Privacy Policy - Cantel Medical

What Are Cookies?
Cookies are small text files that are stored in your browser during your visit of a website. Cookies can have a variety of purposes, from technical assistance to tracking of user's behaviour and targeting individuals for marketing purposes. Cookies can be stored in your browser for different periods of time, depending on the type of cookie. Most internet browsers automatically accept cookies. However, users have the option to view the cookies in use, delete some or all cookies or completely disable the future storing of cookies. Cookies cannot run a program or transfer viruses or spyware to your computer.

Cookies Used on Our Website:
When visiting our website, certain cookies are set and read by our server when delivering the website to your browser. These are often called “first party cookies.” Certain cookies may also be set and read by third parties providing us services. Namely, we use the following types of cookies:

Functional Cookies: We use session or technical cookies. These cookies are only stored in the temporary memory of your computer and are automatically deleted when you close your browser. They provide technical assistance to facilitate your use of our website. Session cookies enable you to switch from one page of the website to another and still be recognized as the same user, e.g., your language setting will remain the same if you switch from one page to another. These are essential cookies and their use is necessary for our legitimate interests to provide the website to you.

Performance cookies: These cookies allow us to count website visits, traffic sources and behavior so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.

For further information on the individual cookies used, you may visit the opt-out pages of http://youronlinechoices.eu or click on the “Setting” button on the pop-up consent notice on our website.

The data processed by cookies is required for the mentioned purposes to protect our legitimate interest as well as that of third parties pursuant to Art. 6 Par. 1 lit. f) GDPR, or is in any case processed with your consent, expressed through the above-specified pop-up consent notice.

Manage and Disable Cookies:
The “Settings” button on the pop-up consent notice on our website allows you to opt out of specific cookies. Most browsers also provide settings that prevent the automated placing of cookies on your computer. You can typically find this setting option in your browser under “data protection.” The procedure to manage cookies may differ from browser to browser.

Please note that you might not be able to use all features on our website if you block cookies in your browser settings.

The following are links to information about managing cookies in some commonly used browsers:

Mozilla Firefox
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome
https://support.google.com/chrome/answer/95647?hl=en

Apple Safari
https://support.apple.com/kb/PH19214?locale=en_US

Internet Explorer
http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11

If you wish, you can opt out of web analytics data collection. Please note that this does not have any effect on your use of the website. If you prefer us not to gather analytical information please untick the checkbox below:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Privacy Notice

MEDIVATORS BV website privacy notice

Version: June 2021

Our contact details

MEDIVATORS B.V.

Address: Amerikalaan 110, 6199AE, Maastricht Airport

Phone Number: +31 45 5 471 471

E-mail: marketingbenelux@cantel.com

The type of personal information we collect

From this website we collect and process personal data and contacts as listed below:

first and last name;
company / hospital;
email;
telephone number.

We also collect server log files: IP address, date and time of access, amount of transferred data, referrer URL (the website which directed you onto our website), your browser type and your operating system, hosts, web search queries.

How we get the personal information and why we have it

Personal information we process is provided to us directly by you filling the contact and/or newsletter form.

We use the information that you have given us in order to provide you with quotations of our services and products, to answer claims, to provide information in general, the newsletter, and to answer other requests made by you.

Without your consent we use this third party services to analyse, anonymously, users activities on the website:

Google Search Console: Google Inc., provides data on search queries and landing pages, with no IP address recording or other processing activities of personal data.
Matomo Analytics: with its EU Representative, ePrivacy Holding GmbH Große Bleichen 21 20354 Hamburg Germany, is a tool analysing website traffic with an EU data-center. Please refer to Cookie Policy for additional information.
Microsoft 365 is a cloud based software we use to send our daily e-mails and store all other data secured. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

After the submission of your query from the contact page, or the subscription to our newsletter, you’ll receive an automated email asking you to confirm or deny your consent to marketing processing activities.

With your consent, we will process your personal data in order to provide you with:

our marketing communications by our newsletter and/or telephone;

Newsletter and e-mail marketing services provided by “Mailchimp”, a marketing platform for businesses, for newsletter management; this service is provided by The Rocket Science Group, LLC, 675 Ponce de Lean Ave NE, Suite 5000, Atlanta, GA 30308, U.S.
events invitations by e-mail, newsletter, mail and/or telephone.

You are able to remove your consent at any time contacting us or clicking the “unsubscribe” link that you can find in our emails.

Your consent is not mandatory to contact us.

We can also process your personal data without your consent to fulfil legal obligations, if any, vital interests, perform a public task, if we have another legitimate interest or we have to fulfil obligations established by the services specifically subscribed by you, by the law and regulations or by any order of the relevant Authority.

How we store and process your personal information

Your information is securely stored on our cloud based systems.

We will process your personal data for the time necessary to fulfil the aforementioned purposes and however for no more than 5 years from your consent, or its renewal, for marketing purposes.

Save the above, and missing additional reasons or legal obligations, we keep your personal data for a maximum period of 10 years. We will then delete your personal data from our systems in accordance with our data deletion policy.

Data flows and transfer to third parties

Your information will be accessible to our employees, companies of the Cantel Group and to third-party companies or other subjects carrying out outsourced activities and services on behalf of us, also in their capacity of external data processors.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we respond to you in the shortest time.

You can withdraw your consent to receive marketing communications at any time using also the “unsubscribe” link at the end of a marketing communication.

If you wish to make a request please contact us using contact details above.

If you have any concerns about our use of your personal information, you can make a complaint to us and/or to the competent Authority.

Medivators B.V. Website Privacy Policy

Thank you for taking the time to read this Privacy Policy which applies to your use of the https://www.cantelmedical.eu/nl/ website. This Privacy Policy is intended to inform you about the personal data which we collect when you visit and use our website as well as how we use and store this data, if applicable. Personal data is data which can be, directly or indirectly, related to you, e.g., name, address, organisation, telephone number and e-mail address. The requirements outlined in the Privacy Policy are subject to relevant country, province and local jurisdiction laws and regulations. In the case that such laws and regulations conflict with the requirements found in this Privacy Policy, the pertinent laws and regulations shall supersede the requirements of the Privacy Policy.

Who We Are

We are Medivators B.V. (referred to as “Cantel,” “we,” “us” or “our” in this Privacy Policy). Contact details are set out at the end of this Privacy Policy.

Protecting privacy is important to us. As part of our commitment to privacy, we comply with the EU - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Privacy Shield”). Our U.S. affiliates have certified their adherence to the privacy principles set forth by the Privacy Shield, including the supplemental principles, with respect to the transfer and protection of personal information (the “Privacy Shield Principles”), received within the scope of their Privacy Shield certification, from the EU to the U.S. If there are any conflicts between the standards outlined in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern as concerns the relevant transfers of personal data.

For more information about:

the Privacy Shield Principles, please visit the U.S. Department of Commerce’s website at https://www.privacyshield.gov/

our Privacy Shield privacy standards, consult the following link http://www.cantelmedical.com/privacy-shield-policy.

2. Collection, Processing and Use of Personal Data

We use the information collected on and through our website to determine usage trends, provide our services, respond to queries and to provide a more personalised experience on our website. This personal data falls into several categories:

2.1 Information You Provide to Us

We collect information when you fill in forms or otherwise contact us, request marketing communications (see Section 3 (Marketing Communications) for more details) or otherwise communicate with us. The personal data we collect is necessary to provide the contracted services to you pursuant to Art. 6 Par. 1 lit. b) GDPR or used with your consent pursuant to Art. 6 Par. 1 lit. a) GDPR (and you consent to our collecting and processing your personal data when you send us a request) or for our legitimate interests to respond to you pursuant to Art. 6 Par. 1 lit. f) GDPR.

If you choose to enter a promotion or contest, we may ask for your name, address and e-mail address, among other pieces of information, so we can distribute promotional offerings, administer the promotion or contest and notify winners. We may need to forward such information to fulfilment houses or distributors. However, our partners have agreed to keep any personal information provided to them confidential and secure, unless you consent to such information being shared with other product manufacturers.

2.2 Information We Collect Directly When You Use Our Website

If you contact us or subscribe to our marketing communications, we may collect personal data to respond to or act on your request. Additionally, we collect or use certain online identifiers, including:

Server Log Files

Each time you visit our website, your browser transfers the following data to our server:

IP address,
date and time of access,
amount of transferred data,
referrer URL (the website which directed you onto our website),
your browser type and

your operating system.

We need to receive this data to be able to deliver our website and its content in a suitable way to you as well as to ensure the stability and security of our website. We generally do not store the log file data, but may do so in particular instances for up to seven days to identify technical problems or security incidents (e.g., illegal use of the website, hacker attacks, etc.). If we identify a security incident, we also reserve the right to retain the log file data for as long as required to pursue our legal claims in connection with it and may also make it available to third parties for that purpose (e.g., investigative authority).

Providing our website and its content to you as well as ensuring the stability and security of our website, including the pursuit of any legal claims, are necessary for our legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR.

3. Marketing Communications

If you indicate on a form or otherwise contact us to receive marketing communications from us, we will send such communications to you in accordance with your request and by the contact details you have given us. You can always ask us to stop sending such communications via email or by using the “unsubscribe” link included in each marketing communication.

We offer marketing communications with information on our products and services. Users will only receive marketing communications if they subscribe to this service and provide the personal data requested by us in connection with such communications. To subscribe to the marketing communications, you will need to provide your e-mail address, first and last name, job title and organisation.

Microsoft 365 is a cloud based software we use to send our daily e-mails and store all other data secured. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. ("Microsoft")
We also use the marketing services provided by “Mailchimp”, a marketing platform for businesses, for newsletter management; this service is provided by The Rocket Science Group, LLC, 675 Ponce de Lean Ave NE, Suite 5000, Atlanta, GA 30308, U.S. (“Mailchimp”).

Your e-mail address and, if applicable, the other personal data provided in connection with the subscription are stored on the servers of Microsoft. This data is also used by Mailchimp on our behalf to send marketing communications to you and analyse email distribution. When you open any marketing communication, your browser will retrieve a “web-beacon,” a pixel-sized file contained in the email, from the Mailchimp servers in the U.S. Thereby, technical information, such as information in relation to your browser, system, IP address and the time of retrieval, is processed. Further, the Mailchimp server also collects data as to whether the recipients opened the email, when they opened it and which links they clicked. We exclusively collect this data for statistical purposes and to adapt the content of our marketing communications to our customers’ preferences and provide a better service. We do not create user profiles based on this data.

Further, we have entered into a data processing agreement with Microsoft and Mailchimp which imposes the obligation upon these service providers to process the personal data of our subscribers only based on our instructions.

The legal basis for the processing of your personal data in relation to such marketing communications is your consent pursuant to Art. 6 Par. 1 lit. a) GDPR. The legal basis for the use of Microsoft and Mailchimp, statistical assessments by us and the logging of the subscription data is our legitimate interest in providing a user-friendly and secure marketing communications service, as well as in improving our marketing, which serves both our business interests as well as the expectations of our users, pursuant to Art. 6 Par. 1 lit. f) GDPR.

You can withdraw your consent to receive marketing communications at any time. Please use the "unsubscribe" link at the end of a marketing communication to unsubscribe from marketing emails or contact us in writing (see contact details in Section 12 (Contact Details and Further Information)), specifying which method of marketing communications you would like to unsubscribe from or whether you would like to unsubscribe from all our marketing communications. Please note that we are not able to provide you with marketing communications without the support of the services provided by Microsoft and Mailchimp.

Your personal data provided in relation to the marketing communications will be deleted if you withdraw your consent unless we need to store it to pursue or defend legal claims. The legal basis for this storage is our legitimate interests to pursue or defend claims pursuant to Art. 6 Par. 1 lit. f) GDPR. Additionally, we may continue to process such data if permitted based on another pertinent legal basis, including a legal obligation (e.g., statutory law, court order or order of an authority, etc.) pursuant to Art. 6 Par. 1 lit. c) GDPR.

4. Collection and Use of Personal Data by Third Parties

When you visit our website, third parties will be able to collect personal data from you as described in this section. Most third-party service providers will only collect data on our behalf and not for their own business purposes. If data is collected and used for a third party’s business purposes, then this will only occur based on a contractual arrangement between us and the respective third party in which we will bind the third party to only use the collected data for the purposes described in the contractual arrangement.

4.1 Service Providers

Microsoft is the service provider providing the cloud data storage services specified in Section 3 (Marketing Communications) above; in the context of its role of data processor, Microsoft has adopted binding corporate rules (which can be accessed at https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2OBC5) establishing safeguards with respect to the transfer and protection of personal information from the EU to the U.S.; also, our data processing agreement with Microsoft incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.

Mailchimp is the service provider providing the email marketing communication distribution services also specified in Section 3 (Marketing Communications) above; our data processing agreement with Mailchimp also incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.

4.2 Links

When you click on links on our website which direct you to the website of another website provider, this website provider will likely also collect certain data from you, probably at least the data described in Section 2.2(i) above. However, this data is neither collected on our behalf nor otherwise controlled or used by us; therefore, we are neither legally obliged nor able to give you any information on what data will be collected if you click on such a link. Third party websites have their own privacy policies which may be different from ours. We are not liable for any of such third-party websites, which you use at your own risk.

5. Transfer of Personal Data / Recipients of Personal Data

As described above in Section 4 (Collection and Use of Personal Data by Third Parties), we allow certain third parties to collect personal data from you. For further details regarding these recipients of personal data, please see the information in Section 4 (Collection and Use of Personal Data by Third Parties).

Please note that our processing of your personal data will entail the possibility of certain persons, in particular our marketing and IT department, to access your data for the purposes specified in this Privacy Policy.

Personal data may also be shared with our affiliates in accordance with the purposes for which personal data was originally collected or otherwise could be lawfully processed. Our U.S. affiliates participate in, and have self-certified their adherence to, the principles of the EU – U.S. Privacy Shield Framework.

In general, we will only transfer your personal data to third parties if this is required to perform a contract with you or if we are under a statutory legal obligation or ordered by legally binding order of an authority or court.

Further, we generally reserve the right to use third parties who collect and process personal data on our behalf (e.g., hosting providers or IT service providers, including those specified in Section 4.1). They will only receive the amount of data which is required for the assigned task. Such service providers will usually be contracted as “data processors,” who are only allowed to process data based on our instructions and who will only be contracted if they provide the necessary qualifications set out for a data processor in the GDPR. The legal basis for the use of third parties and the related transfer of personal data may, subject to the circumstances, be performance of a contract pursuant to Art. 6 Par. 1 lit. b) GDPR or legitimate business interests pursuant to Art. 6 Par. 1 lit. f) GDPR. Providing we select and use data processors in compliance with the provisions of the GDPR and other applicable data protection law, we deem that we have a legitimate interest for the use of third parties as data processors.

6. Transfer of Personal Data to Third Countries

In some cases, we transfer, or will transfer, your personal data to countries outside the EU or the European Economic Area.

We may transfer personal data to our U.S. affiliates pursuant to the EU – U.S. Privacy Shield Framework (as explained in Section 1 (Who We Are) above), as well as to the third-party service providers who collect and process personal data on our behalf (see also Section 4.1 and Section 5), located in the U.S., pursuant to our data processing agreements with them also incorporating standard contractual clauses for transfer of personal data outside the EU.

If you require any further information or details on the protections we have in place for transfers of data, do get in touch via the contact details set out below.

7. Your Rights

Voluntary provision of information: With the exception of the necessary information we collect automatically when you use the website, as specified above, you are free to provide the personal data you choose to give us. Non-provision of such data may, however, entail the impossibility to proceed with your request.

Access: At any time, you have the right to obtain information concerning your personal data. This includes the right to know whether we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you are entitled to request rectification, erasure or restriction of the processing of your personal data.

Right to object: In certain cases, including where processing is based on legitimate interests of the data controller, you also have a right to object to the processing of personal data on grounds relating to your particular situation; in this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can ask for more details about our legitimate interests.

Where personal data is processed for direct marketing purposes, you always have the right to object at any time to the processing of your personal data for such marketing purposes, including any profiling connected to such direct marketing purposes.

Portability: You also have the right to data portability (i.e., to have a copy of your personal data and transfer it to other providers) subject to certain limitations.

Consent: In case we process personal data based on your consent, e.g., contacting us or opting into our direct email marketing communications, you are entitled to withdraw your consent at any time, as explained in Section 3 (Marketing Communications). Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid or illegal the processing based on consent before its withdrawal. If you withdraw your consent in relation to communications addressed to us through the contact form, we may still be required to store your personal data as specified in Section 3 (Marketing Communications). If you withdraw your consent in relation to direct marketing communications, you will not receive further marketing communications.

If you wish to exercise any of these rights in relation to your personal data, please contact marketingbenelux@cantel.com. In order for us to fulfil your request, please make sure that we can identify you properly.

You also have the right to lodge a complaint with your competent supervisory authority.

8. Data Retention

We will retain your personal data for as long as you maintain an account, as necessary to provide you with services or as otherwise provided in this Privacy Policy or permitted by the GDPR. We in any case reserve the right to archive data for a longer period of time if this is required to comply with our legal obligations pursuant to Art. 6 Par. 1 lit. c) GDPR, or to claim, exercise or defend legal entitlements (legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR).

Where we no longer need to process your personal data, as described above, we will delete it from our systems. Additionally, where permissible, we will also delete your personal data upon your request. Contact us, as set out at the end of this Privacy Policy, to make a deletion request or for questions about our data retention practices.

9. Security / Safeguards

We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to personal data. Please be advised, however, that we cannot fully eliminate security risks associated with the retention, storage and transmission of personal data.

10. Minors

The website is not intended for minors under the age of 18. We will not knowingly collect personal data from minors under 18 years of age.

Please be advised that the minimum age may vary based on country/region and on local law. If you become aware that a minor has provided us with personal data without parental consent, please contact us at marketingbenelux@cantel.com.

If we become aware that a minor under 18 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the minor's account. Any communications that are identified as being from a minor under the age of 18 will not be retained.

11. Updates and Changes to This Privacy Policy

We may change this Privacy Policy from time to time. Please read this Privacy Policy and reach out to us, as described below, with any questions.

12. Contact Details and Further Information

We have appointed a data privacy point of contact who is responsible for overseeing questions in relation to this Privacy Policy.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at:

Medivators BV

Amerikalaan 110
6199AE, Maastricht Airport
The Netherlands

or via email at marketingbenelux@cantel.com.

Cookie	Type	Duration	Description
cli_user_preference	persistent	1 year	Keeps track of the cookie consents for on the current domain.
cookielawinfo-checkbox-necessary	session	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
cookielawinfo-checkbox-non-necessary	session	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
CookieLawInfoConsent	session	16 years 5 months 26 days 14 hours	Records the default button state of the corresponding category & the status of CCPA.
viewed_cookie_policy	session	1 hour	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_pk_id	session	13 months	Matomo - used to store a few details about the user such as the unique visitor ID
_pk_ref	session	6 months	Matomo - Used to store the attribution information, the referrer initially used to visit the website
_pk_ses, _pk_cvar, _pk_hsr	session	30 minutes	Matomo - Short lived cookies used to temporarily store data for the visit
_pk_testcookie	session		Matomo - Is created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
yt-remote-connected-devices	persistent	never	This HTML storage key is used to regulate the behavior of the integrated YouTube video player.
yt-remote-device-id	persistent	never	This HTML storage key is used to regulate the behavior of the integrated YouTube video player.