IntroductionIlluminOss recognizes that the personal information it receives is held in a position of trust. IlluminOss seeks to fulfill that trust by adhering to general principles regarding the protection of personal information. This Privacy Statement explains how we collect, use, share, and protect information for all purposes as listed above and mentioned in this Statement.
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
IlluminOss Medical Inc.
Attn.: Corporate Compliance 993 Waterman Ave, East Providence RI USA 02914
ScopeThis Privacy Statement applies to the personal information of consumers that is collected or used by IlluminOss its affiliates or subsidiaries (“IlluminOss”). This Statement applies to all the personal information that IlluminOss collects when consumers interact with IlluminOss, such as when visiting our websites, using the products or services offered by IlluminOss, when purchasing IlluminOss products or services, when contacting customer service, and when interacting with IlluminOss as a business customer, supplier or business partner.
This includes, without limitation, all online and offline collections of all types of personal information. However, some IlluminOss collections involve types of data with special requirements (for example, health information) which require a different privacy notice. Whenever that is the case, IlluminOss will make it clear that the privacy notice concerned is different from this general privacy statement.
Information collectionIlluminOss may ask you to provide personal information for purposes including, but not limited to, the following:
- Buying IlluminOss products and services;
- Activating or registering certain products and services or enhancing functionality;
- Receiving information about IlluminOss products and services;
- Participating in IlluminOss online communities, including our social media channels/pages;
- Storing your preferences for future interactions and communications from IlluminOss;
- Helping us to develop products and services and create campaigns that are designed around you, optimize customer services and continuously improve our websites;
- Helping us to improve products and services, and allowing IlluminOss to keep you informed of, or involve you in the testing of, new products and services;
- Resolving consumer and/or product and services issues;
- Registering visitors of IlluminOss facilities or IlluminOss organized events and conferences;
- Contract or tender management; and
- Receiving personalized messages, special offers and advertisements that are relevant to your personal interests, based on the information you have shared with us and on the information we have collected through cookies or similar techniques regarding your use of the IlluminOss websites/social media/blogs.
We may also collect product and service information and provide these statistics to others in an aggregate form where the information has been de-identified.
Personal information collected may include:
- Contact information, such as name, address, email, telephone number, fax number, organization name, and/or job title
- Unique identifiers and preference information such as username, password, marketing preferences, internet protocol (IP) address, browser type, operating system, computer or mobile device, or navigation and clickstream behavior for online interactions
- Resume including work history, professional qualifications, publications, awards, references, completed trainings, signature
- Food restrictions, passport info for travel bookings or identification purposes, social security number (where required by law), bank account details, (emergency) contact persons, family information (where applicable and in accordance with local law)
- Creditworthiness, VAT number, product, purchase information history, request documentation
- Pictures, video and audio recordings where you have provided your permission
- Sensitive personal information, such as health information or reports of an individual end- customer, e. concerning product claims and investigations, patient pre- and post-operative outcomes for research & statistical purposes, or criminal records for due diligence procedures in accordance with applicable law
You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.
Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable
Data protection provisions about the application and use of Google Analytics (with anonymization function)On this website, IlluminOss has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics IlluminOss uses the application “_gat. _anonymizeIp”. By means of this application the IP address of your Internet connection is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on your information technology system. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by IlluminOss and into which a Google Analytics component was integrated, the Internet browser on your information technology system will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as your IP address, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of your visits of our website. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by you, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
You may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on your information technology system. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Legal BasisThe legal basis IlluminOss uses to process personal information will be dependent on the processing purposes and the jurisdictional legal requirements. Where the personal information collected involved is of EU citizens, in general, we use the following basis:
- Consent to use the personal information, e. where this involves (digital) direct marketing activities and where we would like to use a photo, video or audio recording with identifiable individuals for external publishing;
- Establishment or performance of a contract, e. where we enter into a contract with a party and we collect contact information and signatures, as well as potential bank account details that may be linked to a representative of a company we do business with;
- Compliance with a legal obligation, i.e. where we need to disclose consumer details for compliance with (local or industry) laws such as the Physician Payments Sunshine Act or for compliance with the Medical Device Regulation;
- Legitimate interest of IlluminOss, e. where IlluminOss collects contact information and preferences, details for lodging and travel for attendees of IlluminOss organized events & trainings or third party hosted events & trainings in collaboration with IlluminOss;
- Public interest or for the exercise of public authority in strictly limited cases, e. where we would be required to cooperate with the Police or other government bodies in case of illegal conduct;
- For the establishment, exercise or defense of legal claims, e. for court cases;
- For scientific or research purposes, e. for clinical research studies with sufficient safeguards safeguarding confidentiality;
- For preventative and occupational medicine, medical diagnosis pursuant to contract with healthcare professionals;
- For public interest in the public health to ensure high standards of quality and safety of healthcare and products;
- Where the individual chooses to disclose the personal information publicly by its own initiative.
If you choose not to provide the personal information we reasonably require, it may hinder IlluminOss’s ability to provide the information or services you have requested.
Cross-border transferTo the extent personal information is transferred out of the country where the owner of that personal information lives, such as to IlluminOss affiliates or business partners in other countries, including in the United States, different standards may apply to how your data is used and protected in those countries. IlluminOss has appropriate safeguards in place in accordance with applicable legal requirements to ensure that data is adequately protected irrespective of the country. This includes obtaining written assurances from any third party given access to your data so as to require them to adopt standards that ensure an equivalent level of protection for data as that adopted by IlluminOss and standardized corporate safeguards and contractual measures (based on the European Commission Model Clauses) for internal data transfers to IlluminOss affiliates in third countries which are deemed to provide an inadequate level of data protection.
Privacy statement for childrenIlluminOss will not collect personal information from anyone we know to be under the age of 16 without the prior, verifiable consent from his or her legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted.
How long we keep informationIlluminOss will retain your personal information for as long as reasonably necessary to comply with legal obligations or for no longer as required for legitimate business purposes.
Information sharingIlluminOss may share personal information we have collected with companies or agents doing technological maintenance or working on our behalf to help fulfill business needs, including providing customer services and distributing marketing communications. IlluminOss may also share personal information with our subsidiaries and affiliates.
Other service providers that may be used to perform certain functions on our behalf and to whom personal information may be disclosed in order to perform their intended function include call-center support, sending or processing postal or electronic mail or analyzing or hosting information on cloud- based servers.
- All service providers obliged under signed contracts with IlluminOss to comply with the standards and obligations under the
SecurityThe security and confidentiality of your personal information matters to us. For this reason, IlluminOss has physical, technical and administrative controls in place to protect your Personal Information from unauthorized access, use and disclosure. IlluminOss evaluates these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.
RightsThe following rights are granted by the European legislator referred to in the General Data Protection Regulation (GDPR). If you wish to exercise the following rights you may, at any time, contact IlluminOss.
- Right of confirmation and Right of access
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from IlluminOss rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
You shall have the right to obtain from IlluminOss the confirmation as to whether or not personal data concerning you are being processed. You shall have the right to obtain from IlluminOss free information about your personal data stored at any time and a copy of this information and, where that is the case, access to the following information:
Furthermore, you shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a you wish to avail yourself of this right of access, you may, at any time, contact IlluminOss.
- Right to rectification
You shall have the right to obtain from IlluminOss without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (Right to be forgotten)
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which IlluminOss is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
You shall have the right to obtain from IlluminOss the erasure of personal data concerning you without undue delay, and IlluminOss shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
Where IlluminOss has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, IlluminOss, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.
- Right of restriction of processing
- The accuracy of the personal data is contested by you, for a period enabling IlluminOss to verify the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead.
- IlluminOss no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
- You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of you.
You shall have the right to obtain from IlluminOss restriction of processing where one of the following applies:
- Right to data portability
You shall have the right, to receive the personal data concerning you, which was provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from IlluminOss to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in IlluminOss.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
- Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
IlluminOss shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or for the establishment, exercise or defence of legal claims.
If IlluminOss processes personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you objects to IlluminOss to the processing for direct marketing purposes, IlluminOss will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by IlluminOss for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, you are free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use your right to object by automated means using technical specifications.
- Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between you and a data controller, or (2) is not authorised by Union or Member State law to which IlluminOss is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between you and a data controller, or (2) it is based on your explicit consent, IlluminOss shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of IlluminOss, to express your point of view and contest the decision.
- Right to withdraw data protection consent
You shall have the right to withdraw your consent to processing of your personal data at any time.
Updates to Privacy StatementThis Privacy Statement may be amended at any time. If material changes are made in how personal information is collected, used, disclosed, or otherwise processed, this Statement will be updated and notices will be provided when/where appropriate. Any material changes to this Privacy Statement will be effective at the time of our posting of the notice of the update. Where required to do so by law, IlluminOss may seek your prior consent to any material changes we make to this Privacy Statement.
The Statement was last updated on 15-April-2019
ContactIf you have any questions, concerns, or comments about this Privacy Statement, please contact us. IlluminOss will use reasonable efforts to respond to you as soon as possible.
Send mail to:IlluminOss Medical Inc.
Attn.: Corporate Compliance 993 Waterman Ave, East Providence RI USA 02914
If we fail to respond to you within a reasonable period of receiving it in writing, or if you are dissatisfied with the response that you receive from us, you may lodge a complaint with the data protection authorities in your home country.