrawal;
  • pursuant to Art. 77 GDPR lodge a complaint with a supervisory authority.

For asserting the statutory data subject rights and for all other questions about data processing, please write to the address of Brainlab AG listed below or send an e-mail to [email protected]. The exercise of your above rights is free of charge for you.

For US Residents: You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications.

Notice to California Residents: The California Civil Code permits California residents to request that we not share your Personally Identifiable Information with third parties for their direct marketing purposes. If you are a California resident, you may contact [email protected] to request information regarding whether and how we share personally information with third parties for their direct marketing purposes and/or to request that such information not be shared with third parties for such purposes.

20. Contact details of the controller and the data protection officer

Controller Legal representatives Data protection officer

Brainlab AG

Olof-Palme-Straße 9

81829 Munich

Chairman of the supervisory board:

Dietrich von Buttlar

Board of Directors

Stefan Vilsmeier (CEO)
Rainer Birkenbach
Jan Merker

Katharina Ruhenstroth

c/o intersoft consulting services AG

Beim Strohhause 17

20097 Hamburg

www.intersoft-consulting.de

21. Changes to the privacy policy

We reserve the right to change or amend this Privacy Policy at any time in accordance with applicable data protection laws.

For inquiries, please contact [email protected].

Additional Policies for US Residents:

Governing Law

If you are a resident of the United States, any dispute between you and Brainlab arising out of or relating to this Privacy Policy, the website or its content shall be governed by, and will be construed in accordance with, the laws of the States of New York, without regard to choice of law principles. You irrevocably agree that the courts located in or for the State of Illinois, Cook County, are the sole and exclusive forum and venue for any dispute, as the most convenient and appropriate to address any disputes, and you agree to submit to the jurisdiction and venue of such courts.

Use and Transfer of Non-Personally Identifiable Information

Non-Personally Identifiable Information” refers to data stored anonymously in a protocol file, collected by cookies or similar technology, as well as information collected by Google Analytics, AdWords and Brainlab’s display networks, and any other information that does not personally identify the individual to whom the information relates, such as information that is aggregated by Brainlab or a third party, or information that is not linked to personally identifiable information of an individual.

In addition to the uses discussed above, Brainlab may use and share non-Personally Identifiable Information in a variety of ways so long as Brainlab uses such information in its de-identified form. These uses may include, without limitation, uses for website administration; analysis of website trends and how the site is used; improving navigation of the site; analysis of the performance of the website and diagnosis of problems; improving the services we offer; analysis and developing advertisements and advertising campaigns; analysis of website user demographics, interests and preferences.

Brainlab also may use your non-Personally Identifiable Information to present you with targeted content and advertisements (including on third party websites and apps) based on your past visits to the website and your non-Personally Identifiable Information collected over time by us and third parties, optimize and determine the effectiveness of content and advertisements, analyse your interactions with content and advertisements, and how those interactions relate to your visits to the website. Some of our third party partners may participate in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioural Advertising and allow consumers the ability to opt-out of targeted advertising based on web activity tracking. For more information regarding the foregoing, please Click here or visit http://www.aboutads.info/choices/. Please note that even if our third party partners participate in this program and you opt-out of targeted advertising based on web activity tracking, you still may receive standard advertisements from us and targeted advertisements from third parties. You may need to re-click the link and follow the instructions provided therein if you delete cookies or similar technology or use a different computer, device or browser.

Children

Brainlab will not knowingly collect, use or disclose any information submitted by children under the age of majority in the jurisdiction where they reside. Parents are encouraged to educate their children about their use of the Internet, and particularly about security issues regarding the disclosure of personally identifiable information to websites.

Links

You may have the opportunity to follow links on the website to other sites that may be of interest to you. Neither Brainlab nor its affiliates are responsible for the privacy practices of any other sites or the content provided thereon. Therefore, the privacy policies with respect to other sites may differ from those applicable to the website. We encourage you to review the privacy policies of each other site.

No Medical Advice

Brainlab is not a healthcare institution or medical facility and neither Brainlab nor the website provides any medical advice. You are solely responsible for all medical decisions, including any diagnosis, use of medical professionals, treatment or treatment plan, made by you as the result of the use of the website or any communications with Brainlab, regardless of any referral or suggestion made by Brainlab.

Changes to this Privacy Policy

Any revisions to this Privacy Policy will be effective immediately upon posting. Any material changes in the manner that we use personally identifiable information will apply only to information collected thereafter, unless we provide notice or have other communications with you, e.g. with a pop-up cookie notification banner. Each time you access, use, or browse the website, provide information to Brainlab online, or click on Brainlab’s digital advertisements on third party websites or applications, you signify your acceptance of the then-current Privacy Policy. If you do not accept this Privacy Policy, you are not authorized to access, use or browse the website, to provide information to Brainlab, or to click on Brainlab’s digital advertisements on third party websites or applications.