Privacy Policy

Thank you for visiting our websites. Below you will find information about how we handle your data, in accordance with Art. 12-14 of the General Data Protection Regulation (GDPR).


Data controller

The data controller for the data processing described below is OD-OS GmbH.

Address: Warthestraße 21, 14513 Teltow, Germany
Telephone number: 03328 31282100
Email address:  info@od-os.com


Usage data

When you visit our websites, so-called usage data are stored temporarily on our web servers as a log for statistical purposes, in order to improve the quality of our websites. This data set consists of

  • the page from which the file was requested
  • the name of the file
  • the date and time of the request
  • the data volume transferred
  • the access status (file transferred, file not found)
  • a description of the type of web browser used
  • the IP address of the requesting computer, truncated in such a way that no connection can be made with an individual.

The specified log data are stored in anonymized form.


Cookies

We use cookies on our websites. Cookies are small text files that are saved on your end device and read from there. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies which are stored beyond the individual session. Cookies may contain data that make it possible to recognize the device being used. In part, however, cookies also simply store information about specific settings that cannot be associated with an individual.

We use session cookies and permanent cookies on our websites. Some cookies are strictly necessary so that we can make our websites available to users. In these cases, processing is carried out on the basis of Art. 6(1) sentence 1 point f) GDPR, § 25 (2) (2) TTDSG (Telecommunications Telemedia Data Protection Act). If the use of cookies is not absolutely necessary, cookies will only be used if you have given us your consent, in accordance with Article 6(1) sentence 1 point a) GDPR, § 25 (1) TTDSG.  .

You can set your browser in such a way that it informs you when you accept a cookie. This makes your use of cookies transparent. You can also delete cookies at any time and reject any new cookies by changing your browser settings as appropriate. Please note, however, that in this case our websites may not appear at its best, and some of the functions may no longer be available for technical reasons.


Usercentrics Consent Management Platform

Our websites use the Consent Management Platform of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, to obtain the consent of our website users to activate website tracking technologies and the associated data processing. Usercentrics uses JavaScript to collect log file and consent data.

The data processing takes place for the purpose of complying with legal obligations and for storing the preferences of the users, including the consent and is based on Article 6(1) sentence 1 point c) GDPR.

The following data is collected through the use of the services:

• Device information

• Browser information

• Anonymized IP address

• Opt-in and opt-out dates

• Date and time of the visit

• Request URLs of the website

• Page path of the website

• Geographical location

The place of processing is the European Union (consent database is located in Belgium).

The consent data (consent and revocation of consent) are stored for three years. The data will then be deleted immediately or, on request, passed on to the responsible person in the form of a data export.

If you object to data processing, you can prevent JavaScript from being executed by making the appropriate settings in your browser. Please note that in this case the service cannot be executed either.

We have concluded a data processing agreement with Usercentrics in accordance with Art. 28 GDPR. Further information on the processing of your data can be found in the Usercentrics data protection declaration at: usercentrics.com/privacy-policy/


Google Analytics

We use the web analysis tool "Google Analytics" to design our websites according to your needs. Google Analytics creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and accessed out by us.  In this way we are able to recognize and measure returning visitors.

The Google Analytics tool is provided by Google Ireland Limited and Google LLC. (USA) („Google“) who support us as data processors according to Art. 28 GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Google LLC (USA), no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal.

Please take this into account if you decide to give your consent to our use of Google Analytics. We have also concluded standard contractual clauses with Google in accordance with Article 46 (2) (c) GDPR.

The legal basis for this data processing is your consent if you have given your consent via our consent banner according to Art. 6(1) sentence 1 point a), § 25 (1) TTDSG. 

You can withdraw your consent at any time. Please click on cookie settings and make the appropriate settings via our cookie banner.


LinkedIn Analytics, LinkedIn Ads and LinkedIn Insight

Our websites support “LinkedIn Analytics” from LinkedIn. Through LinkedIn Analytics, we process information about your user behavior on our websites in order to facilitate analysis of website usage. We also use LinkedIn Analytics for marketing and optimization purposes.

Whenever our websites are accessed, a connection is established to LinkedIn servers. In this way LinkedIn is notified that you have visited our websites with your IP address. If you click on the LinkedIn button on our websites while you are logged in to your LinkedIn account, LinkedIn is able to associate your visit to our websites with you and your user account.

We use the website conversion tracking technology (LinkedIn Insight) and the retargeting function (LinkedIn Ads) provided by LinkedIn.

By means of this technology, visitors to our websites can be shown personalized advertising on LinkedIn. There is also an option to create anonymous reports on the performance of advertising and information about website interaction. The LinkedIn Insight tag is integrated into our websites for this purpose and establishes a connection to the LinkedIn server, provided that you are visiting this website while you are logged in to your LinkedIn account. The LinkedIn Insight tag allows collection of data about the visits to our websites, including the URL, referrer URL, IP address, device and browser characteristics, time stamp and pages viewed. These data are encrypted, anonymized within seven days and the anonymized data are deleted within 90 days.

Data processing is carried out on the basis of Art. 6(1) sentence 1 point a) GDPR and § 25 (1) TTDSG.

The information about your use of our websites generated by the cookie is usually transmitted to a LinkedIn server in the USA and stored there. We conclude standard contractual clauses according to Art. 46(2) point c) GDPR with service providers in third countries. These provide suitable guarantees for the protection of your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details given above.

You can find further information about LinkedIn’s privacy policy at: www.linkedin.com/legal/privacy-policy.

You can object to data processing by LinkedIn Analytics by means of an opt out here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences.

You can find further information about usage-based online advertising and the individual providers on the website www.youronlinechoices.com/de. Here you have the opportunity to object to usage-based online advertising from individual providers or from all of them.

If you access LinkedIn via a link on the OD-OS websites while you are logged in to your LinkedIn account, it is possible for LinkedIn to associate your visit to the OD-OS websites with your user account. We wish to point out that, as the provider of the site, we have no knowledge of the content of the transmitted data or of its use by LinkedIn.


Embedded YouTube videos and YouTube link

We embed YouTube videos on some of the sub-pages of our websites. Accessing these sub-pages loads the content from YouTube. Within this context, YouTube will also receive your IP address, which is required for technical reasons to access the content. We do not have any influence whatsoever over subsequent data processing by YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4.

If you visit YouTube via a link on the OD-OS websites while you are logged in to your YouTube account, you can link your user behavior directly with your personal profile on YouTube. You can prevent this by logging out of your YouTube account.


Google reCaptcha

We use the Google reCaptcha service to establish whether a specific input on our contact form has been made by a person or a computer. Google checks by means of the following data whether you are a person or a computer: IP address of the end device used, the page of our websites that you are visiting and into which reCaptcha is integrated, the date and duration of your visit, the recognition data for the browser and operating system used, your Google account if you are logged into Google, the mouse movements over the reCaptcha areas in which you have to identify images. The legal basis for the data processing described is Art. 6 (1) point f) of the General Data Protection Regulation. We have an interest in ensuring the security of our websites.
 

Job applications

You have the option to send your job application documents to us by email or post. Your application documents will be accepted by the relevant office and will be forwarded only to the department responsible for that office or to the persons appointed to process them. We use your application data to complete the application process. We delete your application documents at the latest six months from conclusion of the application process. The legal basis for processing the data is §  26(1) sentence 1 of the German Federal Data Protection Act (BDSG). If you send us documents that are not required for the decision to establish an employment relationship (such as a photo of you), the legal basis for processing is your consent in accordance with §  26(2) BDSG.


Newsletters

On our websites we offer you the option to subscribe to our newsletter. If you have given us your specific consent to provide you with information by email about learning materials, user reports, product and event news relating to Navilas®, the navigated retina laser, and associated information from the field of ophthalmology, the related data processing takes place on the basis of Art. 6(1) sentence 1 point a) GDPR (consent).

In addition to your email address, we require your company name and country, as our newsletter is aimed exclusively at a specialist audience and maybe distributed in a version adapted to your specific country and in the relevant language. You can also provide us with your first name and surname as an option. We use this information to address you directly.

We want to send newsletters to you that are based on your individual interests. For this purpose, we analyze your data and try to select the services and promotions that match your interests exactly in designing the newsletter. With the aid of our data processor Constant Contact, we are able to analyze our newsletter campaigns. When you open an email sent by Constant Contact, a file contained in the email (a so-called web beacon) connects with Constant Contact servers in the USA. In this way, it is possible to determine whether a newsletter message has been opened and which links in it you click on. Technical information (e.g. time of access, IP address, browser type and operating system) is also recorded. The results of these analyses can be used to adapt future newsletters more closely to recipients’ interests. The legal basis for the data processing described is your consent pursuant to Art. 6 (1) sentence 1 point a) GDPR, § 25(1) TTDSG. We conclude the standard contractual clauses according to Art. 46(2) point c) GDPR with service providers in third countries. These provide suitable guarantees for the protection of your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details given above.

If you no longer wish to receive newsletters in future, you can cancel your subscription at any time e.g. by sending an email to marketing@od-os.com or by clicking on the link to cancel the newsletter which you will find in every newsletter email.

 

Live Chat System

We use a live chat system on our websites. The data that you provide to us in the context of the chat will be saved. This serves the purpose of support, effective and simple contact and answering the questions of our interested parties. This purpose also represents our legitimate interest. The data is processed in accordance with Article 6 (1) sentence 1 point f) GDPR (weighing of interests based on our interest in effectively contacting our interested parties).

Your data will be deleted as soon as they are no longer required and the deletion does not conflict with any statutory retention periods, but no later than after three months.


Online Appointments - Microsoft Bookings

On our websites, we use an online booking tool for virtual product demonstrations of the Navilas® Laser System. The data that you provide to us during the booking process will be saved.

For this purpose, we use the "Microsoft Bookings" service from Microsoft Corporation. The connection to the service is only established when you call up the online booking function via a button on our websites. The data you enter in the booking form will be transmitted to Microsoft. For more information on the processing of user data, see Microsoft's privacy policy.

The data you enter in the booking form will also be transmitted to OD-OS partners (see www.od-os.com/contact), as long as the request concerns the scope of business of these companies.

We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not want to use the service, please use another of the contact options offered to make an appointment.

The legal basis for data transmission, storage and processing is your consent (Art. 6(1) point a) GDPR).

Your data will be deleted as soon as it is no longer required to process your request and there are no statutory retention periods to prevent deletion.

 

Registration on OD-OS websites for the Navilas® Academy

You can register as a Navilas® user on OD-OS websites to use additional functions on the site (Navilas® Academy). With the Navilas® Academy you can benefit from our exclusive training videos on navigated laser treatment. We only use the data entered (job, city, country, title, first and last name, email address, user name and password of your choice) to check whether you are a Navilas® user and therefore qualify for our Navilas® Academy as well as for registration purposes. The mandatory information requested during registration must be given in full. Otherwise we will reject the registration. For important changes, such as the scope of the offer or for technically necessary changes, we use the email address provided during registration to inform you. The data entered during registration is processed on the basis of Art. 6(1) sentence 1 point b) GDPR). You can delete your account in the settings or send us a request for deletion by email. The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

 

Log in

If you want to access the restricted area and benefit from the advantages, you must first log in with your user name and password. If you have forgotten your password, you will have the opportunity to reset it and request a new one via your email address. We collect this data on the basis of Art. 6(1) point b) GDPR for verification purposes.
 


Data processing of potential customers

We are pleased to have sparked your interest. We process the personal data that you provide to us. These are usually your surname, first name, contact and address details, job description, name of the practice or hospital in which you work. The purposes of the data processing are to make contact and to manage the data of potential customers. The legal basis for the data processing is Art. 6(1) sentence 1 point b) GDPR (taking steps prior to entering into a contract) and Art. 6(1) sentence 1 point f) GDPR. Our legitimate interest lies in making contact with potential customers. We delete your data as soon as your interest in making a purchase no longer exists or is no longer evident. In individual cases, it may be useful to pass your contact details on to our OD-OS partners so that they can contact you. We request your consent for this. The legal basis for the data transfer is your consent pursuant to Art. 6 (1) sentence 1 point a) GDPR.


Webinar data management

You can register to attend our webinars. For registration we require your first name and surname, your email address, your country and your organization. We use your name and email address to send the links, for communication and to address you in person. Details of your organization or company are required as the webinars are intended only for a specialist audience. We collect details about the country in which you are located, e.g. to obtain the country-specific dialing code and to adapt the webinars to your language. You can specify your city if you wish to do so. We may need this information to distinguish your organization or company from another with the same name. During the webinar, you can send us questions and comments, which we will then process. We have a legitimate interest in making contact with webinar participants and in answering any questions posed and sending out information. We pass your questions and data on to OD-OS partners as appropriate, if those partners can deal with them more effectively in your country or language. The legal basis for this is Art. 6 (1) sentence 1 point b) and (f) GDPR. 


Contact

You have the option to make contact with us by electronic mail, on the telephone or via our contact form if you have a question about navigated laser therapy, want to organize a demonstration on site or require a copy of the free Navilas® brochure (aimed at specialists). We need your email address and your message to be able to answer your inquiry. We use your title, your first name and surname and your company (optional) to address you personally and to ensure that you are part of our specialist audience. We use the information about your country to send you information adapted to your country and in your local language, and to arrange on-site demonstrations as appropriate. The data about you is processed only to reply to your inquiry. The legal basis for the data processing is Art. 6(1) sentence 1 point b) GDPR (taking steps prior to entering into a contract) and Art. 6(1) sentence 1 point f) GDPR. We have a legitimate interest in making contact with the users of our website, in answering any questions posed and in sending out information. We usually delete your inquiry as soon as it has been answered and provided that its erasure does not contravene any statutory retention periods, or as soon as your interest in making a purchase no longer exists or is no longer evident. If your inquiry relates to the area of activity of OD-OS Inc. or the OD-OS partners, we will be happy to pass your inquiry on to the relevant recipient. We require your consent for this (Art. 6(1) sentence 1 point a) GDPR.


Business partner, supplier and prospect data

The implementation of our business relationships requires the processing of data from our contractual partners. Insofar as this data allows conclusions to be drawn about a natural person (e.g. contact person of a company, suppliers) this is personal data. We only process personal data that we receive from you as part of our business relationship. This includes your name, address, company affiliation and your contact details (telephone number, email address).

The processing of your personal data can arise on the one hand due to the implementation of pre-contractual measures that precede a contractually regulated business relationship or on the other hand in the fulfillment of the obligations from a contract concluded with you. This can include, for example, the processing of purchase orders, deliveries or payments or the preparation and answering of requests for quotations from individuals to establish the justification or conditions of a contractual relationship. The legal basis is Article 6(1) sentence 1 point b) of the GDPR.

We are also subject to legal obligations that may make it necessary to process your personal data. These legal obligations can result, for example, from tax law, commercial and foreign trade law or sanctions law. When processing the data for these purposes, the legal basis is Art. 6(1) sentence 1 point c) GDPR.

It may also be necessary for your personal data to be processed to safeguard legitimate interests (Art. 6(1) sentence 1 point f) GDPR). The legitimate interests are in particular the conclusion or implementation of contracts and other business relationships with our business partners, suppliers or interested parties for whom you may work as a representative or as an employee. Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting) or to ensure IT security and IT operations as well as to carry out compliance investigations, to guarantee building and plant security or to assert, exercise or defend of legal claims.

As part of our business relationship, you must provide the personal data that is necessary for the establishment, implementation and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or are entitled to collect on the basis of legitimate interests. Without this data, we will usually not be able to contact you and / or enter into a business relationship with you.

If you have made data available to us voluntarily, we will indicate this accordingly during the data collection.


Commissioned data processors

We transfer your data in the context of commissioned data processing pursuant to Art. 28 GDPR to service providers who support us in operating our websites and the associated processes. Our service providers are strictly bound by our instructions and are under corresponding contractual obligations.

In some cases, we also transfer personal data to third countries outside the EU in this context. In doing so, we always ensure that there is an appropriate level of data protection. We conclude the standard contractual clauses with service providers in third countries. These provide suitable guarantees for the protection of your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details given above.


Data security

We take technical and organizational steps to protect your data as fully as possible against unauthorized access. We use an encryption process on our pages. Your details are transmitted from your computer to our server and vice versa over the internet using TLS encryption. You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line begins with http://https://.


Your rights as a user

When your personal data is processed, the GDPR gives you certain rights as the user of a website:

1.    Right to information (Art. 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; and, where that is the case, you have the right to information about those personal data and to the information listed specifically in Art. 15 GDPR.

2.    Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to demand immediate rectification of incorrect personal data about you and, where appropriate, completion of incomplete personal data.

You have the right to demand that personal data about you are erased immediately if one of the grounds listed specifically in Art. 17 GDPR applies, e.g. if data are no longer required for the stated purpose.

3.    Right to restriction of processing (Art. 18 GDPR):

You have the right to demand restriction of processing if one of the conditions specified in Art. 18 GDPR is met, e.g. if you have objected to processing in accordance with Art. 21 GDPR or for the duration of any period in which the precedence of our legitimate interests over your interests as the data subject is being verified.

4.    Right to data portability (Art. 20 GDPR):

In certain cases that are listed specifically in Art. 20 GDPR, you have the right to receive personal data about you in a structured, commonly used and machine readable format or to demand transmission of those data to a third party.

5. Right to withdraw consent (Art. 7(3) GDPR):

If you have given us your consent, you may withdraw it at any time. In withdrawing your consent, the lawfulness of the processing carried out up to the point of withdrawal is not affected.

6.    Right to object (Art. 21 GDPR):

If data are collected on the basis of Art. 6(1) sentence 1 point f) GDPR (data processing to protect legitimate interests), you have the right to object to processing at any time for reasons resulting from your particular situation. We will then no longer process the personal data unless there are demonstrable, compelling, legitimate reasons for processing that override your interests, rights and freedoms, or if the purpose of processing is to assert, exercise or defend against legal claims.

7.    Right to lodge a complaint with a supervisory body

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory body if you believe that processing of the data about you breaches the provisions of data protection law. The right to lodge a complaint may be exercised, in particular, with a supervisory authority in the Member State of your place of residence, place of work or the location of the alleged breach.


Contact details of the Data Protection Officer

Our Data Protection Officer will be happy to provide you with information and suggestions on the topic of data protection:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Germany

Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de

 

Company
For Customers Navilas® Academy