DATA PRIVACY STATEMENT

DATA PRIVACY STATEMENT

  1. Home
  2. »
  3. DATA PRIVACY STATEMENT

With this privacy statement, we would like to inform you in detail about the processing of your personal data, which may be incurred through your visit or use of our website.

The processing of personal data is carried out in accordance with the provisions of the European and German law.

Responsible according to the EU General Data Protection Regulation and other national data protection regulations:

 

SICAT GmbH & Co. KG

Friesdorfer Straße 131-135

53175 Bonn

 

If you have any questions regarding data protection, please contact the company data protection officer of SICAT GmbH & Co. KG at [email protected]

Server-Logfiles

When you visit our website, your browser may automatically forward personal data to us.

  • Used browser type/version
  • Used operating system
  • IP address
  • Website from which you visit us
  • Name of the accessed page
  • Date and time of access
  • Transfered data volume
  • Requesting Provider

SICAT processes these data according to Art. 6 Para. 1 lit.f and Art. 32 GDPR to guarantee a trouble-free website operation, to defend against dangers in case of attacks on our systems and to improve our services for you.

These data are stored by SICAT for a period of 3 months. In case of attacks on our systems, the relevant data are forwarded to the law enforcement authorities.

Our website and our customer portal are hosted in external, certified data centers located in Germany.

Cookies

To optimize our web presence, we use cookies. These are small text files that are stored in the memory of your computer, helping us to optimize our web presence for you.

We use essential cookies based on our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.

You may prevent the use of cookies by selecting the “block cookies” browser setting in your browser. However, we would like to point out that blocking cookies may result in functional limitations in regard to our Internet offering.

Web analysis

The website uses the web analysis service Matomo to analyze the use and improvement of our website. When using Matomo, the IP address is anonymized before storage, so that the evaluations generated with Matomo cannot be used to identify individual persons. No tracking cookies are set on your computer as part of the website analysis. Matomo is hosted on the servers of SICAT.

You have the option to object to the use of Matomo by mouse click. To do this, please remove the checkmark in the checkbox. In this case, Matomo will place a so-called opt-out cookie on your computer. Please note that if you delete all cookies in your browser, you may have to uncheck the checkbox again.

You can revoke the opt-out at any time via the checkbox.

Cloudflare

SICAT uses services provided by Cloudflare. The provider is Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare operates a globally distributed content delivery network (CDN) with domain name service (DNS) and provides protection functions for online services (for example web application firewall). The data transfer between your browser and our servers are routed through Cloudflare’s infrastructure and is analyzed there to prevent attacks. Cloudflare may store cookies, to enable you to access our online services. The use of Cloudflare happens in the interest of a safe use of our online services, the defense against harmful attacks and technically flawless operation. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information, please see the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

Newsletter

On our website, we offer you the opportunity to subscribe to a free newsletter.

When registering for the personalized newsletter, the data entered in the input mask (e-mail address, name and possibly the optionally entered office name and address) are transferred to us and stored to regularly inform you in person about our products, product improvements and services.

You do not need to enter your personal data if you are already registered and logged in to our portal page. There you can easily and conveniently subscribe to our newsletter via checkbox.

The newsletter is sent by Sendinblue. For this purpose, we transfer the collected data to Sendinblue which is located in Germany. An order processing contract exists. Any personal data provided by you is only used for sending the newsletter. Your data is not transferred to third parties.

For processing the data, your consent is obtained during registration according to Art 6 Para. 1 lit. a GDPR and it is referred to this data privacy statement.

Withdrawal of consent

If you no longer want to receive the newsletter, you have the opportunity to withdraw your consent at any time with effect for the future. Use the unsubscribe link provided in the newsletter or send an e-mail to [email protected].

Our newsletter contains so-called tracking pixels which help us to recognize if and when a newsletter was opened and which links in the e-mail have been followed by the personalized recipient. This additional information is processed by us according to Art. 6 Para. 1 lit. f GDPR in order to align our newsletter optimally with your wishes and interests.

When you sign up for the newsletter through our website, we have to verify your data. For this purpose, we send a short confirmation e-mail to the e-mail address specified by you.

This does not apply if you register for the newsletter via our portal page, as here the verification of your e-mail address has already taken place upon registration.

The data for processing the newsletter are deleted as soon as they are no longer required for achieving the purpose for collection or you have withdrawn your consent to receive the newsletter. For the possible defense of claims, the data will be kept stored until the expiration of the legal storage period.

Contact form

You may use the contact form on our website to contact us.

Using the input mask, you enter your data (name, e-mail address, possibly company or office name, address) and your request which are transferred to us by e-mail and processed by SICAT according to Art. 6 Para.1 lit. b GDPR.

The transfer of your data to our website takes place according to the current state of the art via an encrypted, secure connection.

At the time of sending the message, the IP address of the requesting computer as well as the date and time are also recorded according to Art. 6 Para 1 lit. f and Art. 32 GDPR. We require these data in order to prevent or restrict misuse of the contact form and to ensure the security of our IT systems.

To ensure that the data entry in the contact forms is not made by automated programs, we use the captcha service Friendly Captcha for transmission confirmation. The provider is Friendly Captcha GmbH, based in Germany.

This is done to protect against abusive automated spying and spam based on Art. 6 para. 1 lit. f GDPR.

E-mail contact

In addition to the contact form, it is possible to contact us by using the e-mail addresses posted on the website.

Use the [email protected] e-mail address to send general inquiries by e-mail.

We store your personal data (e-mail address, if applicable, your name and content data) to answer your request according to Art. 6 Para. 1 lit. b GDPR. The retention periods are based on the requirements of commercial law or medical device law.

Use the [email protected] e-mail address to send us your application for the vacancies posted in the Career area on the website.

The data provided by you (e-mail address, name, contact details, content data, application data, certificates etc.) are processed for the purpose of establishing or initiating an employment relationship in accordance with Art. 88 GDPR or § 26 Federal Data Protection Act (new). Your data will be stored for 6 months after completing the application process.

The retention period is extended by the applicant’s giving his or her consent for admission to an applicant pool. The consent is given in writing according to Art. 6, Para. 1 lit. a GDPR and can be withdrawn at any time using the above-mentioned e-mail address. Data in the so-called applicant pool is deleted after 2 years if no employment contract has resulted from the application.

All incoming e-mails are checked for spam and viruses in accordance with Art. 6 Para. 1 lit. f and Art. 32 GDPR.

Webshop/Portal

When you visit our webshop, you will be redirected to our SICAT portal for registration.

For the use of the SICAT portal, we offer you the opportunity to enter your personal data (name, e-mail address, company or practice name, position or status, address, contact details) for registration.

The processing of your data takes place to fulfill a contract or to carry out pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR. In your user account or in the address book, you will have an overview of the data you entered. You also have the opportunity to manage or change your data. To optimize the portal, we use cookies, which are technically necessary for the operation and their essential functions.

If you place an order using the Webshop, the digital order process or the File Uploader, we process the personal data that you entered or transferred during registration for order handling, for sending an electronic order confirmation, for shipment of the goods including a delivery note and invoice. We share your shipping information with logistics service providers for delivery.

Using the Digital Ordering Process from our software, the customer who is signed-in and registered the Portal transfers his or her order for a patient-specific SICAT surgical guide or therapeutic appliance.

In order to provide a comfortable order process, SICAT regularly checks the server connection to be able to refer to the offline order process if necessary. This online check is carried out according to Art. 6 Para. 1 lit.f GDPR.

The File Upload provides the customer with the opportunity to transfer orders for patient-specific surgical guides. The legal basis for the order processing is Art. 6 Para. 1 lit. b GDPR, the retention periods are based on medical device law.

Using the Order Transparency, customers who have registered for the Portal and are signed-in get access to current cases concerning the customer which have been uploaded to our systems, complemented by the corresponding processing status. In addition, the associated accompanying documents and certificates are accessible.

In the Order History, customers who have registered for the Portal and are signed-in get an overview of the orders that have been placed so far. Furthermore, information about the product ordered, the order date, the specified delivery or invoice address, the selected shipping method and the payment method is available.

In the License Management area, SICAT provides registered and signed-in customers with the opportunity to look up and manage the purchased licenses, also by using the app SICAT Connect. For this purpose, we store the activation key including the contract period of the current licenses for the SICAT applications according to Art. 6 Para. 1 lit. b GDPR.

The storage, processing and use of the transmitted data by SICAT is solely for the purpose of providing the services offered by SICAT Connect and for the use of product improvements. If personal data is processed in this process, it will be processed by SICAT in accordance with the provisions of German and European data protection laws.

The SICAT Connect software is a Windows application, and Microsoft may also collect information about your usage of the software and send it to Microsoft. Microsoft may use this information to provide and improve products and services.

To further improve the SICAT portal, we use the analysis tool Matomo.

If interested in a SICAT Smart Subscription, US customers can use the „Schedule Consultation“ button on the website to make an appointment directly with our US sales department. For this we use a tool from HubSpot Inc., a service provider based in Cambridge, MA, USA.

If the appointment tool is used by European customers, the collected data will be sent back to SICAT Germany. In this case, our European sales department will contact you.

For more information about HubSpot, please visit the following link:
https://legal.hubspot.com/privacy-policy

For managing Pick-Up orders, SICAT provides registered and signed-in customers with the opportunity to manage pick-up orders affiliated with surgical guides or therapeutic appliances for stone models and data carriers. For this purpose, we store the order size, the address and the pick-up date and forward these data to the shipping provider.

Manufacture of the therapeutic appliance, support and related services

In addition to the digital ordering process, it is still possible to use our classic ordering process.

For the unambiguous assignment of our products, we use the identification specified by the customer during the manufacturing process and in the associated communication.

As a manufacturer of medical devices, SICAT is required to comply with the associated necessary regulatory measures. For this purpose, we process data for quality assurance purposes and product improvements exclusively in pseudonymized or anonymized form.

Payment options

SICAT offers payment options via direct debit and credit card.

You will be directly forwarded to the website of the payment service Six Payment /Wordline. The data entered there will not be stored by SICAT.

Under certain circumstances, there is the possibility of payment by invoice or PayPal.

SICAT eCademy

For the use of SICAT eCademy we offer you the possibility to register by entering your personal data (name, e-mail address).

After successful registration, you will receive access to all freely available SICAT videos. You can access the SICAT tutorials in the protected member area that you activate with a code that you will receive when you purchase a SICAT Smart Subscription.

 

To optimize our SICAT eCademy, we use cookies that are technically necessary for its operation and essential functions.

To further improve the SICAT eCademy website, we use the analysis tool Matomo.

Questions or suggestions regarding our SICAT eCademy can be sent to us directly via the contact form.

Terror list screening

EU anti-terrorism regulations require that no customer, supplier, or service provider belongs to the group of terrorist suspects defined in centralized lists (terrorist lists). It is therefore necessary for SICAT to perform a data comparison with the terrorist lists prior to closing a business deal. The legal basis is Art. 6 Para. 1 lit. c GDPR.

Compliance with export prohibitions

If you provide a delivery address in other EU countries, we will check your customer data under the Foreign Trade Act to comply with export prohibitions and embargos and as proof of the VAT-exempt calculation to recipients in a non EU-country. In addition, we make customs declarations for your shipment to non-EU countries. The legal basis is Art. 6 Para. 1 lit. c GDPR.

Google Maps

SICAT GmbH & Co. KG uses the Google Maps API to depict the company location and to allow you to plan your route to us. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

 

For more information about Google and Google’s privacy policy, please see the following link: https://www.google.com/intl/de/policies/privacy/

Use of automated decision-making including profiling (Art. 22 GDPR)

As a matter of principle, SICAT does not use fully automated decision-making. If this procedure is used in individual cases, you will be informed separately if this is required by law.

Rights of the persons concerned

When processing your personal data as defined by the GDPR through SICAT GmbH, you as the person concerned have comprehensive rights towards SICAT GmbH as responsible authority.

  • Right to information (Art. 15 GDPR)
    Upon your request, SICAT will inform you if and how personal data that concerns you is processed by us. If data is being processed, you may request additional information from SICAT, in particular, relating to the following points:

    • Purpose for which your personal data is being processed
    • Categories of personal data that are being processed
    • Receiver and categories of receivers respectively towards which your personal data is disclosed, including receivers in third party countries or international organizations.
    • Duration of the storage of your personal data and naming of criteria for the definition of the storage period respectively, if no specific statement is possible.
  • Right to rectification (Art. 16 GDPR), Right to erasure (Art. 17 GDPR), Right to restriction of processing (Art. 18 GDPR)
    You have the right to have your data corrected, deleted or suspended. The data will be suspended and restricted for processing respectively if a legal requirement prevents deletion.
  • Right to object (Art. 21 GDPR)
    If your personal data are processed based on legitimate interests according to Art .6 Para. 1 lit. f GDPR, you have the right, according to Art. 21 GDPR, to object the processing of your personal data if there are reasons arising from your particular situation. Please send a short message to [email protected] or [email protected].
  • Right to data portability (Art. 20 GDPR)
    You have the right to request the transfer of the personal data made available to us from us to another location.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
    You have the right to lodge a complaint with a supervisory authority if you believe that the processing of the personal data concerning you has violated current data protection regulations.

Right to withdraw your data privacy declaration

You have the right to withdraw your data privacy declaration at any time with effect for the future. Data collected until the withdrawal takes full legal effect remain unaffected by this. Please send a short message to [email protected] or [email protected].

Revision: 2023-09-18

Last Update: 2023-09-19

X