Are you in %country%? Do you want to visit our website in another language?

Privacy Policy

Status: April 2024

The protection of your personal data is very important to us. We would therefore like to take this opportunity to inform you about data protection in our company. Your personal data will only be used in accordance with the statutory data protection regulations, such as the General Data Protection Regulation (GDPR). Our employees and service providers are obliged to comply with data protection regulations. Below you will find information on the type, scope and purpose of the collection and use of your personal data as well as your rights.

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.

Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: [email protected]

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg

Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or
  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or
  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or
  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.

On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).

Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.

Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

The General Data Protection Regulation grants various rights to those affected by the processing of personal data (data subjects), which we would like to explain to you below. You have the right:

  • pursuant to Art. 15 GDPR, to information as to whether and, if so, which of your personal data we process,
  • pursuant to Art. 16 GDPR, to request the rectification of inaccurate personal data concerning you and the completion of incomplete personal data,
  • pursuant to Art. 17 GDPR, to obtain the erasure of personal data concerning you without undue delay,
  • pursuant to Art. 18 GDPR, to the restriction of personal data concerning you,
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller,
  • pursuant to Art. 21 GDPR, under certain conditions, to object to the processing of your personal data on the basis of Art. 6 para. 1 lit. e GDPR (in the public interest) or pursuant to Art. 6 para. 1 lit. f GDPR (to safeguard a legitimate interest), or to object to processing for direct marketing purposes,
  • in accordance with Art. 7 para. 3 GDPR, to revoke consent given to us at any time. As a result, we may not continue the processing based on this consent in the future without affecting the lawfulness of the processing carried out on the basis of the consent until revocation,
  • file a complaint with a supervisory authority pursuant to Art. 77 GDPR.

To exercise the statutory rights of data subjects and for all other questions regarding data processing, please write to the above address of Brainlab AG (hereinafter referred to as “Brainlab”) or send an e-mail to [email protected]. The exercise of your above-mentioned rights is generally free of charge for you.

Provision of our website

If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server and that is technically necessary for us to display our website and to ensure stability and security.

The short-term registration of the IP number is essential for accessing the website. The IP address is the globally valid, unique identifier of a computer and consists of four blocks of numbers separated by dots. Private users are not usually assigned a fixed IP address by the provider, but only a temporary IP address that changes at regular intervals. Nevertheless, as with static IP addresses, it is possible in principle to clearly assign user data via this feature. The external web servers store IP addresses for a maximum of 14 days. After that, the access data is anonymized.

The data that we collect for the above-mentioned purposes are:

  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status/HTTP status code,
  • Amount of data transferred in each case,
  • Website from which the request originates,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

The legal basis for this is Art. 6 para. 1 lit. f GDPR. The collection of the data is technically necessary for the provision of the website and the storage in log files for the operation of the website and for protection against misuse, so that our legitimate interest in data processing prevails at this point.

Cookies and other technologies

Cookies and other technologies are used on the website for the various purposes described below.

Cookies are small text files that enable a website to recognize a browser. Cookies are stored in a text file on the computer and are retrieved and read the next time you contact the web server.

There are different types of cookies. Session cookies are temporary cookies that are stored in the user’s Internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and stored in the user’s browser for a predefined period of time. First party cookies are set by the website that the user visits. With these, the user can only be recognized by the website from which the cookie originates. Only this website may read the information from the cookies. So-called third party cookies, on the other hand, are set by a third party, i.e. not the website on which the visitor is currently located. Third-party cookies are often stored by marketing companies that place advertisements on the website visited. Unless otherwise stated below, the duration of the cookies used is limited to a maximum of 14 months.

The technology of tracking pixels can also be found on the website. A tracking pixel is a graphic element that is embedded in the code of websites, online advertising or emails. Tracking pixels are embedded in the code of a website and retrieved by the server every time a user loads this website into their web browser. The server then sends the pixel tag to the user’s unique IP address and logs it.


As part of our usage-based online advertising, we use the Custom Audiences service of Meta Platforms, Inc. 1601 S, also known as “Facebook Pixel”. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”). For this purpose, we use Facebook Ads Manager to define target groups of users based on certain characteristics, who are then shown advertisements within the Facebook network. Users are selected by Facebook on the basis of the profile information they provide and other data made available by their use of Facebook. If a user clicks on an advertisement and then reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website.

A non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.

We do not use Facebook Custom Audiences with customer lists, nor do we use the “Extended Matching” function.

For more information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, please refer to Facebook’s privacy policy.

The data collected by the Facebook Conversion Tracking Pixel is stored by us for 7 days. The legal basis for the collection of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

Joint responsibility:
Brainlab and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, are jointly responsible for the collection and transfer of data as part of this process. We have entered into a corresponding agreement with Facebook for this joint responsibility, which can be viewed here: This defines the respective responsibilities for fulfilling the obligation under the GDPR regarding joint responsibility. The contact details and data of Facebook’s data protection officer can be found here:


To operate our website, we use various services of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In the following, we refer to the provider as “Google”.

Google Tag Manager

For reasons of transparency, we would like to point out that we use Google Tag Manager. The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting and test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have deactivated it, this deactivation will be taken into account by Google Tag Manager.

Google Analytics

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the “anonymizeIP” function. Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

On behalf of Brainlab, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. The data is only collected and stored with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time with effect for the future.

Further information on data protection can be found at

Google Dynamic Remarketing, Ads und Conversion Tracking

We use Google’s marketing and remarketing services (Google Marketing Services) to optimize and operate our online offering economically.

Google marketing services allow us to select advertisements for our website in a more targeted manner to present you only with advertisements that potentially match your interests. If, for example, you are shown advertisements for our services on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which Google marketing services are active, Google executes a code directly from Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies can also be used instead of cookies).

The cookies can be set by various domains, including,, or This file records which websites you have visited, which content you are interested in, and which offers you have clicked on. In addition, technical information about your browser and operating system, referring websites, time of visit and other information about the use of the online offer is recorded. Your IP address is also recorded.

The IP address is not merged with your data within other Google offers. The aforementioned information may also be combined by Google with such information from other sources. If you subsequently visit other websites, you may be shown ads tailored to your interests. We process your data pseudonymously as part of Google marketing services. This means that Google does not store and process your name or e-mail address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

The Google marketing services we use include the online advertising program “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of Ads customers. The information collected with the help of the cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

Data is only collected and stored with express consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

Further information on the use of data for marketing purposes by Google can be found on the overview page: Google’s privacy policy is available at

Google DoubleClick

We use Google Double Click on our website. DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent users from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser. This prevents the same ad from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions with reference to ads. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal data.

Through the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google using this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on our advertising.

If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will receive and store your IP address.

The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

Further information on DoubleClick by Google can be found at and on data protection at Google in general:

Youtube Videos

We use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller of your data.

To protect your personal data, we use the extended data protection option provided by YouTube. When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. However, according to YouTube, data is only transmitted to the YouTube server in “extended data protection mode” when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

The collection and storage of data only takes place with your expressed consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

Further information on data protection at YouTube is provided by Google at the following link:

X (Twitter)

As part of the operation of our website, we use various services of the provider X (also known as Twitter) of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA on our website. Within the EU/EEA, the responsible body for exercising data subject rights is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. In the following we call it “X”.

X/Twitter Analytics

If you are active on our X-Presence in the form of messages, comments, mentions or “likes” that contain personal data (e.g. your name, date of birth or address), this data will be transmitted by X to us as the operator of our X-Account.

Tweets and profile information are generally publicly accessible data, i.e. every X user can see your profile data and tweets. However, this also means that responses (e.g. comments or “likes”) can be recorded. You can make settings for this in your account settings under “Privacy and security”:

We would like to point out that we also use the “X/Twitter Analytics” function when operating the X-Presence. X/Twitter Analytics allows owners of an X account to retrieve and analyse a summary of data in the form of statistics within a tool. This tool can be used to evaluate X presence measures, gain insights into the target group, and determine fan engagement and the viral spread of your own posts.

With X/Twitter Analytics, we have the option of retrieving the following statistics via X, which do not allow any conclusions to be drawn about individual users:

  • “Like” views
  • Page views
  • Gender ratio or regional distribution of users
  • Post reach

The legal basis for the use of the X/Twitter Analytics function as part of our X presence is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve our corporate communications and to identify, monitor and analysee publicly available opinions, conversations, sentiments, trends or other interactions that are relevant to our business.

For more information about X’s privacy practices, please visit:

X/Twitter Conversion Tracking

X/Twitter Conversion Tracking with the X/Twitter Pixel, a tool from Twitter Inc., USA, enables us to statistically record the use of our website to optimize it.

Conversion tracking provides data to X and helps with user allocation. This is done by matching conversion data with an X user using available identifiers such as cookie IDs, click IDs or emails.

With conversion tracking, X places a cookie on your end device when you visit our website by clicking on an X/Twitter ad. Conversion tracking is used to compile statistics and not to identify you personally. Matched data may be used to create audiences from website activity for campaign retargeting, to improve optimization models that allow us to target actions within our campaigns, or to report on campaign results so that we can better understand the impact of our campaigns.

For more information, please visit

We only use the X/Twitter pixel with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

X/Twitter Advertising

X/Twitter Ads enables advertisers to collect data from users who visit their website. A non-reversible and non-personal checksum (hash value) is formed from your usage data and transmitted to X for analysis and marketing purposes. In addition, a so-called “X/Twitter pixel” can be used to track the actions of users after they have seen or clicked on an X advertisement.

User behavior is recorded, such as the websites visited, the content accessed, the time of visit, etc., but also device-related data such as the applications and operating systems used. Your IP address is stored and used for the geographical targeting of advertising. With “cross-device personalization”, Twitter also attempts to identify and link all of the user’s devices. As the data is stored and processed by X, a link to the respective user profile on is also possible.

Anonymized data is deleted within 6 months. Data that allows a specific user to be identified on X will be deleted within 90 days. Further information on the duration of storage can be obtained from the provider or at Data is only collected and stored with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

Further information on the purpose and scope of data collection and the further processing and use of the data as well as the data protection settings can be found in the data protection information of X:


On our website we use the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn Analytics

The LinkedIn Analytics service stores and processes information about your user behavior on our website. For this purpose, the service uses cookies, among other things, which are stored locally in the cache of your web browser on your end device, and which enable your use of our website to be analysed.

The LinkedIn tag permits the recording of the websites visited, including URL, referrer ID, IP address, device and browser properties and timestamp. The IP addresses are shortened or hashed by LinkedIn (for cross-device use). The direct identifiers of the members are removed within 7 days to pseudonymize the data. The remaining pseudonymized data is then deleted within 180 days.

Data is only collected and stored with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.

LinkedIn Ads

We use the LinkedIn Ads Conversion Tracking service to evaluate our online advertising. For this purpose, we define target groups of users in the LinkedIn Campaign Manager based on certain characteristics, to whom ads are then displayed within the LinkedIn network. Users are selected by LinkedIn on the basis of the profile information you provide, and other data provided when using LinkedIn. If a user clicks on an ad and then visits our website, LinkedIn receives the information that the user has clicked on the banner ad via the conversion tag embedded on our website.

Using the LinkedIn pixel, we can display personalized advertising outside our website without identifying individual members. Data that does not identify individuals is also used to improve the relevance of ads and to reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customize advertising settings:

We process this data to evaluate our advertising campaigns. The legal basis for the processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. Without your consent via our Consent Tool, no data will be processed for LinkedIn Conversion Tracking. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings.

Further information on the purpose and scope of data collection and the further processing and use of the data by LinkedIn as well as your setting options for protecting your privacy can also be found in LinkedIn’s data protection information

Further information on LinkedIn Conversion Tracking can be found at: Further information on data processing and storage duration can be found at


In order to offer you location-based content, we use the service from IDB, LLC 300 Lenora Street #516, Seattle, WA 98136, USA. ipinfo is a tool for determining the public IP address. In addition, geolocation data can be retrieved via the IP address. In particular, we use ipinfo to show you the nearest address of a Brainlab location.

The legal basis for the processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings. If you withdraw your consent or our marketing purposes are fulfilled, we will delete your data collected by ipinfo.

If you provide us with your personal data of your own accord, e.g. when you contact us, we will collect this personal data. Of course, we will only use the personal data provided to us for the purpose for which you provided it to us when you contacted us.

The transmission of this information is voluntary and in these cases is initiated by you. If this involves information on communication channels (e.g. e-mail address, telephone number), we will use these channels to contact you in accordance with your request. The purpose of processing your data is to process and respond to your request or registration.

The legal basis for the processing of the data that you transmit to us in the course of contacting us is Art. 6 para. 1 lit. f GDPR, unless otherwise stated below. The legitimate interest in the processing lies in the purposes described. If you have consented to the sending of newsletters and advertising emails via our form, the legal basis for the processing of your data for this purpose is Art. 6 para. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future.

We delete your data that we have received in the course of contacting you as soon as it is no longer required to achieve the purpose for which it was collected, i.e. when your request has been fully processed and no further communication with you is required or desired.

Below you will find further information on the individual inquiries or registration forms:

General contact form

We will put you in touch with the right contact person at Brainlab. You can fill out our general contact form.

Forms for clinical research and clinical advisors

If you are interested in collaborating with Brainlab to support medical research, you can contact Brainlab via the Clinical Trials form. If you are interested in becoming a clinical advisor, please contact us using the contact form here.

Support form

If you have any questions or need assistance with Brainlab solutions or information about our services, please contact us via our support form. If you have a specific question about our TraumaCad product, you can find our TraumaCad support form here.

Brainlab Academy & Symposia forms

For the registration and creation of personalized participant documents for our Brainlab Academy and symposia, we must process your data, such as name, country, institution, specialist area, function, job title, e-mail address, invoice recipient, invoice address. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Webinar registration and whitepaper form

If you would like to attend or stream one of our webinars where our technologies are presented by Brainlab experts and leading clinicians, you will need to fill out our webinar registration form (name, email address, country, institution and job title in the medical field).

We offer our webinars and whitepapers free of charge. In order to participate in a webinar or receive the whitepaper, you must provide the personal data requested in the form. If you do not provide us with this data, you will not be able to participate in the webinar or receive the white paper. In return, we ask for your consent to receive promotional emails (e.g. product information, new releases, upcoming events and webinars) from Brainlab and its subsidiaries. The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. a and lit. f GDPR.

You have the right to object to the processing under the legal requirements (Art. 21 GDPR). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. We would like to point out that in the event of an objection, participation in a webinar may not be possible.

Trade fair meeting form

To meet us at a trade fair, you can fill out our trade fair form. In this case, we will process your name, e-mail address and the content of your message in order to process your request.

Form for subscribing to press releases, journal and newsletter

You can use the press release form and the journal form to subscribe to the latest press releases. You can use the newsletter subscription form to subscribe to news about current publications on our blog.

By completing our journal or newsletter subscription form, you have the option to consent to receiving information about our products and services.

The Brainlab ID is the single sign-on system for Brainlab customers. With a Brainlab ID, customers can log in to various Brainlab services, such as our webinars or the Brainlab Online Campus, without having to create their own user accounts. To verify your authorization, your data will be checked once in our system. Registration creates a Brainlab ID. The following personal data is processed as part of the registration process:

  • First name, surname
  • Institution
  • E-mail address
  • Department
  • Job title
  • City
  • Country
  • Company name

Data is collected and stored as part of the registration process on the legal basis of the customer’s consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent can be revoked with effect for the future. After withdrawal of consent, we will delete your Brainlab ID and the data collected with it.

Social media has become an integral part of the internet and modern communication. To stay in touch with our customers and interested parties, we have also set up our own fan page on Facebook, LinkedIn, Twitter, TikTok, YouTube and Instagram.

Joint responsibility

As the operator of these pages, we are jointly responsible with the respective network operators within the meaning of Art. 4 No. 7 GDPR. As joint controllers for the fan pages, we have concluded the following data protection agreements:

  • Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as “Facebook”: Facebook. Here you can find the and the general data protection guidelines for the use of Facebook.
  • LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, hereinafter: LinkedIn: LinkedIn. The data processing agreement can be found here.
  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, hereinafter: Twitter: Twitter. Further information about Twitter can be found in the General Terms and Conditions and the other policies linked here.
  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, hereinafter referred to as: TikTok. For more information about TikTok, please refer to TikTok’s Jurisdiction Specific Terms and Privacy Policy.
  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter: Instagram: Instagram. You can find Instagram’s terms of use and privacy policy here.

Use of cookies and analytics options

On our company pages, we provide information and offer users the opportunity to communicate. If you carry out an action on one of our company pages (e.g. comments, posts, likes, etc.), you can make personal data (e.g. clear name or photo of your user profile) public. In addition, demographic and geographical evaluations are also created on the basis of the information collected and provided to us. We can use this information, for example, for the targeted placement of interest-based advertising. This serves to control the marketing of Brainlab’s activities. However, the visitor statistics generated are only transmitted to us in anonymized form, so that we do not obtain any direct knowledge of the visitor’s identity.

For more information on the analysis options on our company pages and the storage of your data on the various channels, please refer to the respective privacy policy of the social network.

Data transfer and legal basis

The operators of social media may also process some of the data collected outside the European Union in the USA or other third countries. We have no influence on this processing. We ourselves do not pass on any personal data that we receive via our social media presences. Data is transferred to the USA on the basis of the existing adequacy decision, the “EU-US Data Privacy Framework“. It cannot be ruled out that data will be transferred to China via TikTok. TikTok states that it has concluded the standard contractual clauses of the European Union for this purpose.

The operation of the company pages, including the processing of users’ personal data, is based on Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in an information and interaction opportunity via social media for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 lit. a, b, c GDPR.

Possibility to revoke your consent

In particular, you are entitled to the following objection options:

  • Facebook and Instagram: Facebook offers objection options as part of the Facebook settings and via the form for the right to object. The same applies to Instagram.
  • LinkedIn: LinkedIn offers opt-out options in the settings or via a form.
  • Twitter: If you do not want Twitter to merge your activities on Twitter with other online activities of our partners, e.g. to show you interest-based advertising on and off Twitter, there are several ways to deactivate this function. You can find these described at
  • TikTok: You can object to the processing of your personal data by TikTok by completing and submitting the form provided here.
  • YouTube: An objection to processing by YouTube can be made via the settings in your Google account. You can find information on how to do this here.

Due to the Directive on privacy and electronic communications of the European Union and its principles on consent to the storage of information on terminal equipments, it should be noted that consent within the meaning of Art. 6 para. 1 lit. a GDPR, which is mentioned as the legal basis in the context of the processings listed in this privacy policy, also means consent within the meaning of the other national laws implementing the Directive on privacy and electronic communications (e.g. § 25 of the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia in Germany or § 165 of the Telecommunications Act in Austria).

In addition to processing your personal data when you visit our website, we process your data for the purposes of customer and supplier management and for reference visits.

Customer and supplier management

We process personal data of our customers and suppliers for the conclusion, administration and performance of contractual relationships. For the purpose of administration and management of contractual relationships and compliance (e.g. screening of EU terrorist lists), we may process your personal data such as name, telephone number, e-mail address, country, zip code and institution.

On-site visits

You can contact us to make an appointment for a visit to a Brainlab reference site. To respond to your request, we will process your data such as name, phone number, e-mail address, country, postal code, institution, message.

You can apply for a position via the career portal. Further information on the processing of our personal data can be found in the privacy policy on our application platform.

We reserve the right to amend or supplement this privacy policy at any time in compliance with applicable data protection laws.

If you have any questions, please contact [email protected].

Governing Law

If you are a resident of the United States, any dispute between you and Brainlab arising out of or relating to this Privacy Policy, the website or its content shall be governed by, and will be construed in accordance with, the laws of the States of New York, without regard to choice of law principles. You irrevocably agree that the courts located in or for the State of Illinois, Cook County, are the sole and exclusive forum and venue for any dispute, as the most convenient and appropriate to address any disputes, and you agree to submit to the jurisdiction and venue of such courts.

Additional Information to Chapter “Your Rights”

For US Residents: You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications.

Notice to California Residents: The California Civil Code permits California residents to request that we not share your Personally Identifiable Information with third parties for their direct marketing purposes. If you are a California resident, you may contact [email protected] to request information regarding whether and how we share personal information with third parties for their direct marketing purposes and/or to request that such information not be shared with third parties for such purposes.

Use and Transfer of Non-Personally Identifiable Information

Non-Personally Identifiable Information refers to data stored anonymously in a protocol file, collected by cookies or similar technology, as well as information collected by Google Analytics, AdWords and Brainlab’s display networks, and any other information that does not personally identify the individual to whom the information relates, such as information that is aggregated by Brainlab or a third party, or information that is not linked to personally identifiable information of an individual.

In addition to the uses discussed above, Brainlab may use and share non-Personally Identifiable Information in a variety of ways so long as Brainlab uses such information in its de-identified form. These uses may include, without limitation, uses for website administration; analysis of website trends and how the site is used; improving navigation of the site; analysis of the performance of the website and diagnosis of problems; improving the services we offer; analysis and developing advertisements and advertising campaigns; analysis of website user demographics, interests, and preferences.

Brainlab also may use your non-Personally Identifiable Information to present you with targeted content and advertisements (including on third party websites and apps) based on your past visits to the website and your non-Personally Identifiable Information collected over time by us and third parties, optimize and determine the effectiveness of content and advertisements, analyse your interactions with content and advertisements, and how those interactions relate to your visits to the website. Some of our third party partners may participate in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioural Advertising and allow consumers the ability to opt-out of targeted advertising based on web activity tracking. For more information regarding the foregoing, please click here or visit Please note that even if our third party partners participate in this program and you opt-out of targeted advertising based on web activity tracking, you still may receive standard advertisements from us and targeted advertisements from third parties. You may need to re-click the link and follow the instructions provided therein if you delete cookies or similar technology or use a different computer, device, or browser.

Additional Information to Chapter “Cookies and other technologies”

Except as otherwise specified in this Privacy Policy, Brainlab does not alter the practices detailed herein based upon your selection of the do not track setting or other opt out setting or feature that may be offered by your browser; however, Brainlab reserves the right to do so in the future.


Brainlab will not knowingly collect, use, or disclose any information submitted by children under the age of majority in the jurisdiction where they reside. Parents are encouraged to educate their children about their use of the internet, and particularly about security issues regarding the disclosure of personally identifiable information to websites.

No Medical Advice

Brainlab is not a healthcare institution or medical facility and neither Brainlab nor the website provides any medical advice. You are solely responsible for all medical decisions, including any diagnosis, use of medical professionals, treatment, or treatment plan, made by you as the result of the use of the website or any communications with Brainlab, regardless of any referral or suggestion made by Brainlab.

Changes to this Privacy Policy

Any revisions to this Privacy Policy will be effective immediately upon posting. Any material changes in the manner that we use personally identifiable information will apply only to information collected thereafter, unless we provide notice or have other communications with you, e.g. with a pop-up cookie notification banner. Each time you access, use, or browse the website, provide information to Brainlab online, or click on Brainlab’s digital advertisements on third party websites or applications, you signify your acceptance of the then-current Privacy Policy. If you do not accept this Privacy Policy, you are not authorized to access, use or browse the website, to provide information to Brainlab, or to click on Brainlab’s digital advertisements on third party websites or applications.