Medivators B.V. Website Privacy Policy

Thank you for taking the time to read this Privacy Policy which applies to your use of the https://www.cantelmedical.eu/in/ website. This Privacy Policy is intended to inform you about the personal data which we collect when you visit and use our website as well as how we use and store this data, if applicable. Personal data is data which can be, directly or indirectly, related to you, e.g., name, address, organisation, telephone number and e-mail address.

The requirements outlined in the Privacy Policy are subject to relevant country, province and local jurisdiction laws and regulations. In the case that such laws and regulations conflict with the requirements found in this Privacy Policy, the pertinent laws and regulations shall supersede the requirements of the Privacy Policy.

1. Who We Are

We are Medivators B.V. (referred to as “Cantel,” “we,” “us” or “our” in this Privacy Policy). Contact details are set out at the end of this Privacy Policy.

Protecting privacy is important to us. As part of our commitment to privacy, we comply with the EU – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Privacy Shield”). Our U.S. affiliates have certified their adherence to the privacy principles set forth by the Privacy Shield, including the supplemental principles, with respect to the transfer and protection of personal information (the “Privacy Shield Principles”), received within the scope of their Privacy Shield certification, from the EU to the U.S. If there are any conflicts between the standards outlined in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern as concerns the relevant transfers of personal data.

For more information about:

2. Collection, Processing and Use of Personal Data

We use the information collected on and through our website to determine usage trends, provide our services, respond to queries and to provide a more personalised experience on our website. This personal data falls into several categories:

2.1       Information You Provide to Us

We collect information when you fill in forms or otherwise contact us, request marketing communications (see Section 3 (Marketing Communications) for more details) or otherwise communicate with us. The personal data we collect is necessary to provide the contracted services to you pursuant to Art. 6 Par. 1 lit. b) GDPR or used with your consent pursuant to Art. 6 Par. 1 lit. a) GDPR (and you consent to our collecting and processing your personal data when you send us a request) or for our legitimate interests to respond to you pursuant to Art. 6 Par. 1 lit. f) GDPR.

If you choose to enter a promotion or contest, we may ask for your name, address and e-mail address, among other pieces of information, so we can distribute promotional offerings, administer the promotion or contest and notify winners. We may need to forward such information to fulfilment houses or distributors. However, our partners have agreed to keep any personal information provided to them confidential and secure, unless you consent to such information being shared with other product manufacturers.

2.2       Information We Collect Directly When You Use Our Website

If you contact us or subscribe to our marketing communications, we may collect personal data to respond to or act on your request. Additionally, we collect or use certain online identifiers, including:

(i) Server Log Files

Each time you visit our website, your browser transfers the following data to our server:

  • IP address,
  • date and time of access,
  • amount of transferred data,
  • referrer URL (the website which directed you onto our website),
  • your browser type and
  • your operating system.

We need to receive this data to be able to deliver our website and its content in a suitable way to you as well as to ensure the stability and security of our website. We generally do not store the log file data, but may do so in particular instances for up to seven days to identify technical problems or security incidents (e.g., illegal use of the website, hacker attacks, etc.). If we identify a security incident, we also reserve the right to retain the log file data for as long as required to pursue our legal claims in connection with it and may also make it available to third parties for that purpose (e.g., investigative authority).

Providing our website and its content to you as well as ensuring the stability and security of our website, including the pursuit of any legal claims, are necessary for our legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR.

(ii) Cookies

What Are Cookies?

Cookies are small text files that are stored in your browser during your visit of a website. Cookies can have a variety of purposes, from technical assistance to tracking of user’s behaviour and targeting individuals for marketing purposes. Cookies can be stored in your browser for different periods of time, depending on the type of cookie. Most internet browsers automatically accept cookies. However, users have the option to view the cookies in use, delete some or all cookies or completely disable the future storing of cookies. Cookies cannot run a program or transfer viruses or spyware to your computer.

Cookies Used on Our Website:

When visiting our website, certain cookies are set and read by our server when delivering the website to your browser. These are often called “first party cookies.” Certain cookies may also be set and read by third parties providing us services. Namely, we use the following types of cookies:

Functional Cookies: We use session or technical cookies. These cookies are only stored in the temporary memory of your computer and are automatically deleted when you close your browser. They provide technical assistance to facilitate your use of our website. Session cookies enable you to switch from one page of the website to another and still be recognized as the same user, e.g., your language setting will remain the same if you switch from one page to another. These are essential cookies and their use is necessary for our legitimate interests to provide the website to you.

For further information on the individual cookies used, you may visit the opt-out pages of http://youronlinechoices.eu or click on the “Setting” button on the pop-up consent notice on our website.

The data processed by cookies is required for the mentioned purposes to protect our legitimate interest as well as that of third parties pursuant to Art. 6 Par. 1 lit. f) GDPR, or is in any case processed with your consent, expressed through the above-specified pop-up consent notice.

Manage and Disable Cookies:

The “Settings” button on the pop-up consent notice on our website allows you to opt out of specific cookies. Most browsers also provide settings that prevent the automated placing of cookies on your computer. You can typically find this setting option in your browser under “data protection.” The procedure to manage cookies may differ from browser to browser.

Please note that you might not be able to use all features on our website if you block cookies in your browser settings.

3. Marketing Communications

If you indicate on a form or otherwise contact us to receive marketing communications from us, we will send such communications to you in accordance with your request and by the contact details you have given us. You can always ask us to stop sending such communications via email or by using the “unsubscribe” link included in each marketing communication.

We offer marketing communications with information on our products and services. Users will only receive marketing communications if they subscribe to this service and provide the personal data requested by us in connection with such communications. To subscribe to the marketing communications, you will need to provide your e-mail address, first and last name, job title and organisation.

We use the services provided by “Box”, a Cloud Content Management (CCM) platform, for data storage; this service is provided by Box, Inc., 900 Jefferson Ave, Redwood City, CA 94063, U.S. (“Box”). We also use the marketing services provided by “Mailchimp”, a marketing platform for businesses, for newsletter management; this service is provided by The Rocket Science Group, LLC, 675 Ponce de Lean Ave NE, Suite 5000, Atlanta, GA 30308, U.S. (“Mailchimp”).

Your e-mail address and, if applicable, the other personal data provided in connection with the subscription are stored on the servers of Box. This data is also used by Mailchimp on our behalf to send marketing communications to you and analyse email distribution. When you open any marketing communication, your browser will retrieve a “web-beacon,” a pixel-sized file contained in the email, from the Mailchimp servers in the U.S. Thereby, technical information, such as information in relation to your browser, system, IP address and the time of retrieval, is processed. Further, the Mailchimp server also collects data as to whether the recipients opened the email, when they opened it and which links they clicked. We exclusively collect this data for statistical purposes and to adapt the content of our marketing communications to our customers’ preferences and provide a better service. We do not create user profiles based on this data.

Further, we have entered into a data processing agreement with Box and Mailchimp which imposes the obligation upon these service providers to process the personal data of our subscribers only based on our instructions.

The legal basis for the processing of your personal data in relation to such marketing communications is your consent pursuant to Art. 6 Par. 1 lit. a) GDPR. The legal basis for the use of Box and Mailchimp, statistical assessments by us and the logging of the subscription data is our legitimate interest in providing a user-friendly and secure marketing communications service, as well as in improving our marketing, which serves both our business interests as well as the expectations of our users, pursuant to Art. 6 Par. 1 lit. f) GDPR.

You can withdraw your consent to receive marketing communications at any time. Please use the “unsubscribe” link at the end of a marketing communication to unsubscribe from marketing emails or contact us in writing (see contact details in Section 12 (Contact Details and Further Information)), specifying which method of marketing communications you would like to unsubscribe from or whether you would like to unsubscribe from all our marketing communications. Please note that we are not able to provide you with marketing communications without the support of the services provided by Box and Mailchimp.

Your personal data provided in relation to the marketing communications will be deleted if you withdraw your consent unless we need to store it to pursue or defend legal claims. The legal basis for this storage is our legitimate interests to pursue or defend claims pursuant to Art. 6 Par. 1 lit. f) GDPR. Additionally, we may continue to process such data if permitted based on another pertinent legal basis, including a legal obligation (e.g., statutory law, court order or order of an authority, etc.) pursuant to Art. 6 Par. 1 lit. c) GDPR.

4. Collection and Use of Personal Data by Third Parties

When you visit our website, third parties will be able to collect personal data from you as described in this section. Most third-party service providers will only collect data on our behalf and not for their own business purposes. If data is collected and used for a third party’s business purposes, then this will only occur based on a contractual arrangement between us and the respective third party in which we will bind the third party to only use the collected data for the purposes described in the contractual arrangement.

4.1     Service Providers

Box is the service provider providing the cloud data storage services specified in Section 3 (Marketing Communications) above; in the context of its role of data processor, Box has adopted binding corporate rules (which can be accessed at https://cloud.app.box.com/v/BoxProcessorBCRs) establishing safeguards with respect to the transfer and protection of personal information from the EU to the U.S.; also, our data processing agreement with Box incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.

Mailchimp is the service provider providing the email marketing communication distribution services also specified in Section 3 (Marketing Communications) above; our data processing agreement with Mailchimp also incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.

4.2     Links

When you click on links on our website which direct you to the website of another website provider, this website provider will likely also collect certain data from you, probably at least the data described in Section 2.2(i) above. However, this data is neither collected on our behalf nor otherwise controlled or used by us; therefore, we are neither legally obliged nor able to give you any information on what data will be collected if you click on such a link. Third party websites have their own privacy policies which may be different from ours. We are not liable for any of such third-party websites, which you use at your own risk.

5. Transfer of Personal Data / Recipients of Personal Data

As described above in Section 4 (Collection and Use of Personal Data by Third Parties), we allow certain third parties to collect personal data from you. For further details regarding these recipients of personal data, please see the information in Section 4 (Collection and Use of Personal Data by Third Parties).

Please note that our processing of your personal data will entail the possibility of certain persons, in particular our marketing and IT department, to access your data for the purposes specified in this Privacy Policy.

Personal data may also be shared with our affiliates in accordance with the purposes for which personal data was originally collected or otherwise could be lawfully processed. Our U.S. affiliates participate in, and have self-certified their adherence to, the principles of the EU – U.S. Privacy Shield Framework.

In general, we will only transfer your personal data to third parties if this is required to perform a contract with you or if we are under a statutory legal obligation or ordered by legally binding order of an authority or court.

Further, we generally reserve the right to use third parties who collect and process personal data on our behalf (e.g., hosting providers or IT service providers, including those specified in Section 4.1). They will only receive the amount of data which is required for the assigned task. Such service providers will usually be contracted as “data processors,” who are only allowed to process data based on our instructions and who will only be contracted if they provide the necessary qualifications set out for a data processor in the GDPR. The legal basis for the use of third parties and the related transfer of personal data may, subject to the circumstances, be performance of a contract pursuant to Art. 6 Par. 1 lit. b) GDPR or legitimate business interests pursuant to Art. 6 Par. 1 lit. f) GDPR. Providing we select and use data processors in compliance with the provisions of the GDPR and other applicable data protection law, we deem that we have a legitimate interest for the use of third parties as data processors.

6. Transfer of Personal Data to Third Countries

In some cases, we transfer, or will transfer, your personal data to countries outside the EU or the European Economic Area.

We may transfer personal data to our U.S. affiliates pursuant to the EU – U.S. Privacy Shield Framework (as explained in Section 1 (Who We Are) above), as well as to the third-party service providers who collect and process personal data on our behalf (see also Section 4.1 and Section 5), located in the U.S., pursuant to our data processing agreements with them also incorporating standard contractual clauses for transfer of personal data outside the EU.

If you require any further information or details on the protections we have in place for transfers of data, do get in touch via the contact details set out below.

7. Your Rights

Voluntary provision of information: With the exception of the necessary information we collect automatically when you use the website, as specified above, you are free to provide the personal data you choose to give us. Non-provision of such data may, however, entail the impossibility to proceed with your request.

Access: At any time, you have the right to obtain information concerning your personal data. This includes the right to know whether we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you are entitled to request rectification, erasure or restriction of the processing of your personal data.

Right to object: In certain cases, including where processing is based on legitimate interests of the data controller, you also have a right to object to the processing of personal data on grounds relating to your particular situation; in this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can ask for more details about our legitimate interests.

Where personal data is processed for direct marketing purposes, you always have the right to object at any time to the processing of your personal data for such marketing purposes, including any profiling connected to such direct marketing purposes.

Portability: You also have the right to data portability (i.e., to have a copy of your personal data and transfer it to other providers) subject to certain limitations.

Consent: In case we process personal data based on your consent, e.g., contacting us or opting into our direct email marketing communications, you are entitled to withdraw your consent at any time, as explained in Section 3 (Marketing Communications). Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid or illegal the processing based on consent before its withdrawal. If you withdraw your consent in relation to communications addressed to us through the contact form, we may still be required to store your personal data as specified in Section 3 (Marketing Communications). If you withdraw your consent in relation to direct marketing communications, you will not receive further marketing communications.

If you wish to exercise any of these rights in relation to your personal data, please contact csdistributors@medivators.com. In order for us to fulfil your request, please make sure that we can identify you properly.

You also have the right to lodge a complaint with your competent supervisory authority.

8. Data Retention

We will retain your personal data for as long as you maintain an account, as necessary to provide you with services or as otherwise provided in this Privacy Policy or permitted by the GDPR. We in any case reserve the right to archive data for a longer period of time if this is required to comply with our legal obligations pursuant to Art. 6 Par. 1 lit. c) GDPR, or to claim, exercise or defend legal entitlements (legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR).

Where we no longer need to process your personal data, as described above, we will delete it from our systems. Additionally, where permissible, we will also delete your personal data upon your request. Contact us, as set out at the end of this Privacy Policy, to make a deletion request or for questions about our data retention practices.

9. Security / Safeguards

We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to personal data. Please be advised, however, that we cannot fully eliminate security risks associated with the retention, storage and transmission of personal data.

10. Minors

The website is not intended for minors under the age of 18. We will not knowingly collect personal data from minors under 18 years of age.

Please be advised that the minimum age may vary based on country/region and on local law. If you become aware that a minor has provided us with personal data without parental consent, please contact us at csdistributors@medivators.com.

If we become aware that a minor under 18 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the minor’s account. Any communications that are identified as being from a minor under the age of 18 will not be retained.

11. Updates and Changes to This Privacy Policy

We may change this Privacy Policy from time to time. Please read this Privacy Policy and reach out to us, as described below, with any questions.

12. Contact Details and Further Information

We have appointed a data privacy point of contact who is responsible for overseeing questions in relation to this Privacy Policy.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at:

Medivators BV

Amerikalaan 110
6199AE, Maastricht Airport
The Netherlands

or via email at csdistributors@medivators.com.