Privacy Policy

Status: April 2024

The protection of your personal data is very important to us. We would therefore like to take this opportunity to inform you about data protection in our company. Your personal data will only be used in accordance with the statutory data protection regulations, such as the General Data Protection Regulation (GDPR). Our employees and service providers are obliged to comply with data protection regulations. Below you will find information on the type, scope and purpose of the collection and use of your personal data as well as your rights.

General data protection information

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Your rights

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Using our website

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Request and registration forms on our website

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Brainlab ID

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Fanpages

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Directive on privacy and electronic communications

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Other processing of personal data

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Job application

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Changes to the privacy policy

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.

Additional regulations for US residents

Processing of personal data

In this privacy policy, we inform you about the processing of personal data. Personal data within the meaning of Art. 4 GDPR is all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc. and which are processed by us.


Controller and data protection officer

The controller for data processing pursuant to Art. 4 (7) GDPR is

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
E-Mail: dataprivacy@brainlab.com

If you have any questions about data protection, please contact our data protection officer:

Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de


Recipients of data

Your personal data will only be passed on to third parties for the purposes listed here. Beyond this, data will only ever be passed on if there is a legal basis for doing so.

We only transfer your personal data to third parties if, for example:

  • you have given your express consent to the transfer in accordance with Art. 6 para. 1 lit. a GDPR; or

  • it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including shipment tracking; or

  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 lit. c GDPR; or

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary within the scope of our legitimate interests, e.g. for the assertion, exercise or defending legal claims, and you have no overriding interest worthy of protection in not disclosing your data.


On this legal basis and for the purposes mentioned, we may disclose your data to third parties who provide services on our behalf in order to support us in our business activities. These companies are authorized to use your personal data only to the extent necessary to provide these services to us.

Brainlab and these companies have entered into agreements to ensure that your data is also adequately protected by our service providers. We use service providers for our marketing (e.g. web hosting and newsletters) and user experience optimization, for event registration (e.g. for Reference Site Visits and Brainlab Academy), for the execution and implementation of contracts we have with you or services we provide (e.g. sales inquiries and payment processing) and in the context of processing your application to our job postings. For example, we may share your name and delivery address with third parties that we engage to deliver certain products or services to you (e.g. support services, shipping or direct advertising companies).


Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected and processed. Once the purpose no longer applies, the data will be deleted unless storage is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Legal obligations arise for us from tax and commercial law, but also from other laws. For example, we must retain accounting data such as order and payment data or business letters for 10 years or 6 years, depending on the applicable tax and commercial law regulations. Further information on any retention periods can be found in the respective sections on the individual processing operations.


Data transfer to third countries

We always select the services we use in such a way that the protection of your personal data is guaranteed in the best possible way. For some services, we have no influence over whether the data processed by these services is transferred to holding companies in the USA or other third countries. If there is no decision by the European Union for these countries that they have a level of data protection comparable to that of the European Union (so-called EU adequacy decision), we or our contractual partner have concluded a separate contract or binding corporate rules that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.