As of May 25, 2018
1. General
The protection of your personal data is very important to us. At this point, we would like to inform you about data protection in our company. Your personal data will solely be used within statutory data protection regulations, such as the General Data Protection Regulation (GDPR) or the new Federal Data Protection Act (BDSG). Our employees and agents are obliged to comply with data protection regulations. Below you will find information about the nature, scope and purpose of the collection and use of your personal data and your rights. These notes can be accessed at any time on the internet at https://www.brainlab.org/privacy-policy/.
2. When you visit our website
2.1 Scope of data collection and storage
Ser. Nr. |
Data |
Purpose |
Legal basis |
1 |
Browser data (date and time of access, URL (address) of the referring website, accessed file, amount of transmitted data, browser type and version, operating system, IP address) |
Connecting to the website |
Art. 6 Sec. 1 lit. f GDPR |
2 |
web analytics data * |
Audience measurement, website optimization, interest-based advertising, retargeting |
Art. 6 Sec. 1 lit. f GDPR |
* web analytics To continually improve and optimize our website content and usability, we use analytics technologies from Google LLC and WordPress. The session and interaction data of the website visitors are collected and statistically evaluated. Cookies are used for this purpose. The session and interaction data are never processed in personalized form, but only anonymously. In part, analysis data is transmitted to and stored on a server of the respective analytics service in a Member State of the EU or in a third country outside the EU (for example in the USA). The information may be transferred to third parties, if this is legally permissible or if third parties process this data on behalf of our service provider. Neither we nor the web analytics services will associate your IP address with any other data stored by us or the service provider. The website uses the following analytics services:
- Brainlab/Wordpress
Maintains the states of the user on all page requests.
- Google Tag Manager
Google Tag Manager does not collect personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. We use the Google Tag Manager for all services listed in section 2.1 below. If you’ve opted out, Google Tag Manager will consider that opt out. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/.
- Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, California 94043, USA). The IP Anonymization feature in Google Analytics sets the last octet for IPv4 user IP addresses and for the last 80 bits in memory for IPv6 addresses to zero, just after being sent to the Analytics data collection network for collection. In this case, the full IP address will never be written to disk. Further information on anonymization can be found here: https://support.google.com/analytics/answer/2763052.
The duration of the used cookies is limited to max. 14 months, unless otherwise stated below. A cookie is a small text file that allows a website to recognize a browser. Cookies are stored in a text file on the computer and retrieved and read the next time the web server is contacted. As a user, you can use your browser settings to decide for yourself whether and which cookies you want to allow, block or delete. You can find instructions for your browser here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also use so-called adblockers, such as Ghostery. However, the collection and storage of data for the purpose of website optimization can also be objected to at any time with future effect via the following opt-out link http://www.youronlinechoices.com/de/praferenzmanagement/. Use the link above to manage your preferences for usage-based online advertising. If you object to a usage-based online ad using the preference manager, it will only apply to the specific business data collection from the web browser you are using. The preference management is cookie-based. Deleting all browser cookies also removes the preferences you set with the preference manager. If you want to deactivate Google Analytics, you can alternatively also download a corresponding add-on for your web browser at: https://tools.google.com/dlpage/gaoptout. For California, USA: Except as otherwise specified in this Privacy Policy, Brainlab does not alter the practices detailed herein based upon your selection of the “do not track” setting or other “opt out” setting or feature that may be offered by your browser; however, Brainlab reserves the right to do so in the future.
2.2 Pursued legitimate interests, provided legal basis is Art. 6 Sec. 1 lit. f GDPR
See purpose in Section 2.1
2.3 Source, unless the data was collected from the data subject
Sec. 2.1 Ser. No. |
Source |
1 and 2 |
Terminal device of the user |
2.4 Obligation to provide data and automated decision-making
There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is the limited usability of the website. There is no automated decision-making including profiling according to Art. 22 GDPR.
3. Newsletter registration
You can register for news about current publications on our blog by using the newsletter registration form.
3.1 Scope of data collection and storage
Ser. No. |
Data |
Purpose |
Legal basis |
1 |
Contact form data (title, first name, last name, institution, e-mail address, function, consent data) |
Submission of blog articles, information on products and services * |
Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG) |
* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.
3.2 Source, unless the data was collected from the data subject
Sec. 3.1 Ser. No. |
Source |
1 |
IP address, server log file: Terminal device of the user, time, URL |
We use the e-mail address collected in connection with the sale of a product or service on our website for the direct marketing of own and similar products and / or services. If you do not wish to receive advertising, you may object to the use of your email address at any time without incurring any costs other than the basic rate for communication means. For this purpose, there is a corresponding link to unsubscribe in each newsletter.
3.3 Obligation to provide data and automated decision-making
There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is hat we cannot provide the requested information. There is no automated decision-making including profiling according to Art. 22 GDPR.
4. General contact
You can contact us for any kind of request via the general contact form.
4.1 Scope of data collection and storage
Ser. No. |
Data |
Purpose |
Legal basis |
1 |
Contact form data (first name, last name, e-mail address, message, consent data) |
Processing and answering the contact * |
Art. 6 Sec.1 lit. a GDPR (in conjunction with Para. 7 Sec. 2 No. 3 Unfair Competition Act – UWG) |
* Used for this purpose only if you have consented to it. In this case, we also record the consent you have given us.
4.2 Source, unless the data was collected from the data subject
Sec. 4.1 Ser. No. |
Source |
1 |
IP address, server log file: Terminal device of the user, time, URL |
4.3 Obligation to provide data and automated decision-making
There is no legal or contractual obligation to provide personal data. The provision of personal data is also not required for the conclusion of a contract. Possible consequence of not providing personal data is that we cannot provide the requested information. There is no automated decision-making including profiling according to Art. 22 GDPR.
5. Transfer of personal data
Your personal data may be transferred to the following recipients:
Recipients or categories of recipients Transfer to public authorities or by court order
At the request of the competent authorities, we must provide information on personal data (inventory data) on a case-by-case basis for the purpose of law enforcement, security, compliance with the statutory functions of the constitutional protection agencies or the Military Shielding Service or for the enforcement of intellectual property rights.
Waiver of social plugins
We waive the integration of social plugins in our website to protect your privacy when visiting our website. We have only integrated graphic links from social network providers (e.g. www.facebook.com) into our website. This means that your browser is not initially able to establish a direct connection with the server of the social network provider. For information on how to deal with your personal data when using this website, please refer to the respective privacy policy of the provider. Brainlab AG assumes no liability for the privacy policies and procedures of the linked sites.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
For anonymised data for Google Analytics und for Conversion Tracking, see above. Google is subject to the EU-US. Privacy Shield. Existing EU-US Privacy Shield certifications can be viewed at https://www.privacyshield.gov/list. The Implementing Decision (EU) 2016/1250 of the EU Commission of 12 July 2016 recognizes the level of protection of the EU US Privacy Shields as equivalent to the level of protection of the Union.
schalk&friends – Agentur für digitale Lösungen GmbH, Lindwurmstraße 124, 80337 Munich
Brainlab AG, Olof-Palme-Straße 9, 81829 Munich
Brainlab Corporate Services GmbH, Olof-Palme-Straße 9, 81829 Munich
Brainlab Sales GmbH, Olof-Palme-Straße 9, 81829 Munich
Brainlab Ltd. (UK), Regus House, 1010 Cambourne Business Park, Cambourne, Cambridge, CB36DP, UK
Brainlab Ltd. (Israel), 35 Efal Street, Petach-Tikva, 4951132, Israel
Brainlab Italia s.r.l., Via Monte di Pietá 21, 20121 Milano, Italy Succursale de
Brainlab Sales GmbH (F), Tour Ariane 5, Place de la Pyramide, 92088 Paris La Défense Cedex, France
Brainlab, Inc., 5 Westbrook Corporate Center, Suite 1000, Westchester, IL 60154 USA
Brainlab Ltda., Avenida Angélica, nº 2.071, conj. 41, CEP 01227-200, Consolação São Paulo, Brazil
Brainlab Beijing, Medical Equipment Trading Co., Ltd, Unit B9-1, Guanghualu SOHO2 No.9 Guanghua Road, Chaoyang District, Beijing 100020, China
Brainlab Ltd. Unit 2102, 21/F, The Hennessy, 256 Hennessy Road, Wan Chai, Hong Kong
Brainlab Médica, S.L. Plaza Ángel Carbajo, 6, Entresuelo Izquierda, 28020 Madrid, Spain
Brainlab India Pvt. Ltd., #411 Time Tower, M G Road, Gurgaon-122002, Haryana, India
Brainlab K.K., Tamachi East Bldg. 2F, 3-2-16 Shibaura, Minato-ku, Tokyo 108-0023, Japan
Brainlab Ltd. (Malaysia), Level 36, Menara Citibank 165 Jalan Ampang 50450 Kuala Lumpur, Malaysia
Brainlab Australia Pty. Ltd., Suite 1, Building 1, 14 Aquatic Drive, Frenchs Forest, NSW 2086, Australia
Brainlab Ltd. (Seoul Branch), Unit 704, 7th Floor Shinwon Plaza Building, 85 Dokseodang-ro, Yongsan-Gu, Seoul 04419, Republic of Korea
Brainlab Ltd. (Singapore Branch), 73 Upper Paya Lebar Road #04-01, Centro Bianco, Singapore 534818
Bainlab Sales GmbH (Dubai Branch), Dubai Airport Free Zone, Building: 5WB, Office: 151, Dubai, UAE
In some cases, we also use service providers for hardware maintenance, software maintenance and provision of technical services, which may then come into contact with your data. * Transfer to this recipient will only be made if you have consented thereto. Your personal information will only be disclosed to affiliates and service partners, provided that they act on our behalf and assist us in providing our services. Processing of your personal data by service providers commissioned by us takes place within the scope of a processing on behalf acc. to Art. 28 GDPR. The aforementioned service providers only have access to personal information required to perform the respective activity. These recipients are prohibited from using personal information for other, in particular for their own advertising purposes. Insofar as external service providers come into contact with personal data, we have ensured through legal, technical and organizational measures as well as through regular inspections that these too comply with the applicable data protection regulations. There is no transfer of your personal data to third parties for purposes other than those listed. We only share your personal information with third parties if:
- you have given your explicit consent,
- the transfer is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to disclose or
- it is permitted by law and is required for the execution of contractual relationships with you.
6. Transfer of personal data to third countries
In this context, we transfer personal data to the third countries listed above. In order to ensure an adequate level of data protection in these third countries either adequacy decisions of the EU Commission1 or adequate and appropriate guarantees exist in the form of:
- EU-U.S. Privacy Shield Certification2
- Standard data protection clauses of the Commission (EU standard contract clauses)6
1Further information on the recognition of safe third countries can be found on the website of the EU-Commission.. 2Present US-US Privacy Shield Certifications can be viewed at https://www.privacyshield.gov/list. The The Implementing Decision (EU) 2016/1250 of the EU Commission of 12 July 2016 recognizes the level of protection of the EU-US Privacy Shield as equivalent to the Union’s level of protection.3 We will provide you with a copy upon request.
7. Duration of Storage
WWe process and store your personal data in as far as necessary for the duration of our business relationship, which includes, for example, the initiation and execution of a contract and the regular limitation period of three years to defend against or assert legal claims. In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (HGB) or the Tax Code (AO). The retention periods specified therein are six to ten years. During this time, the processing of the data is limited. The retention obligation begins at the end of the calendar year in which the offer was made or the contract was fulfilled. For example, commercial or tax-relevant accounting documents are kept for ten years and contract and tax-relevant documents for at least six years. In legal matters supervised by lawyers, the related data are stored for at least six years; for enforcement titles, the retention period can be up to thirty years due to the statute of limitations. Applicant data will be retained for six months in the event of recruitment or rejection, unless you have explicitly given us your consent to store your data for a longer period. At the end of this period, the data will be anonymised in order to be available for later statistical evaluations. IP addresses are usually temporarily stored for connection, if we also use them for website optimization or for advertising purposes, they are immediately anonymized and processed only anonymously. The duration of used cookies is limited to 14 months.
8. Rights
You have the right
- pursuant to Art. 15 GDPR to request information about your personal data processed by us;
- pursuant to Art. 16 GDPR to demand the rectification of inaccurate or the completion of incomplete personal data stored by us;
- pursuant to Art. 17 GDPR to demand the deletion of your personal data stored by us;
- pursuant to Art. 18 GDPR to obtain the restriction of the processing of your personal data
- pursuant to Art. 20 GDPR to receive your personal data, you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller;
- pursuant to Art. 21 (i), under certain conditions, to object to the processing of your personal data based on Art. 6 Sec. 1 lit. e GDPR (in the public interest) or pursuant to Art. 6 Sec. 1 lit. f GDPR (for safeguarding a legitimate interest), or (ii) to object to the processing for direct marketing purposes;
- pursuant to Art. 7 Sec. 3 GDPR to withdraw a consent once given to us at any time. This also applies to the withdrawals of consents that were given to us prior to the entry into force of the General Data Protection Regulation, ie before 25 May 2018. As a result, we will not be allowed to continue the processing based on this consent for the future without affecting the legality of the processing carried out on the basis of the consent until the withdrawal;
- pursuant to Art. 77 GDPR lodge a complaint with a supervisory authority.
For asserting the statutory data subject rights and for all other questions about data processing, please write to the address of Brainlab AG listed below or send an e-mail to legal@brainlab.com. The exercise of your above rights is free of charge for you. For US Residents: You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications
9. Contact details of the controller and the data protection officer
Controller |
Legal representatives |
Data protection officer |
Brainlab AG
Olof-Palme-Straße 9
81829 Munich |
Chairman of the supervisory board: Dietrich von Buttlar
Board of Directors Stefan Vilsmeier (CEO) Rainer Birkenbach Jan Merker |
Daniela Herdes
c/o intersoft consulting services AG
Beim Strohhause 17 20097 Hamburg
www.intersoft-consulting.de |
10. Changes to the privacy policy
We reserve the right to change or amend this Privacy Policy at any time in accordance with applicable data protection laws. For inquiries, please contact legal@brainlab.com.
Additional Policies for US Residents:
Governing Law
If you are a resident of the United States, any dispute between you and Brainlab arising out of or relating to this Privacy Policy, the website or its content shall be governed by, and will be construed in accordance with, the laws of the United States of America, without regard to choice of law principles. You irrevocably agree that the courts located in or for the State of Illinois, Cook County, are the sole and exclusive forum and venue for any dispute, as the most convenient and appropriate to address any disputes, and you agree to submit to the jurisdiction and venue of such courts.
Use and Transfer of Non-Personally Identifiable Information
“Non-Personally Identifiable Information” refers to data stored anonymously in a protocol file, collected by cookies or similar technology, as well as information collected by Google Analytics, AdWords and Brainlab’s display networks, and any other information that does not personally identify the individual to whom the information relates, such as information that is aggregated by Brainlab or a third party, or information that is not linked to personally identifiable information of an individual. In addition to the uses discussed above, Brainlab may use and share non-Personally Identifiable Information in a variety of ways so long as Brainlab uses such information in its de-identified form. These uses may include, without limitation, uses for website administration; analysis of website trends and how the site is used; improving navigation of the site; analysis of the performance of the website and diagnosis of problems; improving the services we offer; analysis and developing advertisements and advertising campaigns; analysis of website user demographics, interests and preferences. Brainlab also may use your non-Personally Identifiable Information to present you with targeted content and advertisements (including on third party websites and apps) based on your past visits to the website and your non-Personally Identifiable Information collected over time by us and third parties, optimize and determine the effectiveness of content and advertisements, analyse your interactions with content and advertisements, and how those interactions relate to your visits to the website. Some of our third party partners may participate in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioural Advertising and allow consumers the ability to opt-out of targeted advertising based on web activity tracking. For more information regarding the foregoing, please Click here or visit http://www.aboutads.info/choices/. Please note that even if our third party partners participate in this program and you opt-out of targeted advertising based on web activity tracking, you still may receive standard advertisements from us and targeted advertisements from third parties. You may need to re-click the link and follow the instructions provided therein if you delete cookies or similar technology or use a different computer, device or browser.
Children
Brainlab will not knowingly collect, use or disclose any information submitted by children under the age of majority in the jurisdiction where they reside. Parents are encouraged to educate their children about their use of the Internet, and particularly about security issues regarding the disclosure of personally identifiable information to websites.
Links
You may have the opportunity to follow links on the website to other sites that may be of interest to you. Neither Brainlab nor its affiliates are responsible for the privacy practices of any other sites or the content provided thereon. Therefore, the privacy policies with respect to other sites may differ from those applicable to the website. We encourage you to review the privacy policies of each other site.
No Medical Advice
Brainlab is not a healthcare institution or medical facility and neither Brainlab nor the website provides any medical advice. You are solely responsible for all medical decisions, including any diagnosis, use of medical professionals, treatment or treatment plan, made by you as the result of the use of the website or any communications with Brainlab, regardless of any referral or suggestion made by Brainlab.
Changes to this Privacy Policy
Any revisions to this Privacy Policy will be effective immediately upon posting. Any material changes in the manner that we use personally identifiable information will apply only to information collected thereafter, unless we provide notice or have other communications with you. Each time you access, use, or browse the website, provide information to Brainlab online, or click on Brainlab’s digital advertisements on third party websites or applications, you signify your acceptance of the then-current Privacy Policy. If you do not accept this Privacy Policy, you are not authorized to access, use or browse the website, to provide information to Brainlab, or to click on Brainlab’s digital advertisements on third party websites or applications.