Effective as of September 2024
The protection of your personal data is very important to us. At this point, we would like to inform you about data protection in our company. Your personal data will solely be used within statutory data protection regulations, such as the General Data Protection Regulation (GDPR) or the German Federal Data Protection Act (BDSG) and the Protection of Privacy in Telecommunications and Telemedia (TTDSG). Our employees and agents are obliged to comply with data protection regulations. Below you will find information about the nature, scope and purpose of the collection and use of your personal data and your rights.
1. General Data Protection Information
1.1. Processing of personal data
Within the context of our privacy policy, we would like to inform you about the processing of personal data. Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) is any information relating to an identified or identifiable natural person, e.g. name, address, e-mail addresses, etc., which is processed by us.
1.2. Data Controller and Data Protection Officer
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) is
Brainlab AG
Olof-Palme-Straße 9
81829 Munich
For inquiries, please contact dataprivacy@brainlab.com.
If you have any data protection concerns, please do not hesitate to contact our data protection officer.
Katharina Ruhenstroth
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de
1.3. Your Rights
The GDPR gives those who are affected by the processing of your personal data (data subjects) various rights, which we would like to explain to you below. You have the right
pursuant to Art. 15 GDPR to request information about your personal data processed by us;
<br/ >
pursuant to Art. 16 GDPR to demand the rectification of inaccurate or the completion of incomplete personal data stored by us;
<br/ >
pursuant to Art. 17 GDPR to demand the deletion of your personal data stored by us;
<br/ >
pursuant to Art. 18 GDPR to obtain the restriction of the processing of your personal data;
<br/ >
pursuant to Art. 20 GDPR to receive your personal data, you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller;
<br/ >
pursuant to Art. 21 (i), under certain conditions, to object to the processing of your personal data based on Art. 6 Sec. 1 lit. e GDPR (in the public interest) or pursuant to Art. 6 Sec. 1 lit. f GDPR (for safeguarding a legitimate interest), or (ii) to object to the processing for direct marketing purposes;
<br/ >
pursuant to Art. 7 Sec. 3 GDPR to withdraw a consent once given to us at any time. This also applies to the withdrawals of consents that were given to us prior to the entry into force of the General Data Protection Regulation, ie before 25 May 2018. As a result, we will not be allowed to continue the processing based on this consent for the future without affecting the legality of the processing carried out on the basis of the consent until the withdrawal;
<br/ >
pursuant to Art. 77 GDPR lodge a complaint with a supervisory authority.
<br/ >
For asserting the statutory data subject rights and for all other questions about data processing, please write to the address of Brainlab AG listed above or send an e-mail to dataprivacy@brainlab.com. The exercise of your above rights is free of charge for you.
For US Residents:
You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications.Notice to California Residents: The California Civil Code permits California residents to request that we not share your Personally Identifiable Information with third parties for their direct marketing purposes. If you are a California resident, you may contact dataprivacy@brainlab.com to request information regarding whether and how we share personal information with third parties for their direct marketing purposes and/or to request that such information not be shared with third parties for such purposes.
1.4. Recipients
A transfer of your personal data to third parties for purposes other than those listed below does not take place. In addition, further transfer always occurs only if there is a legal basis.
We only transfer your personal data to third parties if for example:
you have given your express consent to do so in accordance with Art. 6 (1) a) GDPR; or
this is necessary according to Art. 6 (1) lit. b) GDPR for the processing of contractual relationships with you, e.g. to credit institutions or external service providers for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods, including shipment tracking; or
to the extent that there is a legal obligation for the disclosure pursuant to Art. 6 (1) c) GDPR; or
the disclosure according to Art. 6 (1) lit. f) GDPR is necessary in the context of our legitimate interests, for example for the assertion, exercise or defense of legal claims and you have no overriding legitimate interest in the non-disclosure of your data.
On this legal basis and regarding the purposes we may share your information with third parties who provide services on our behalf to assist us in our business activities. These companies are authorized to use your personal information only to the extent necessary to provide those services to us.
Brainlab and these companies have an agreement that the information you provide to us may not be shared by the outside vendors with outside companies without Brainlab’s permission, and that this information may not be used for any purpose other than to provide a service or materials.
We use service provider for our marketing (such as webhosting and newsletters) and for the optimization of your user experience.
Duration of Storage
Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected and processed. After the purpose has ceased to exist, the data will be deleted if storage is necessary for the fulfillment of a legal obligation or for the assertion, exercise or defense of legal claims. During the period of the storage obligations, the data is blocked, after which it is deleted. Further information on storage periods, if required, can be found in the respective sections on individual processing operations.
1.5. Transfer to third countries
We select the services used on our website in such a way that the protection of your personal data is guaranteed in the best possible way. In the case of some services, we have no influence on ensuring that the data processed by these services does not reach the parent companies in the USA or other third countries. If there is no decision of the European Union for these countries that they have a comparable level of data protection as the European Union (so-called EU Adequacy Decision), we or our contractual partner have concluded a separate set of contracts or binding corporate rules that ensures this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data even in the event of a transfer to the third country.
2. When you visit our website
2. 1. Providing our Website
In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server and that is technically necessary for the presentation of our website and to ensure stability and security.
For retrieval from the website, the short-term registration of the IP number is indispensable. The IP address is the globally valid, unique identification of a computer and consists of four blocks of digits separated by dots. As a rule, private users are not assigned a constant IP address by the provider, but only a temporary IP address for one session. Nevertheless, with static IP addresses, a clear assignment of the user’s data is possible in principle via this characteristic. The external web servers (see section 1.5) store IP addresses for a maximum of 14 days. Afterwards, the access data is anonymized.
The data we collect for the purposes stated above are:
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
browser
Operating system and its interface
The legal basis for this is Art. 6 (1) f) GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails at this point.
2. 2. Cookies and other Technologies
A cookie is a small text file that allows a website to recognize a browser. Cookies are stored in a text file on the computer and retrieved and read the next time the web server is contacted.
There are different types of cookies. Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and are stored in the user’s browser for a predefined time. First-party cookies are set by the website that the user visits. Only this website is allowed to read information from the cookies.
Third-party cookies are set by organizations that do not operate the website the user is visiting. These cookies are used by marketing companies, for example.
The duration of the used cookies is limited to max. 14 months, unless otherwise stated below.
For US Residents:
Except as otherwise specified in this Privacy Policy, Brainlab does not alter the practices detailed herein based upon your selection of the do not track setting or other opt out setting or feature that may be offered by your browser; however, Brainlab reserves the right to do so in the future.
2.2.1. Facebook Pixel
We use the Custom Audiences service of Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”) as part of our usage-based online advertising. For this purpose, we define target groups of users in the Facebook Ads Manager based on certain characteristics, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website.
Basically, this generates a non-reversible and non-personal checksum (hash value) from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). Your IP address is also stored and used for the geographic targeting of advertising.
Facebook Custom Audiences via the customer list is not used by us, as is the “extended matching” function.
For more information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your settings options for protecting your privacy, please refer to Facebook’s privacy policy. You can also make settings regarding which advertisements are displayed to you on Facebook in the Facebook account settings.
The data collected by the Facebook Conversion Tracking Pixel will be stored 7 days by us.
The legal basis for the collection of data is your consent. You can revoke your consent at any time and with effect for the future.
Joint responsibility:
Brainlab AG and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, are jointly responsible for the collection and transmission of data as part of this process. We have entered into a corresponding agreement with Facebook for this joint responsibility, which can be accessed here: https://www.facebook.com/legal/controller_addendum . This sets out the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint responsibility. The contact details as well as the data of the data protection officer of Facebook are available here: https://www.facebook.com/about/privacy .
2.2.2. General information about Google services
We use various services of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to operate our website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In the following, we will refer to the provider as “Google”.
2.2.2.1 Google Tag Manager
For transparency reasons, we would like to point out that we use the Google Tag Manager.
The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have deactivated it, this deactivation will be taken into account by the Google Tag Manager. For more information on the Google Tag Manager, see:
https://www.google.com/intl/de/tagmanager/use-policy.html .
2.2.2.2. Google Analytics
Google Analytics uses cookies that enable an analysis of the use of the website by the user. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google uses this information on behalf of Brainlab AG for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The collection and storage of data only takes place after explicit consent according to Art. 6 (1) a) GDPR. This consent can be revoked at any time with effect for the future. Otherwise the data will be deleted after 14 months.
You can find more information on the terms of use and data protection at https://marketingplatform.google.com/about/analytics/terms/us/ or at https://policies.google.com/?hl=en
2.2.2.3. Google Dynamic Remarketing, Ads and Conversion Tracking
We use Google’s marketing and remarketing services (Google Marketing Services) to optimize and economically operate our online offering.
The Google marketing services allow us to display advertisements for our website in a more targeted manner in order to only present you with ads that potentially match your interests. For example, if you are shown ads for our services on other websites, this is called “remarketing”. For these purposes, when you visit our website and other websites on which Google Marketing Services are active, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies can also be used instead of cookies).
The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. Your IP address is also recorded.
The IP address will not be merged with your data within other Google offerings. The above information may also be combined by Google with such information from other sources. If you subsequently visit other websites, you may be shown ads tailored to your interests.
We process your data as part of the Google Marketing Services pseudonymously. This means that Google does not store and process your name or e-mail address, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.
The Google Marketing Services we use include the online advertising tool “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked across Ads customers’ websites. The information obtained using the cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
Furthermore, we may use the Google Tag Manager (see section 2.2.2) to integrate and manage the Google analysis and marketing services on our website.
The data collection and storage are only carried out after explicit consent according to Art. 6 (1) a) GDPR. This consent can be revoked at any time with effect for the future.
Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads . Google’s privacy policy is available at https://www.google.com/policies/privacy.
2.2.2.4. Google DoubleClick
We also use Google Double Click on our website. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on the advertisement from us.
If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.
The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 (1) a) GDPR. This can be revoked at any time with effect for the future.
Further information on DoubleClick by Google can be found at https://www.google.com/doubleclick and on data protection at Google in general: https://policies.google.com/privacy?hl=en.
2.2.2.5. Youtube Videos
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller of your data.
Here, we use the enhanced privacy option provided by YouTube to protect your personal data. When you call up a page in which a YouTube video is embedded, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser. According to YouTube’s information, however, data is only transmitted to the YouTube server in “extended data protection mode” when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
The collection and storage of data only takes place after explicit consent according to Art. 6 (1) a) GDPR. This can be revoked at any time with effect for the future.
Further information on YouTube data protection is provided by Google under the following link: https://policies.google.com/privacy?hl=en&gl=de .
2.2.3. X also known as Twitter
Within the framework of the operation of our website, we use various services of the provider X (known as Twitter) of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA on our website. Within the EU/EEA, the responsible body for dealing with data subjects’ rights is the Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. In the following we name these “X”.
2.2.3.1. X/Twitter Analytics
If you become active via our X presence in the form of messages, comments, mentions or “likes” that contain personal data (e.g. your name, date of birth or address), this data is transmitted by X to us as the operator of our X account.
Tweets and profile information are generally publicly accessible data, which means that every X user can see your profile data and tweets. However, this also means that replies (e.g. comments or “like” votes) can be recorded. You can make settings for this in your account settings under the item “Privacy and security”: https://twitter.com/settings/safety .
We would like to point out that we also make use of the “X/Twitter Analytics” function when operating the X presence. Via X/Twitter Analytics, owners of a X account can retrieve and analyze a summary of data in the form of statistics within a tool. With the help of this tool, measures of the X presence can be evaluated, insights into the target group can be gathered, fan engagement and the viral spread of one’s own posts can be obtained.
With X/Twitter Analytics, we have the option via X to retrieve the following statistics, among others, which do not allow any conclusions to be drawn about individual users:
“Like” views
Page views
Gender ratio or regional distribution of users
Post reach
The legal basis for our use of the X/Twitter Analytics function as part of our X presence is Art. 6 (1) f) GDPR. Our legitimate interest is to improve our corporate communications and to identify, monitor and analyze publicly available opinions, conversations, sentiments, trends or other interactions that are relevant to our business.<br/ >For more information about X’s privacy practices, please visit: https://twitter.com/de/privacy .
2.2.3.2. Twitter Conversion Tracking
X/Twitter Conversion Tracking used with X/Twitter Pixel a tool by Twitter Inc, USA allows us to statistically record the use of our website in order to optimize it.
Conversion Tracking returns data to X and helps with user attribution. This is done by matching conversion data with a X user using available identifiers such as cookie IDs, click ID or email.
With conversion tracking, a cookie is set on your terminal device by X when you visit our website by clicking on a X/Twitter ad. Conversion tracking is used to compile statistics and not to identify you personally. Matched data can be used for the purposes of creating audiences from website activity for campaign retargeting, improving optimization models that allows us to drive actions within our campaigns, or reporting campaign results so we better understand the impact on our campaigns.
For more information, please visit https://business.twitter.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites.html .
We only use the X/Twitter Pixel with your explicit consent in accordance with Art. 6 (1) lit. a) GDPR. This can be revoked at any time with effect for the future.
You can prevent the storage of cookies by setting your browser accordingly. In addition, you can make settings in your personal Twitter account to receive advertising: www.twitter.com/settings/personalization.
2.2.3.3. X/Twitter Advertising
X/Twitter Ads allows advertisers to collect data from the users who visit their website. Cookies and code are used that connect the website to another third-party platform like X. In the process, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to X for analysis and marketing purposes. In addition, a so-called “X/Twitter pixel” may be used to track the actions of users after they have seen or clicked on a X advertisement.
User behavior is recorded, such as websites visited, content retrieved, time of visit, etc., but also device-related data such as applications and operating systems used. Your IP address is stored and used for the geographic targeting of advertising. In “cross-device personalization”, Twitter also attempts to identify and link all user’s devices. Since the data is stored and processed by X, a link to the respective user profile on twitter.com is also possible.
Anonymized data is deleted within 6 months. Data that makes it possible to identify a specific user on X is deleted within 90 days. For more information on the duration of storage, please contact the provider or visit https://legal.twitter.com/ads-terms/international.html .
The data collection and storage only take place after explicit consent according to Art. 6 (1) a) GDPR. This can be revoked at any time with effect for the future.
For more information about the purpose and scope of data collection and the further processing and use of the data, as well as privacy settings, please refer to X’s privacy policy: https://twitter.com/en/privacy .
2.2.4. General information about LinkedIn
On our website we use services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
2.2.4.1.LinkedIn Analytics
The service stores and processes information about your user behavior on our website. For this purpose, the service uses, among other things, cookies that are stored locally in the cache of your web browser on your end device and that enables an analysis of your use of our website.
The data collection and storage only take place after explicit consent according to Art. 6 (1) a) GDPR. This can be revoked at any time with effect for the future.
We use the service to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
You can also prevent the storage of cookies generated by this service by making the appropriate settings in your web browser. We would like to point out that in this case you may not be able to use all the functions of our website.
2.2.4.2. LinkedInAds
To evaluate our online advertising, we use the service LinkedIn Ads Conversion Tracking. For this purpose, we define target groups of users in the LinkedIn Campaign Manager on the basis of certain characteristics, who are subsequently shown advertisements within the LinkedIn network. Users are selected by LinkedIn based on the profile information they provide, as well as other data provided when using LinkedIn. If a user clicks on an advertisement and then visits our website, LinkedIn receives the information that the user has clicked on the advertising banner via the conversion tag embedded on our website.
The LinkedIn tag enables the collection of visited web pages, including the URL, referrer ID, IP address, device and browser properties and timestamp. IP addresses are shortened or hashed (for cross-device use) by LinkedIn. Members’ direct identifiers are removed within 7 days to pseudonymize the data. The remaining pseudonymous data is then deleted within 180 days.
Using the LinkedIn pixel, we can show personalized ads outside our website without identifying individual members. Data that does not identify individuals is also used to improve ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings. LinkedIn refers to the following link to customize advertising preferences: https://www.linkedin.com/mypreferences/d/settings/ads-interactions-with-business .
We process this data to evaluate our advertising campaigns. The legal basis for the processing is your consent within the meaning of Art. 6 (1) a) GDPR. Without your consent via our Consent Tool, no data will be processed for LinkedIn Conversion Tracking. Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the cookie settings.
Further information on the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in the LinkedIn privacy policy.
Further information on LinkedIn Conversion Tracking can be found at: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started . Further information on data processing and storage duration can be found at https://www.linkedin.com/help/linkedin/answer/65521?lang=de .
2.2.5. Ipinfo
In order to provide you with location-based content, we use the ipinfo.io service provided by IDB, LLC 300 Lenora Street #516, Seattle, WA 98136, USA.
ipinfo is a tool to determine the public IP address. Furthermore, geolocation data about the IP address can be retrieved. In particular, we use ipinfo to show you the nearest address of a Brainlab location.
The legal basis for the processing is your consent within the meaning of Art. 6 (1) a) GDPR. Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the cookie settings. If you revoke your consent or your marketing purposes are fulfilled, we delete your data collected by ipinfo.
3. Contact us via e-mail
When you provide your personal data to us of your own initiative, for example, when you contact us, we collect this personal data. We will, of course, use the personal data provided to us exclusively for the purpose for which you provided it when contacting us.
Any communication of this information is on a voluntary basis and in these cases is initiated by you. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), we will use these channels to contact you in accordance with your request.
The purpose of processing your data is to handle and respond to your request. The legitimate interest in the processing also lies in the purposes described. The basis for the processing of the data that you transmit to us in the course of contacting us is Art. 6 (1) f) GDPR, if not stated otherwise below.
We will delete your data that we have received in the context of contacting you as soon as they are no longer needed to achieve the purpose for which they were collected, i.e. your request has been fully processed and no further communication with you is required or requested.
4. Fanpages
Social media have become an integral part of the internet and modern communication. To stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook, LinkedIn, Twitter, TikTok, YouTube and Instagram.
4.1. Joint Controller
As operators of these pages, we are jointly responsible with the respective network operators within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). As the jointly responsible parties for the fan pages, we have entered into the following data protection agreements.
Meta Plattforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter: Facebook. Here you can find the https://www.facebook.com/legal/terms/page_controller_addendum and general privacy policy for the use of Facebook.
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, hereinafter: LinkedIn. The data processing agreement can be found here.
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, hereinafter: Twitter. You can find out more about Twitter in the general terms and conditions and the further guidelines linked here.
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, hereinafter: TikTok. You can find out more about TikTok in TikTok’s Jurisdiction Specific Terms and Privacy Policy.
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter: Instagram. Here you can find Instagram’s Terms of Use and Instagram’s Privacy Policy.
4.2.Use of cookies and analytics
On our company pages, we provide information and offer users the opportunity to communicate. If you carry out an action on one of our company websites (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public. In addition, demographic and geographic evaluations are also created based on the information collected and made available to us. We may use this information, for example, to target interest-based advertisements. The purpose of this is to control the marketing of Brainlab’s activities. However, the visitor statistics created are transmitted to us exclusively in anonymized form, so that we do not obtain any direct knowledge of the visitor’s identity.
You can find more information on the analysis options within the scope of our company pages and on the storage of your data on the various channels in the respective privacy policy of the social network.
4.3. Disclosure of data and legal basis
Regarding the the operators of the social media there is a possibility that some of the collected information is also processed outside the European Union in the USA or other third countries. We have no influence on this processing. We ourselves do not pass on any personal data that we receive via our appearances on social media. The data transfer to the USA is based on the existing adequacy decision for the EU-US Data Privacy Framework. It is not excluded that data on TikTok is transferred to China. TikTok states that it has concluded the standard contractual clauses of the European Union for this purpose.
The operation of the company pages including the processing of users’ personal data is based on Art. 6 (1) f) GDPR for the implementation of our legitimate interests in an information and interaction opportunity via social media for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 (1) a), b), c) GDPR.
4.4. Possibilities of objection
In particular, you are entitled to the following objection options:
Facebook and Instagram: Facebook offers options to object within the framework of the Facebook settings and via the form for the right to object. The same applies to Instagram.
LinkedIn: LinkedIn offers options to object in the settings or via a form.
Twitter: If you do not want Twitter to combine your activity on Twitter with other online activities of our partners, for example, so that you can be shown interest-based ads on and off Twitter, there are several ways to disable this feature. You can find these described https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads.
TikTok: You may object to the processing of your personal data by TikTok by filling out and submitting this deposited form.
Youtube: An objection to processing by Youtube can be made via the settings in your Google account. You can find information on how to do this here.
5. Directive on privacy and electronic communications
Due to the Directive on privacy and electronic communications of the European Union and its principles on consent to the storage of information on terminal equipments, it should be noted that consent within the meaning of Art. 6 para. 1 lit. a GDPR, which is mentioned as the legal basis in the context of the processings listed in this privacy policy, also means consent within the meaning of the other national laws implementing the Directive on privacy and electronic communications. If no consent is required for the processing of the information, for example because access to information already stored in the end user’s terminal equipment is essential for the controller to provide you with a digital service such as a website, the legal basis that implements the provisions of the Directive on privacy and electronic communications at national level is also applicable (e.g. § 25 of the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Digital Services in Germany or § 165 of the Telecommunications Act in Austria ).
6. Changes to the privacy policy
We reserve the right to change or amend this Privacy Policy at any time in accordance with applicable data protection laws.
For inquiries, please contact dataprivacy@brainlab.com.
7. Additional Policies for US Residents
7.1. Governing Law
If you are a resident of the United States, any dispute between you and Brainlab arising out of or relating to this Privacy Policy, the website or its content shall be governed by, and will be construed in accordance with, the laws of the States of New York, without regard to choice of law principles. You irrevocably agree that the courts located in or for the State of Illinois, Cook County, are the sole and exclusive forum and venue for any dispute, as the most convenient and appropriate to address any disputes, and you agree to submit to the jurisdiction and venue of such courts.
7.2. Use and Transfer of Non-Personally Identifiable Information
Non-Personally Identifiable Information refers to data stored anonymously in a protocol file, collected by cookies or similar technology, as well as information collected by Google Analytics, AdWords and Brainlab’s display networks, and any other information that does not personally identify the individual to whom the information relates, such as information that is aggregated by Brainlab or a third party, or information that is not linked to personally identifiable information of an individual.
In addition to the uses discussed above, Brainlab may use and share non-Personally Identifiable Information in a variety of ways so long as Brainlab uses such information in its de-identified form. These uses may include, without limitation, uses for website administration; analysis of website trends and how the site is used; improving navigation of the site; analysis of the performance of the website and diagnosis of problems; improving the services we offer; analysis and developing advertisements and advertising campaigns; analysis of website user demographics, interests and preferences.
Brainlab also may use your non-Personally Identifiable Information to present you with targeted content and advertisements (including on third party websites and apps) based on your past visits to the website and your non-Personally Identifiable Information collected over time by us and third parties, optimize and determine the effectiveness of content and advertisements, analyse your interactions with content and advertisements, and how those interactions relate to your visits to the website. Some of our third party partners may participate in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioural Advertising and allow consumers the ability to opt-out of targeted advertising based on web activity tracking. For more information regarding the foregoing, please click here or visit http://www.aboutads.info/choices/. Please note that even if our third party partners participate in this program and you opt-out of targeted advertising based on web activity tracking, you still may receive standard advertisements from us and targeted advertisements from third parties. You may need to re-click the link and follow the instructions provided therein if you delete cookies or similar technology or use a different computer, device or browser.
7.3. Children
Brainlab will not knowingly collect, use or disclose any information submitted by children under the age of majority in the jurisdiction where they reside. Parents are encouraged to educate their children about their use of the internet, and particularly about security issues regarding the disclosure of personally identifiable information to websites.
7.4. Links
You may have the opportunity to follow links on the website to other sites that may be of interest to you. Neither Brainlab nor its affiliates are responsible for the privacy practices of any other sites or the content provided thereon. Therefore, the privacy policies with respect to other sites may differ from those applicable to the website. We encourage you to review the privacy policies of each other site.
7.5. No Medical Advice
Brainlab is not a healthcare institution or medical facility and neither Brainlab nor the website provides any medical advice. You are solely responsible for all medical decisions, including any diagnosis, use of medical professionals, treatment or treatment plan, made by you as the result of the use of the website or any communications with Brainlab, regardless of any referral or suggestion made by Brainlab.
7.6. Changes to this Privacy Policy
Any revisions to this Privacy Policy will be effective immediately upon posting. Any material changes in the manner that we use personally identifiable information will apply only to information collected thereafter, unless we provide notice or have other communications with you, e.g. with a pop-up cookie notification banner. Each time you access, use, or browse the website, provide information to Brainlab online, or click on Brainlab’s digital advertisements on third party websites or applications, you signify your acceptance of the then-current Privacy Policy. If you do not accept this Privacy Policy, you are not authorized to access, use or browse the website, to provide information to Brainlab, or to click on Brainlab’s digital advertisements on third party websites or applications.