Privacy Policy

Thank you for visiting our websites. Below you will find information about how we handle your data, in accordance with Art. 13 of the General Data Protection Regulation (GDPR).


Data controller

The data controller for the data processing described below is OD-OS GmbH.

Address: Warthestraße 21, 14513 Teltow, Germany
Telephone number: 03328 31282100
Email address:  info@od-os.com


Usage data

When you visit our websites, so-called usage data are stored temporarily on our web server as a log for statistical purposes, in order to improve the quality of our websites. This data set consists of

  • the page from which the file was requested
  • the name of the file
  • the date and time of the request
  • the data volume transferred
  • the access status (file transferred, file not found)
  • a description of the type of web browser used
  • the IP address of the requesting computer, truncated in such a way that no connection can be made with an individual.

The specified log data are stored in anonymized form.


Cookies

We use cookies on our website. Cookies are small text files that are saved on your end device and read from there. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies which are stored beyond the individual session. Cookies may contain data that make it possible to recognize the device being used. In part, however, cookies also simply store information about specific settings that cannot be associated with an individual.

We use session cookies and permanent cookies on our websites. Processing is carried out on the basis of Art. 6(1) point (f) GDPR and in the interests of optimizing and facilitating user navigation, adapting the appearance of our website andoptimizing loading times.

You can set your browser in such a way that it informs you when you accept a cookie. This makes your use of cookies transparent. You can also delete cookies at any time and reject any new cookies by changing your browser settings as appropriate. Please note, however, that in this case our websites may not  appear at its best, and some of the functions may no longer be available for technical reasons.


Google Analytics

In order to design our websites appropriately, we create pseudonymous user profiles with the aid of Google Analytics. Google Analytics is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 and uses cookies that are stored on your end device and can be read by us. In this way we are able to recognize returning visitors and count them as such. Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1) point (f) GDPR. The purpose of data processing is our interest in learning how frequently the website is accessed by different users. That purpose also constitutes our legitimate interest.

The information about your use of this website is usually transmitted to a Google server in the USA and stored there. As we have activated IP anonymization on our website, however, your IP address will first be truncated by Google if you are in a Member State of the European Union. Only in exceptional cases will the full IP address by transmitted to a Google server in the USA (an appropriate level of data protection is in place, pursuant to Art. 45 (1) GDPR, through Google’s participation in the Privacy Shield) and only then truncated.

We have also concluded a commissioned data processing agreement pursuant to Art. 28 GDPR with Google Ireland Limited. Under this agreement, Google will use all information strictly in accordance with the purpose of analyzing the use of our website and compiling reports about the website activities.

You may object to this processing at any time. Please use one of the following options for this:

You can prevent storage of cookies by adjusting the corresponding settings of your browser software; please note, however, that you may not then be able to use all of the functions of this website to their full extent.

You can also prevent recording of the data generated by the cookie relating to the use of the website (including your IP address) by Google and processing of that data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).


LinkedIn Analytics, LinkedIn Ads and LinkedIn Insight

Our websites support “LinkedIn Analytics” from LinkedIn. Through LinkedIn Analytics, we process information about your user behavior on our websites in order to facilitate analysis of website usage. We also use LinkedIn Analytics for marketing and optimization purposes.

Whenever our websites are accessed, a connection is established to LinkedIn servers. In this way LinkedIn is notified that you have visited our websites with your IP address. If you click on the LinkedIn button on our website while you are logged in to your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account.

We use the website conversion tracking technology (LinkedIn Insight) and the retargeting function (LinkedIn Ads) provided by LinkedIn.

By means of this technology, visitors to our websites can be shown personalized advertising on LinkedIn. There is also an option to create anonymous reports on the performance of advertising and information about website interaction. The LinkedIn Insight tag is integrated into our websites for this purpose and establishes a connection to the LinkedIn server, provided that you are visiting this website while you are logged in to your LinkedIn account. The LinkedIn Insight tag allows collection of data about the visits to our websites, including the URL, referrer URL, IP address, device and browser characteristics, time stamp and pages viewed. These data are encrypted, anonymized within seven days and the anonymized data are deleted within 90 days.

Data processing is carried out on the basis of Art. 6(1) point (f) GDPR. Our legitimate interest lies in achieving the purpose already specified and in optimizing the marketing of our services.

The information about your use of our websites generated by the cookie is usually transmitted to a LinkedIn server in the USA and stored there. An appropriate level of data protection is in place, pursuant to Art. 45(1) GDPR, through LinkedIn’s participation in the Privacy Shield.

You can find further information about LinkedIn’s privacy policy at: www.linkedin.com/legal/privacy-policy.

You can object to data processing by LinkedIn Analytics by means of an opt out here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences.

You can find further information about usage-based online advertising and the individual providers on the website www.youronlinechoices.com/de. Here you have the opportunity to object to usage-based online advertising from individual providers or from all of them.

If you access LinkedIn via a link on the OD-OS websites while you are logged in to your LinkedIn account, it is possible for LinkedIn to associate your visit to the OD-OS websites with your user account. We wish to point out that, as the provider of the site, we have no knowledge of the content of the transmitted data or of its use by LinkedIn.


Embedded YouTube videos and YouTube link

We embed YouTube videos on some of the sub-pages of our website. Accessing these sub-pages loads the content from YouTube. Within this context, YouTube will also receive your IP address, which is required for technical reasons to access the content. We do not have any influence whatsoever over subsequent data processing by YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4.

If you visit YouTube via a link on the OD-OS websites while you are logged in to your YouTube account, you can link your user behavior directly with your personal profile on YouTube. You can prevent this by logging out of your YouTube account.


Google reCaptcha

We use the Google reCaptcha service to establish whether a specific input on our contact form has been made by a person or a computer. Google checks by means of the following data whether you are a person or a computer: IP address of the end device used, the page of our website that you are visiting and into which reCaptcha is integrated, the date and duration of your visit, the recognition data for the browser and operating system used, your Google account if you are logged into Google, the mouse movements over the reCaptcha areas in which you have to identify images. The legal basis for the data processing described is Art. 6(1) point (f) of the General Data Protection Regulation (evaluation of interests based on our interest in ensuring the security of our websites).


Job applications

You have the option to send your job application documents to us by email or post. Your application documents will be accepted by the relevant office and will be forwarded only to the department responsible for that office or to the persons appointed to process them. We use your application data to complete the application process. We delete your application documents at the latest six months from conclusion of the application process. The legal basis for processing the data is Section 26(1) sentence 1 of the German Federal Data Protection Act.


Newsletters

On our websites we offer you the option to subscribe to our newsletter. If you have given us your specific consent to provide you with information by email about learning materials, user reports, product and event news relating to Navilas®, the navigated retina laser, and associated information from the field of ophthalmology, the related data processing takes place on the basis of Art. 6(1) sentence 1 point (a) GDPR (consent).

In addition to your email address, we require your company name and country, as our newsletter is aimed exclusively at a specialist audience and maybe distributed in a version adapted to your specific country and in the relevant language. You can also provide us with your first name and surname as an option. We use this information to address you directly.

We want to send newsletters to you that are based on your individual interests. For this purpose, we analyze your data and try to select the services and promotions that match your interests exactly in designing the newsletter. With the aid of our processor Constant Contact, we are able to analyze our newsletter campaigns. When you open an email sent by Constant Contact, a file contained in the email (a so-called web beacon) connects with Constant Contact servers in the USA. In this way, it is possible to determine whether a newsletter message has been opened and which links in it you click on. Technical information (e.g. time of access, IP address, browser type and operating system) is also recorded. The results of these analyses can be used to adapt future newsletters more closely to recipients’ interests. The legal basis for the data processing described is your consent pursuant to Art. 6(1) sentence 1 point (a) GDPR. Constant Contact is certified under the “EU-US-Privacy-Shield”.

You may withdraw your consent at any time without affecting the lawfulness of the data processing up to that point. If your consent is withdrawn, we shall cease the corresponding data processing.

If you no longer wish to receive newsletters in future, you can cancel your subscription at any time e.g. by sending an email to marketing@od-os.com or by clicking on the link to cancel the newsletter which you will find in every newsletter email.


Data processing of potential customers

We are pleased to have sparked your interest. We process the personal data that you provide to us. These are usually your surname, first name, contact and address details, job description, name of the practice or hospitalin which you work. The purposes of the data processing are to make contact and to manage the data of potential customers. The legal basis for the data processing is Art. 6(1) point (b) GDPR (taking steps prior to entering into a contract) and Art. 6(1) point (f) GDPR. Our legitimate interest lies in making contact with potential customers. We delete your data as soon as your interest in making a purchase no longer exists or is no longer evident. In individual cases, it may be useful to pass your contact details on to our OD-OS partners so that they can contact you. We request your consent for this, but you can withdraw it at any time, with effect from that point forward. The legal basis for the data transfer is your consent pursuant to Art. 6(1) point (a) GDPR.


Webinar data management

You can register to attend our webinars. For registration we require your first name and surname, your email address, your country and your organization. We use your name and email address to send the links, for communication and to address you in person. Details of your organization or company are required as the webinars are intended only for a specialist audience. We collect details about the country in which you are located, e.g. to obtain the country-specific dialing code and to adapt the webinars to your language. You can specify your city if you wish to do so. We may need this information to distinguish your organization or company from another with the same name. During the webinar, you can send us questions and comments, which we will then process. The legal basis for this is Art. 6(1) point (f) GDPR. We have a legitimate interest in making contact with webinar participants and in answering any questions posed and sending out information. We pass your questions and data on to OD-OS partners as appropriate, if those partners can deal with them more effectively in your country or language. We request your consent for this, but you can withdraw it at any time, with effect from that point forward. The legal basis for the data transfer is your consent pursuant to Art. 6(1) point (a) GDPR. We delete your data as soon as your interest in making a purchase no longer exists or is no longer evident.


Contact

You have the option to make contact with us by electronic mail, on the telephone or via our contact form if you have a question about navigated laser therapy, want to organize a demonstration on site or require a copy of the free Navilas® brochure (aimed at specialists). We need your email address and your message to be able to answer your inquiry. We use your title, your first name and surname and your company (optional) to address you personally and to ensure that you are part of our specialist audience. We use the information about your country to send you information adapted to your country and in your local language, and to arrange on-site demonstrations as appropriate. The data about you is processed only to reply to your inquiry. The legal basis for the data processing is Art. 6(1) point (b) GDPR (taking steps prior to entering into a contract) and Art. 6(1) point (f) GDPR. We have a legitimate interest in making contact with the users of our website, in answering any questions posed and in sending out information. We usually delete your inquiry as soon as it has been answered and provided that its erasure does not contravene any statutory retention periods, or as soon as your interest in making a purchase no longer exists or is no longer evident. If your inquiry relates to the area of activity of OD-OS Inc. or the OD-OS partners, we will be happy to pass your inquiry on to the relevant recipient. We require your consent for this, but you can withdraw it at any time, with effect from that point forward.


Commissioned data processors

We transfer your data in the context of commissioned data processing pursuant to Art. 28 GDPR to service providers who support us in operating our website and the associated processes. Our service providers are strictly bound by our instructions and are under corresponding contractual obligations.

In some cases, we also transfer personal data to third countries outside the EU in this context. In doing so, we always ensure that there is an appropriate level of data protection:

in the case of Google Analytics (USA) and our email marketing service provider Constant Contact Inc. (USA), an appropriate level of data protection is provided by their respective participation in the Privacy Shield agreement (Art. 45(1) GDPR).


Data security

We take technical and organizational steps to protect your data as fully as possible against unauthorized access. We use an encryption process on our pages. Your details are transmitted from your computer to our server and vice versa over the internet using TLS encryption. You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line begins with .


Your rights as a user

When your personal data is processed, the GDPR gives you certain rights as the user of a website:

1.    Right to information (Art. 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; and, where that is the case, you have the right to information about those personal data and to the information listed specifically in Art. 15 GDPR.

2.    Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to demand immediate rectification of incorrect personal data about you and, where appropriate, completion of incomplete personal data.

You have the right to demand that personal data about you are erased immediately if one of the grounds listed specifically in Art. 17 GDPR applies, e.g. if data are no longer required for the stated purpose.

3.    Right to restriction of processing (Art. 18 GDPR):

You have the right to demand restriction of processing if one of the conditions specified in Art. 18 GDPR is met, e.g. if you have objected to processing in accordance with Art. 21 GDPR or for the duration of any period in which the precedence of our legitimate interests over your interests as the data subject is being verified.

4.    Right to data portability (Art. 20 GDPR):

In certain cases that are listed specifically in Art. 20 GDPR, you have the right to receive personal data about you in a structured, commonly used and machine readable format or to demand transmission of those data to a third party.

5.) Right to withdraw consent (Art. 7(3) GDPR):

If you have given us your consent, you may withdraw it at any time. In withdrawing your consent, the lawfulness of the processing carried out up to the point of withdrawal is not affected.

5.    Right to object (Art. 21 GDPR):

If data are collected on the basis of Art. 6(1) sentence 1 point (f) GDPR (data processing to protect legitimate interests), you have the right to object to processing at any time for reasons resulting from your particular situation. We will then no longer process the personal data unless there are demonstrable, compelling, legitimate reasons for processing that override your interests, rights and freedoms, or if the purpose of processing is to assert, exercise or defend against legal claims.

6.    Right to lodge a complaint with a supervisory body

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory body if you believe that processing of the data about you breaches the provisions of data protection law. The right to lodge a complaint may be exercised, in particular, with a supervisory authority in the Member State of your place of residence, place of work or the location of the alleged breach.


Contact details of the Data Protection Officer

Our Data Protection Officer will be happy to provide you with information and suggestions on the topic of data protection:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Germany

Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de

For Customers Navilas® Academy

Do you have questions?

Contact the Navilas® team