Privacy Statement of Arthrex GmbH

In this Privacy Statement we, Arthrex GmbH (“We”) will inform you about how we process and use your personal data in connection with this website and on the specific rights you have in connection with your personal data.

1. Scope

1.1. Please note that this Privacy Statement applies only to use of this website. Use of our general corporate website at www.arthrex.com, and other data processing not related to this website are subject to our General Privacy Statement.

1.2. You can find our General Privacy Statement here.

1.3. Our General Privacy Statement also includes additional explanations of certain terms and concepts used herein and further information on how we handle personal data of (prospective) customers and business partners outside of this website.

2. Name and Address of the Data Controller, Contact Details for the Data Protection Officer, and Supervisory Authority

2.1. You will find our contact details below:
Arthrex GmbH
Erwin-Hielscher-Strasse 9
81249 München
Telefon:08990 90 05 0 Telefax:089 90 90 05 2801
Website:www.arthrex.com E-Mail:info@arthrex.de

2.2. You can contact our data protection officer at any time with any questions about data protection. Our data protection officer’s name and contact details are as follows:
Leif-Eric Langguth
Arthrex GmbH, Erwin-Hielscher-Strasse 9, 81249 München
E-Mail: dataprotection@arthrex.de

2.3. The data protection supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)
Address:
Promenade 27 (Schloss)
91522 Ansbach
Germany Postal address:
Postfach 606
91511 Ansbach
Germany
Contact details:
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de
If you wish to file a complaint, you can also use the complaint form available at https://www.lda.bayern.de/de/beschwerde.html.

3. Processing in the Context of this Website

3.1. Processing in the Context of Use of our Website

3.1.1. When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer.

We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you except as disclosed in Sec. 3.2.2.

This processing will take place for the fulfilment of the existing contract of use with you, as far as it serves the purpose of the technical implementation of the website’s use (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR) and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We will assume that your interests do not conflict with this, because the measures described below are taken in order to limit processing to an appropriate degree.

3.1.2. We will also use the data described in Sec. 3.2.1 to draw conclusions about your interests from your use and to adapt our website’s offerings according to your interests (profiling). We do this for the preservation of our aforementioned legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described in Sec. 3.2.4 (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR).

3.1.3. We use cookies, among other things, to process the data mentioned under Section 3.2.1 and 3.2.2. Cookies are files that are stored on your computer's hard drive and are accessed by our server when you visit our website. We use cookies to make your use of the website more convenient.

Cookies for identifying your browser for the services of Google Analytics (see Sec.3.3)

Cookie for identifying your browser for the services of Marketo (see Sec.3.3)

Cookies for identifying your browser during the session and for storage of country settings, which are required for the technical operation of the website

You can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time. Please refer to your browser's operating instructions to find out how this works. If you do not accept cookies, this can lead to restrictions in the use of our service.

3.1.4. When you visit our website, you are notified of the use of cookies for tracking and analysis (see Sec. 3.3) and asked to provide your express consent. The notice makes reference to the detailed explanations in this Privacy Statement.

3.1.5. Log files are deleted after 30 days. Most cookies expire and are deleted at the end of your browser session, some (including those mentioned in Sec. 3.3) will persist for up to 24 months before they expire and are deleted. After expiry of those periods information will be deleted or made anonymous.

3.2. Use of Analytics Services

We use the analytics services described below. We use these services for the purposes set forth in Section 3.2.1 and 3.2.2 and the preservation of our legitimate interest described therein (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described in Sec. 3.2.4 (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR):

3.2.1. Our website uses Google Analytics, a web analysis service of Google LLC (https://www.google.de/intl/en/about/), 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google").

3.2.2. You can find further information on how Google uses information from sites or apps that use its services here:

https://www.google.com/policies/technologies/partner-sites/

3.2.3.Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how users use the site (see Section 3.2.3). The information generated by the cookie about your use of this website such as pages visited and

is usually transferred to a Google server in the USA and stored there. IP anonymisation has been activated on this website such that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area will be truncated beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of this website’s operator, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use.

The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

Disabling add-ons: You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use this website’s full functionality. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Opt-out: In addition or as an alternative to the browser add-on you can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set which prevents the future collection of your data when visiting this website:

Google Analytics deaktivieren

The opt-out will work only in the browser and only for this domain. An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you must click this link again.

Please note that on this website, Google Analytics has been supplemented with the code "gat._anonymizeIp();" to ensure anonymous collection of IP addresses (so-called IP masking).

You can find additional information on the use and protection of your data in connection with Google Analytics on the Google Analytics help pages (https://support.google.com/analytics/answer/6004245?hl=en).

3.3. Recipients

3.3.1. Our website is stored exclusively on servers in the European Economic Area.

3.3.2. Our website may contain references to third parties’ offers in the form of links, advertising banners or the like. If you follow these links (usually by clicking on the link or advertising banner), you will be directed to third-party offers. For further information on this please refer to our General Privacy Statement (see Section 1.2).

3.3.3. We enable other companies of our group of undertakings which are established within the European Economic Area to present their products and services on our website and to communicate with users in their respective countries of establishment through our website. For further information on this please refer to our General Privacy Statement (see Section 1.2).

4. Your Rights

You as the data subject have certain rights with regard to your personal data, which we will explain to you below:

4.1. Right of Access and Information (Art. 15 of the GDPR) - You have the right, where the statutory requirements are met, to request from us at any time, at no cost, confirmation as to whether personal data relating to you is being processed, a copy of this data and comprehensive information on this personal data. This right extends in particular, without limitation, to the purposes of processing, the categories of personal data being processed, the recipients, the storage period and the origin of the data.

4.2. Right to Rectification (Art. 16 of the GDPR) - You have the right to request us to rectify incorrect and incomplete personal data concerning you without delay, where the statutory requirements are met.

4.3. Right to be Forgotten (Art. 17 of the GDPR) - You have the right to demand from us the immediate deletion of personal data concerning you, where the statutory requirements are met, if, among other reasons, their storage is no longer necessary or unlawful, if you revoke your consent on which their storage was based, if you have validly objected to their storage in accordance with Sections 4.6 et seq., if we are obligated to delete them for any other reason or if the data were collected as part of a web service. If we have made the data public, in addition to deletion of the data, we must also inform other controllers in such cases that you have requested the deletion of this data and all references thereto, insofar as this is reasonable in view of the available technology and the implementation costs. The above obligation does not apply in certain exceptional cases, in particular storage for the purpose of establishing, exercising or defending legal claims.

4.4. Right to Restriction of Processing (Art. 18 of the GDPR) - You have the right to request us, where the statutory requirements are met, to restrict the processing of personal data relating to you, for example if you dispute their accuracy, the storage is no longer necessary or is unlawful and you still do not wish to have it deleted or if you have filed an objection to the processing (Sections 4.6 et seq.) as long as it has not yet been established whether our legitimate reasons outweigh yours.

4.5. Right to Data Portability (Art. 20 of the GDPR) - If automated processing of personal data occurs solely on the basis of your consent or to fulfil a contract with you or to implement pre-contractual measures, you have the right to require us, subject to statutory requirements, to make available the personal data in relation to yourself that you have provided to you or to a third party you designate, if this is technically feasible, in a structured, current and machine-readable format and not to impede its transfer to a third party.

4.6. Right of Objection (Art. 21(1) of the GDPR) - You have the right to require us, where the statutory requirements are met, to no longer process personal data relating to you which we process for the performance of a task which is in the public interest or for the protection of our legitimate interests or those of a third party, if you object to such processing for reasons which arise from your particular situation. In this case we must desist from further processing unless there are compelling grounds for processing which outweigh your interests or the processing is carried out for the establishment, exercise or defence of legal claims.

4.7. Right of Objection to Direct Marketing (Art. 21(2) of the GDPR) - You can object to the further processing of your personal data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

4.8. Automated Decisions (Art. 22 of the GDPR) - We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

4.9. Guarantees - To the extent that we indicate in this Privacy Policy that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from our Data Protection Officer. If a guarantee exists in the form of participation in the Privacy Shield Program, you will find information and documentation here: http://europa.eu/rapid/press-release_MEMO-16-434_en.htm..

4.10. Consents - If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection pursuant to Sections 4.6 et seq.). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider ).

4.11. Right to Lodge a Complaint - You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us (Section 2.3).

4.12. You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our data protection officer also. You may be required to identify yourself to us as a data subject to exercise your rights.

5. Security

We have implemented extensive, industry standard technical and organisational measures to protect your personal data from unauthorised access and misuse.

6. Changes to this Privacy Statement

We reserve the right to make changes to this Privacy Statement at any time.

Arthrex GmbH

Rev. April 2019