MEDIVATORS BV website privacy notice
Version: June 2021
Our contact details
Address: Amerikalaan 110, 6199AE, Maastricht Airport
Phone Number: +31 45 5 471 471
The type of personal information we collect
From this website we collect and process personal data and contacts as listed below:
- first and last name;
- company / hospital;
- telephone number.
We also collect server log files: IP address, date and time of access, amount of transferred data, referrer URL (the website which directed you onto our website), your browser type and your operating system, hosts, web search queries.
How we get the personal information and why we have it
Personal information we process is provided to us directly by you filling the contact and/or newsletter form.
We use the information that you have given us in order to provide you with quotations of our services and products, to answer claims, to provide information in general, the newsletter, and to answer other requests made by you.
Without your consent we use this third party services to analyse, anonymously, users activities on the website:
- Google Search Console: Google Inc., provides data on search queries and landing pages, with no IP address recording or other processing activities of personal data.
- Microsoft 365 is a cloud based software we use to send our daily e-mails and store all other data secured. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA
After the submission of your query from the contact page, or the subscription to our newsletter, you’ll receive an automated email asking you to confirm or deny your consent to marketing processing activities.
With your consent, we will process your personal data in order to provide you with:
our marketing communications by our newsletter and/or telephone;
- Newsletter and e-mail marketing services provided by “Mailchimp”, a marketing platform for businesses, for newsletter management; this service is provided by The Rocket Science Group, LLC, 675 Ponce de Lean Ave NE, Suite 5000, Atlanta, GA 30308, U.S.
- events invitations by e-mail, newsletter, mail and/or telephone.
You are able to remove your consent at any time contacting us or clicking the “unsubscribe” link that you can find in our emails.
Your consent is not mandatory to contact us.
We can also process your personal data without your consent to fulfil legal obligations, if any, vital interests, perform a public task, if we have another legitimate interest or we have to fulfil obligations established by the services specifically subscribed by you, by the law and regulations or by any order of the relevant Authority.
How we store and process your personal information
Your information is securely stored on our cloud based systems.
We will process your personal data for the time necessary to fulfil the aforementioned purposes and however for no more than 5 years from your consent, or its renewal, for marketing purposes.
Save the above, and missing additional reasons or legal obligations, we keep your personal data for a maximum period of 10 years. We will then delete your personal data from our systems in accordance with our data deletion policy.
Data flows and transfer to third parties
Your information will be accessible to our employees, companies of the Cantel Group and to third-party companies or other subjects carrying out outsourced activities and services on behalf of us, also in their capacity of external data processors.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we respond to you in the shortest time.
You can withdraw your consent to receive marketing communications at any time using also the “unsubscribe” link at the end of a marketing communication.
If you wish to make a request please contact us using contact details above.
If you have any concerns about our use of your personal information, you can make a complaint to us and/or to the competent Authority.
- Who We Are
For more information about:
- the Privacy Shield Principles, please visit the U.S. Department of Commerce’s website at https://www.privacyshield.gov/
- our Privacy Shield privacy standards, consult the following link http://www.cantelmedical.com/privacy-shield-policy.
2. Collection, Processing and Use of Personal Data
We use the information collected on and through our website to determine usage trends, provide our services, respond to queries and to provide a more personalised experience on our website. This personal data falls into several categories:
2.1 Information You Provide to Us
We collect information when you fill in forms or otherwise contact us, request marketing communications (see Section 3 (Marketing Communications) for more details) or otherwise communicate with us. The personal data we collect is necessary to provide the contracted services to you pursuant to Art. 6 Par. 1 lit. b) GDPR or used with your consent pursuant to Art. 6 Par. 1 lit. a) GDPR (and you consent to our collecting and processing your personal data when you send us a request) or for our legitimate interests to respond to you pursuant to Art. 6 Par. 1 lit. f) GDPR.
If you choose to enter a promotion or contest, we may ask for your name, address and e-mail address, among other pieces of information, so we can distribute promotional offerings, administer the promotion or contest and notify winners. We may need to forward such information to fulfilment houses or distributors. However, our partners have agreed to keep any personal information provided to them confidential and secure, unless you consent to such information being shared with other product manufacturers.
2.2 Information We Collect Directly When You Use Our Website
If you contact us or subscribe to our marketing communications, we may collect personal data to respond to or act on your request. Additionally, we collect or use certain online identifiers, including:
Server Log Files
Each time you visit our website, your browser transfers the following data to our server:
- IP address,
- date and time of access,
- amount of transferred data,
- referrer URL (the website which directed you onto our website),
- your browser type and
- your operating system.
We need to receive this data to be able to deliver our website and its content in a suitable way to you as well as to ensure the stability and security of our website. We generally do not store the log file data, but may do so in particular instances for up to seven days to identify technical problems or security incidents (e.g., illegal use of the website, hacker attacks, etc.). If we identify a security incident, we also reserve the right to retain the log file data for as long as required to pursue our legal claims in connection with it and may also make it available to third parties for that purpose (e.g., investigative authority).
Providing our website and its content to you as well as ensuring the stability and security of our website, including the pursuit of any legal claims, are necessary for our legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR.
3. Marketing Communications
If you indicate on a form or otherwise contact us to receive marketing communications from us, we will send such communications to you in accordance with your request and by the contact details you have given us. You can always ask us to stop sending such communications via email or by using the “unsubscribe” link included in each marketing communication.
We offer marketing communications with information on our products and services. Users will only receive marketing communications if they subscribe to this service and provide the personal data requested by us in connection with such communications. To subscribe to the marketing communications, you will need to provide your e-mail address, first and last name, job title and organisation.
- Microsoft 365 is a cloud based software we use to send our daily e-mails and store all other data secured. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. ("Microsoft")
- We also use the marketing services provided by “Mailchimp”, a marketing platform for businesses, for newsletter management; this service is provided by The Rocket Science Group, LLC, 675 Ponce de Lean Ave NE, Suite 5000, Atlanta, GA 30308, U.S. (“Mailchimp”).
Your e-mail address and, if applicable, the other personal data provided in connection with the subscription are stored on the servers of Microsoft. This data is also used by Mailchimp on our behalf to send marketing communications to you and analyse email distribution. When you open any marketing communication, your browser will retrieve a “web-beacon,” a pixel-sized file contained in the email, from the Mailchimp servers in the U.S. Thereby, technical information, such as information in relation to your browser, system, IP address and the time of retrieval, is processed. Further, the Mailchimp server also collects data as to whether the recipients opened the email, when they opened it and which links they clicked. We exclusively collect this data for statistical purposes and to adapt the content of our marketing communications to our customers’ preferences and provide a better service. We do not create user profiles based on this data.
Further, we have entered into a data processing agreement with Microsoft and Mailchimp which imposes the obligation upon these service providers to process the personal data of our subscribers only based on our instructions.
The legal basis for the processing of your personal data in relation to such marketing communications is your consent pursuant to Art. 6 Par. 1 lit. a) GDPR. The legal basis for the use of Microsoft and Mailchimp, statistical assessments by us and the logging of the subscription data is our legitimate interest in providing a user-friendly and secure marketing communications service, as well as in improving our marketing, which serves both our business interests as well as the expectations of our users, pursuant to Art. 6 Par. 1 lit. f) GDPR.
You can withdraw your consent to receive marketing communications at any time. Please use the "unsubscribe" link at the end of a marketing communication to unsubscribe from marketing emails or contact us in writing (see contact details in Section 12 (Contact Details and Further Information)), specifying which method of marketing communications you would like to unsubscribe from or whether you would like to unsubscribe from all our marketing communications. Please note that we are not able to provide you with marketing communications without the support of the services provided by Microsoft and Mailchimp.
Your personal data provided in relation to the marketing communications will be deleted if you withdraw your consent unless we need to store it to pursue or defend legal claims. The legal basis for this storage is our legitimate interests to pursue or defend claims pursuant to Art. 6 Par. 1 lit. f) GDPR. Additionally, we may continue to process such data if permitted based on another pertinent legal basis, including a legal obligation (e.g., statutory law, court order or order of an authority, etc.) pursuant to Art. 6 Par. 1 lit. c) GDPR.
4. Collection and Use of Personal Data by Third Parties
When you visit our website, third parties will be able to collect personal data from you as described in this section. Most third-party service providers will only collect data on our behalf and not for their own business purposes. If data is collected and used for a third party’s business purposes, then this will only occur based on a contractual arrangement between us and the respective third party in which we will bind the third party to only use the collected data for the purposes described in the contractual arrangement.
4.1 Service Providers
Microsoft is the service provider providing the cloud data storage services specified in Section 3 (Marketing Communications) above; in the context of its role of data processor, Microsoft has adopted binding corporate rules (which can be accessed at https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2OBC5) establishing safeguards with respect to the transfer and protection of personal information from the EU to the U.S.; also, our data processing agreement with Microsoft incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.
Mailchimp is the service provider providing the email marketing communication distribution services also specified in Section 3 (Marketing Communications) above; our data processing agreement with Mailchimp also incorporates the standard contractual clauses for transfer of personal data outside the EU, adopted by the European Commission.
When you click on links on our website which direct you to the website of another website provider, this website provider will likely also collect certain data from you, probably at least the data described in Section 2.2(i) above. However, this data is neither collected on our behalf nor otherwise controlled or used by us; therefore, we are neither legally obliged nor able to give you any information on what data will be collected if you click on such a link. Third party websites have their own privacy policies which may be different from ours. We are not liable for any of such third-party websites, which you use at your own risk.
5. Transfer of Personal Data / Recipients of Personal Data
As described above in Section 4 (Collection and Use of Personal Data by Third Parties), we allow certain third parties to collect personal data from you. For further details regarding these recipients of personal data, please see the information in Section 4 (Collection and Use of Personal Data by Third Parties).
Personal data may also be shared with our affiliates in accordance with the purposes for which personal data was originally collected or otherwise could be lawfully processed. Our U.S. affiliates participate in, and have self-certified their adherence to, the principles of the EU – U.S. Privacy Shield Framework.
In general, we will only transfer your personal data to third parties if this is required to perform a contract with you or if we are under a statutory legal obligation or ordered by legally binding order of an authority or court.
Further, we generally reserve the right to use third parties who collect and process personal data on our behalf (e.g., hosting providers or IT service providers, including those specified in Section 4.1). They will only receive the amount of data which is required for the assigned task. Such service providers will usually be contracted as “data processors,” who are only allowed to process data based on our instructions and who will only be contracted if they provide the necessary qualifications set out for a data processor in the GDPR. The legal basis for the use of third parties and the related transfer of personal data may, subject to the circumstances, be performance of a contract pursuant to Art. 6 Par. 1 lit. b) GDPR or legitimate business interests pursuant to Art. 6 Par. 1 lit. f) GDPR. Providing we select and use data processors in compliance with the provisions of the GDPR and other applicable data protection law, we deem that we have a legitimate interest for the use of third parties as data processors.
6. Transfer of Personal Data to Third Countries
In some cases, we transfer, or will transfer, your personal data to countries outside the EU or the European Economic Area.
We may transfer personal data to our U.S. affiliates pursuant to the EU – U.S. Privacy Shield Framework (as explained in Section 1 (Who We Are) above), as well as to the third-party service providers who collect and process personal data on our behalf (see also Section 4.1 and Section 5), located in the U.S., pursuant to our data processing agreements with them also incorporating standard contractual clauses for transfer of personal data outside the EU.
If you require any further information or details on the protections we have in place for transfers of data, do get in touch via the contact details set out below.
7. Your Rights
Voluntary provision of information: With the exception of the necessary information we collect automatically when you use the website, as specified above, you are free to provide the personal data you choose to give us. Non-provision of such data may, however, entail the impossibility to proceed with your request.
Access: At any time, you have the right to obtain information concerning your personal data. This includes the right to know whether we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you are entitled to request rectification, erasure or restriction of the processing of your personal data.
Right to object: In certain cases, including where processing is based on legitimate interests of the data controller, you also have a right to object to the processing of personal data on grounds relating to your particular situation; in this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can ask for more details about our legitimate interests.
Where personal data is processed for direct marketing purposes, you always have the right to object at any time to the processing of your personal data for such marketing purposes, including any profiling connected to such direct marketing purposes.
Portability: You also have the right to data portability (i.e., to have a copy of your personal data and transfer it to other providers) subject to certain limitations.
Consent: In case we process personal data based on your consent, e.g., contacting us or opting into our direct email marketing communications, you are entitled to withdraw your consent at any time, as explained in Section 3 (Marketing Communications). Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid or illegal the processing based on consent before its withdrawal. If you withdraw your consent in relation to communications addressed to us through the contact form, we may still be required to store your personal data as specified in Section 3 (Marketing Communications). If you withdraw your consent in relation to direct marketing communications, you will not receive further marketing communications.
If you wish to exercise any of these rights in relation to your personal data, please contact firstname.lastname@example.org. In order for us to fulfil your request, please make sure that we can identify you properly.
You also have the right to lodge a complaint with your competent supervisory authority.
8. Data Retention
9. Security / Safeguards
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to personal data. Please be advised, however, that we cannot fully eliminate security risks associated with the retention, storage and transmission of personal data.
The website is not intended for minors under the age of 18. We will not knowingly collect personal data from minors under 18 years of age.
Please be advised that the minimum age may vary based on country/region and on local law. If you become aware that a minor has provided us with personal data without parental consent, please contact us at email@example.com.
If we become aware that a minor under 18 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the minor's account. Any communications that are identified as being from a minor under the age of 18 will not be retained.
12. Contact Details and Further Information
6199AE, Maastricht Airport
or via email at firstname.lastname@example.org.