Data Policy
Privacy Statement by BIOTRONIK SE & Co KG ("BIOTRONIK")
The privacy and protection of your personal data is a very important concern for BIOTRONIK. We would like to inform you which of your personal details are collected and used, the rights you have, as well as which configuration options this offers you. We process your data in compliance with applicable privacy laws, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
This Privacy Statement provides you with a summary of the main tasks for which we process your data.
Data controller and point of contact for data processing
The data controller in accordance with Article 4 para. 7 GDPR is
BIOTRONIK SE & Co. KG
Woermannkehre 1, 12359 Berlin
privacy@biotronik.com
If you have general questions about data privacy at BIOTRONIK, you can contact our Data Protection Officer. The Data Protection Officer can be reached at datenschutz@biotronik.com or via our mailing address with the addition
"der Datenschutzbeauftragte" (English: "Data Protection Officer").
Your rights
You can exercise the following rights at any time:
- To request information about categories of your processed data, purposes of the processing, possible recipients and envisaged period for which the personal data will be stored (Article 15 GDPR)
- To withdraw consent given at any time and with effect for the future (Article 7 para. 3 GDPR)
- To object to data processing which is performed based on a legitimate interest, on grounds relating to your particular situation (Article 21 GDPR)
- To request the rectification or completion of inaccurate or incomplete data (Article 16 GDPR)
- To request the erasure of data in certain cases – particularly in the case in which data are no longer needed for the intended purpose or are unlawfully processed, or you withdraw your consent in accordance with Article 7 para. 3 GDPR or have objected to data processing in accordance with Article 21 GDPR (Article 17 GDPR)
- To request the restriction of data processing under certain conditions, provided deletion is not possible or the deletion obligation is disputable (Article 18 GDPR)
- To receive the data you provided to us in a conventional machine-readable format and, if you wish, to request that such data be transmitted to third parties/controllers (right to data portability in accordance with Article 20 GDPR)
In addition, you have the right to file a complaint with the data protection supervisory authorities in accordance with Article 77 of the GDPR. The supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Phone: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
E-mail: mailbox@datenschutz-berlin.de
1. Data processing during use of the BIOTRONIK websites (www.biotronik.com, www.magmaris.com, www.orsiro.com, www.cortronik.com) as well as other subdomains such as manuals.biotronik.com, patients.biotronik.com, media.biotronik.com)
a. Browser data
If you visit the BIOTRONIK websites, we collect the data transmitted from your browser to our server. Depending on the browser used and its settings, these are usually the following data:
- IP address
- Date and time of the inquiry
- Information about the time zone your browser uses
- Address of the requested page (URL)
- The respectively transmitted amount of data
- Operating system
- Name, language and version of the browser software
- Manufacturer and type of the device on which the browser is used
We generally use these data only where this is required to provide a functioning website and to show our contents and services.
We use these data for the following purposes:
- Enable access to and visit of the BIOTRONIK website
- Detect, eliminate, and prevent errors, malfunctions, and possible misuse
The legal basis for the processing of these data is Section 25, para. 2(2) of the Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz - TDDDG) and also our legitimate interest in accordance with Article 6 para. 1(f) GDPR.
No data will be passed on to third parties.
Data will be deleted once they are no longer needed for the above-mentioned purposes within the scope of the legal basis upon which they were retained, normally when the browser session is exited but at the latest within one month.
b. Cookies
We use cookies on the BIOTRONIK websites. Cookies are small text files or comparable storage technologies which are stored by your browser on your terminal device and allow your browser to be recognized.
We use "session" cookies (temporary or transient cookies) and "persistent" cookies.
Session cookies are only stored during your usage of our websites. These cookies are needed for transactions (such as logging into a user account) and are valid in each case until the end of the browser session. This means that, depending on your browser’s type and settings, the cookies are automatically removed after the end of the session or after the tab or browser is exited unless you have configured your browser settings differently. The session cookies we use contain only a session ID.
Persistent cookies are stored for future sessions on your computer to recognize visitors returning to the websites after a long period and to be able to offer them the products or services they require. Persistent cookies are permanently stored on your terminal device and are not deleted when the website is exited or the browser is closed. Persistent cookies can only be removed manually.
What are cookies used for?
- Strictly necessary cookies
Strictly necessary cookies are used to make a website usable by enabling basic functions such as site navigation and access to secure areas of the website (shopping cart cookies, cookies for logins, cookies for storage of country/language selection, cookies for using cookie consent tools). The website cannot work properly without these cookies. These cookies cannot be disabled.
You can configure your browser to block these cookies or inform you of these cookies. If you do, some parts of the website may not work.
- Functional cookies
Functional cookies allow additional features and personalization to be offered such as videos and live chat.
If you do not permit these cookies, some or all of these features may not work properly.
- Analytical cookies
Analytical cookies are used by us or third parties for tracking and analyzing user behavior, delivering user-based content or for marketing purposes. This means we can show website contents that are appropriate to the target group and improve website content and functionality.
If you do not permit these cookies you may not experience user-based contents or targeted offers on other websites, for example.
The legal basis for storage of cookies, device identifiers and similar tracking technologies or for the storage of information on the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the TDDDG.
Please note that the legal basis for processing the personal data collected in this context then stems from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis according to the GDPR in each specific case of processing of personal data can be found below in the table on the cookie or tracking technologies used by us.
The primary legal basis for the storage of information on the end user's terminal equipment—in particular, for the storage of cookies—is your consent, Section 25 para. 1(1) TDDDG. By visiting our website, you give us your consent—which, of course, does not have to be given—and you can revoke it at any time in the Cookie Settings.
According to Section 25 para. 2(2) TDDDG, consent is not required if the storage of information on the end user's terminal equipment or the access to the information already stored on the end user's terminal equipment is absolutely necessary for the provider of a telemedia service in order to be able to provide a telemedia service expressly requested by the user. You can see in the Cookie Settings which cookies are to be considered absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exceptions to Section 25 para. 2 of the TDDDG and hence do not require consent.
You can view and edit how cookies are set or accessed at any time under "Cookie Settings". However, disabling cookies may limit the websites’ functionality (e.g., login to certain sections).
If you opt out (for example, by disabling a cookie that you have previously confirmed), a persistent cookie will be installed by us to allow an opt-out (disabling) of cookies to be recognized and considered during future visits to our websites.
Opt-out cookies prevent the future recording of your data when visiting this website from a particular terminal device or browser and a specific domain. However, to prevent recording on different devices, the opt-out must be performed on each device/browser used.
We use the following service providers:
Google Analytics
BIOTRONIK uses ‘Google Analytics’ on the basis of consent for the purpose of demand-oriented design and continuous optimisation of our website. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Among other things, Google Analytics uses so-called ‘cookies’ (text files) and similar technologies that are stored on your end device and enable your use of the website to be analysed. This information is used to evaluate your use of the website, to create reports on website activity and to optimise the display of advertising. The processing of the data after its transfer by BIOTRONIK to Google Ireland Limited is carried out by Google as the sole controller under data protection law. In this context, Google Ireland Limited, as the sole controller under data protection law, may store data about you in the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this. On 10 July 2023, the EU Commission adopted the adequacy decision for the ‘EU-U.S. Data Privacy Framework’. This means that the EU Commission considers the level of data protection in the USA to be comparable to that in the EU and therefore secure for transfers based on the agreement. Google is certified in accordance with this and bases any data transfer to the USA on this. The legal basis for this data processing is Article 6 para. 1(a) GDPR (consent). Further information on Google Analytics and Google's privacy policy can be found here. You can withdraw your consent to the use of Google Analytics at any time here.
Vimeo
We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can display interesting video material directly on our website. In doing so, certain data about you may be transferred to Vimeo.
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Vimeo servers. Vimeo transmits the content of the plug-in directly to your browser and integrates it into the page. This integration tells Vimeo that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transferred directly from your browser to a Vimeo server in the United States and stored there.
If you are logged into Vimeo, Vimeo can immediately associate your visit to our website with your Vimeo account. If you interact with the plugins (e.g. by pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to associate the data collected through our website directly with your Vimeo account, you must log out of Vimeo before visiting our website.
The legal basis for this data processing is Article 6 para. 1(a) GDPR (consent). Further information on Vimeo's privacy policy can be found here. You can withdraw your consent to the use of Vimeo at any time here.
2. Data processing during events
The personal data we process during events or your participation in programs, workshops etc. include but are not limited to:
- Contact information, including but not limited to first name and surname, title (where applicable), address, telephone number (where applicable), e-mail address
- Information about the company or institution you work for
- Information about your professional position
- Date of birth and place of birth, where applicable
We will normally collect these data directly from you. In certain cases we will obtain personal data about you from the company or institution you work for to allow us to invite you to one of our events.
We will use your contact details (name, mailing address, e-mail address) to send invitations to our events that match your interests and to send relevant materials (such as the program) by mail or e-mail in advance of the event. The legal basis is provided by Article 6 para. 1(f) GDPR based on our legitimate interest in adequately communicating our company strategy and entrepreneurial actions which also comprise public events and retaining rapporteurs.
If you no longer wish to receive invitations to our events, you can object to the use of your data for these purposes by sending an e-mail stating your objection to privacy@biotronik.com at any time. We shall then immediately stop sending invitations to our events.
If you participate in an event arranged by us, we shall process your data set out above to conduct the event and to allow you to participate. This also includes recording, where applicable, your name, information about your company or institution and your current professional position in a list of participants which is provided to the other participants in the event (in some cases also in electronic format), or possibly providing the event moderators with your data (name, information about your company or institution) for the purpose of conducting the event. We shall also use these data to send you event-related materials compiled after the event (such as conference documents). We may also disclose your data to cooperating institutions or affiliated companies where this is required to conduct the event and to allow you to participate, for example an external guest management company. The legal basis for this data processing is as set out in Art. 6 para. 1(b) GDPR.
We shall retain your contact details for the purpose of sending invitations until you withdraw object in order to exercise our legitimate mutual interest in communication or information. We shall retain your objection for a period of 3 years for evidential purposes.
3. Photographs and video recordings during events
We process image, video and voice recordings to provide Live-Stream or „Video-on-demand“ for training purposes or for persons unable to attend the event.
The legal basis is the consent you have granted in accordance with Article 6 para. 1(a) GDPR.
In addition, photographs and/or videos are regularly taken at our events, some of which are published on our homepage, on our social media channels, in external or internal reports or BIOTRONIK newsletters. Metadata such as the location and time of the recording and location are automatically stored in the digital cameras alongside the photographs and video recordings. The legal basis for publishing the photographs and video recordings is as set out in §§ 22, 23 of the German Art Copyright Act (KUG) and usually the consent you have granted in accordance with Article 6 para. 1(a) GDPR.
In certain cases the legal basis for producing and storing photographs and video recordings can also be provided by Article 6 para. 1(f) GDPR based on our legitimate interest in reporting on the event.
Where we process your data based on a particular interest, you have the right in accordance with Article 21 para. 1 GDPR, to object, on grounds relating to your particular situation, at any time to the production and storage of your photographs and video recordings with future effect by sending an e-mail containing your objection to privacy@biotronik.com.
Where we use these data based on the consent you have granted, you may withdraw your consent at any time with future effect by sending an e-mail stating your withdrawal to privacy@biotronik.com.
We hereby expressly advise you that external reporters may be present at some events who also create photographs and videos. However, since we have no control over the photographs and videos created by the external reporters or how they use them, we cannot provide any information about the purpose and scope of the processing of your data by those external rapporteurs.
The photographs and video recordings (and metadata) of you stored on the basis of Article 6 para. 1(a) GDPR shall be retained until you withdraw your consent.
The photographs and video recordings (and metadata) of you stored on the basis of Article 6 para. 1(f) GDPR shall be retained until you lodge a legitimate objection against such retention in accordance with Article 21 para. 1 GDPR, unless there are overriding legitimate grounds for the processing as set out in Article 21 para. 1 sentence 2 GDPR.
Where data are disclosed to contracted processors under our instruction, this shall be subject to the scope and periods required to render the services.
4. Log-In area
After the event, you can sign in to the log-in area to watch the presentations again or download them. Personal data relating to you will be stored in this login area (including your name). To log in, you must enter the e-mail address you used to register and the password you assigned. The creation of the log-in area is voluntary and only necessary if you wish to access the presentations. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.
5. Data processing during inquiries
If you contact us, e.g., via e-mail, phone, or contact form on the BIOTRONIK websites, we will use the data you shared with us to process your inquiry.
In order to provide you with the right information or check that you are properly authorized, we will normally need the following information:
- E-mail address
- Name
- Country
- Address, if necessary
- Device serial number, if necessary
- Other data provided, if necessary
Your data are processed on various legal bases depending on the content of your inquiry:
- contractual queries: Article 6 para. 1(b) GDPR
- legal obligations: Article 6 para. 1(c) or Article 9 para. 2(i) GDPR (e.g. provision of technical manuals or product information)
- legitimate interest: Article 6 para. 1(f) GDPR
- where consent has been granted: Article 6 para. 1(a) or Article 9 para. 2(a) GDPR
No data will be passed on to third parties; however, in some cases we contract service providers who process data on our behalf or we might pass data on to affiliated companies in case they are responsible for processing your request.
After your data are transmitted they shall be deleted immediately once they are no longer required for the purposes set out above and within 3 years, provided that there are no other legal obligations to retain data.
6. Other data processing
Where we process data for purposes other than those listed in this Privacy Statement, you will find more specific Privacy Statements under the relevant sections or for individual products.
Place of data processing
Your data will in general be processed in Germany. If, by way of exception, your data are processed outside of the European Union (so-called third countries), this will happen provided you have given your express consent for this or this is necessary for us to provide services to you or this is provided for by law (Article 49 GDPR). Moreover, your data are processed in third countries only to the extent that it is ensured through certain measures that an appropriate level of data protection exists for this (Article 44 et seq. GDPR).
Encryption of the data transmission
To ensure the confidentiality of your data also during transmission, we use state-of-the-art encryption methods, such as HTTPS/TLS.