The purpose of this fair processing notice (“Notice”) is to inform you of how IMAGE Information Systems Europe GmbH, its affiliates and subsidiaries (“we”, “us” and “our”) will process your personal data as a data controller and the measures and processes we have put in place to ensure its adequate protection. Providing such information is one of the requirements of the General Data Protection Regulation 2016/679 (“GDPR”).
This notice does not form any contractual relationship between you and us, and we may amend it from time to time.
2 LAWFUL PROCESSING
We will only process your personal data:
- When you have given your consent;
- when the processing is necessary to provide our products or services to you/your employer;
- when the processing is necessary to respond to a request from you/your employer;
- when the processing is necessary to maintain our relationship with you/your employer;
- when the processing is necessary for compliance with our legal and regulatory obligations
- In case of above, you may withdraw your consent at any time.
3 WHAT PERSONAL DATA WE COLLECT ABOUT YOU
We process the following types of personal data about you:
- Your name, email address and other contact details;
- Your role, position and/or job title within your employment
- Details of your preferences for types of marketing events or materials;
- Details of your access to our premises, systems, websites; and
- Your messages, feedback or contributions to surveys and questionnaires.
It may be mandatory for you to provide us with your personal data, to enable us to manage our business and operations, to maintain our relationship with you/your employer, to provide our products or services to you/your employer or to comply with our legal and regulatory obligations. If you fail to provide your personal data, we might be unable to maintain our relationship with you/your employer or to provide our products or services to you/your employer.
We make every effort to maintain the accuracy and completeness of your personal data which we store and to ensure all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you (see section 9 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
4 HOW WE COLLECT PERSONAL DATA
We usually collect your personal data from the information you/your employer submits during the course of your/your employer’s relationship with us. This will typically be through [you/your employer sending us emails and other correspondence, business cards, the forms and documents used when you/your employer signs up to our marketing or market data news lists, when you are named as an authorised person to trade on behalf of your employer, the sign up information you/your employer uses to access any of our products or services either on your own behalf or on behalf of your employer.
We may also collect your personal data from other sources such as our group companies, fraud prevention agencies, credit reference agencies and the records of governmental agencies.
4.1 Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
4.2 How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
4.3 What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website.
We will process your personal data in connection with the management of our relationship with you/your employer and the provision of our products and services to you/your employer for the following purposes:
- to provide you/your employer with requested products or services;
- to respond to your/your employer’s messages or posts to us;
- to provide you/your employer with promotional and marketing materials about our products and services that we think you/your employer may be interested;
- to manage, develop and improve our product range, services, stores, information technology systems and websites;
- for monitoring and assessing compliance with law and our policies and standards;
- to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
- for administrative purposes in relation to the security of and access to our systems, premises, platforms and websites and applications;
- to comply with court orders and exercise and/or defend our legal rights;
- for any other legitimate business purpose; and
- as otherwise permitted or required by any applicable law or regulation.
4.4 What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
5 General information and mandatory information
5.1 Data protection
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
5.2 Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
IMAGE Information Systems Europe GmbH
Dr. Arpad Bischof
Lange Str. 16,
18055 Rostock, Germany
Phone: +49 381 – 496 582 0
Fax: +49 381 – 496 582 99
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
5.3 Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
5.4 Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
5.5 Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
5.6 Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
6 Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
6.2 Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
- These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
6.3 Contact form, Product Request and Sales Partner Application Form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
6.4 Registration on this website
You can register on our website in order to access additional functions offered here. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
6.5 Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
6.6 Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
7 Analytics and advertising
7.1 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
8.1 Newsletter data
We update you via email around once a month with news about our products, e.g. new product versions, updates, updates and bugs, the user forum and medical imaging in general. We require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
9 Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under www.google.de/intl/de/policies/privacy.
9.2 Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
When you call up a page of our website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is used by your computer.
9.3 Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at www.google.de/intl/de/policies/privacy/.
10 INTERNATIONAL TRANSFERS OF PERSONAL DATA
Your personal data may be transferred to (including accessed in or stored in) a country or territory outside the European Economic Area (“EEA”), including to countries whose laws may not offer the same level of protection of personal data as are enjoyed within the EEA. In particular, we may share your personal data with our group companies outside of the EEA including Japan. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR. You can obtain copies of the relevant safeguard documents by making a request as set out in section 12 below.
11 WHEN WE MAY DISCLOSE YOUR PERSONAL DATA
We do not and will not sell, rent out or trade your personal data. We will only disclose your personal data to the following recipients:
- to our group companies;
- to companies approved or designated by you;
- to third parties who process your personal data on our behalf (such as our systems providers including cloud providers);
- to third parties who process your personal data on their own behalf but through providing you or your employer with a service on our behalf (such as our suppliers);
- to companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
- to any third party to whom we assign or novate any of our rights or obligations;
- to any prospective buyer in the event we sell any part of our business or assets; and
- to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
12 HOW WE PROTECT YOUR PERSONAL DATA
We are committed to safeguarding and protecting your personal data and will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to protect your personal data from accidental or unauthorized destruction, loss, alteration, disclosure or access.
13 YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT
If you wish to:
- update, modify, or delete your personal data, or obtain a copy of your personal data that we hold; or
- restrict or stop us from using any of your personal data which we hold, you can request this by contacting us.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data.
14 HOW LONG WE WILL HOLD YOUR PERSONAL DATA FOR
We will only retain your personal data as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
15 HOW WE UPDATE OR CHANGE THIS FAIR PROCESSING NOTICE
We may change or update parts of this Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Notice. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Notice so you are fully aware of any changes or updates.