Data Protection Guidelines

last updated April 26th, 2021

BioVentrix is committed to protecting and respecting the private sphere of individuals. We process personal data in compliance with the applicable data protection laws in effect in the countries in which we operate.

This policy defines how and why we process the personal data of people who interact with BioVentrix in oral, electronic, and written form. It also explains how we protect the information that you make available to us directly or indirectly.

This data protection policy applies to the website www.bioventrix.com, which is available to visitors around the world. This website is operated in the USA according to the laws in the USA. Visitors to our website should be aware that the laws in the USA can be different than the laws in the country where they live.

BioVentrix reserves the right to change the data protection policy at any time. We will publish changes on this website that become effective after publication.

1. General Information

(1) Below we provide information on the personal data collected during the use of our website.

Personal data are all data that relate to you personally, including your name, address, email addresses, and user behavior.

(2) Controller as defined by Art. 4 No. 7 of the General Data Protection Regulation (GDPR):

BioVentrix GmbH
Mühlenhof 7-9
40721 Hilden
Germany

Phone: +1 (925) 830-1000
Email: info@bioventrix.de
Website: www.bioventrix.com

(3) Name and address of the data protection officer

Dipl.-Ing. Jörg Hagen
Jhcon Datenschutzberatung
Königstrasse 50a
30175 Hannover, Germany

Email: hagen@jhcon.de

(4) This website is not intended for children under 18 years old, and BioVentrix does not intentionally collect personal data from such children. If we find out that a child provided us personal data online through this website, we will take appropriate steps to erase this information. If you think that we accidentally received personal data from a child under 18 years of age, please contact us immediately at privacy@bioventrix.com.

2. Your Rights and Revocation

a) Your rights

(1) You have the right to obtain from the website operator information on the personal data concerning you that we process (Art. 15 GDPR). You also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), and data portability (Art. 20 GDPR).

(2) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. To guarantee the rights and freedoms, as well as the legitimate interests of the person concerned, you, therefore, always have at least the right to express your point of view and to contest the decision.

(3) You also have the right to lodge a complaint with your data protection authority at any time. Please contact the Landesbeauftragte/r für Datenschutz und Informationsfreiheit Nordrhein-Westfalen [North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information], Postfach 20 04 44, 40102 Düsseldorf, Germany, Phone: +49 211384240, Fax: +49 21138424999, Email: poststelle@ldi.nrw.de

b) Right to withdraw your consent or object to data processing

(1) If you consented to the processing of your data (Art. 6 No. 1 lit. a GDPR and Art. 9 No. 2 lit. a GDPR), you have the right to withdraw your consent at any time.

The withdrawal of consent does not affect the legality of data processing performed up until the withdrawal.

(2) The right to object to data processing in special cases and to

direct marketing (Art. 21 GDPR)

WHEN DATA PROCESSING IS PERFORMED BASED ON ART. 6 NO. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT, FOR REASONS RESULTING FROM YOUR SPECIAL SITUATION, TO LODGE AT ANY TIME AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY STATEMENT. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS PERSONAL DATA CONCERNING YOU UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 NO. 1 GDPR). IF ANY DATA CONCERNING YOU ARE PROCESSED TO PROVIDE DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF THE DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES; THIS APPLIES ALSO TO ANY PROFILING RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL AFTERWARD NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 NO. 2 GDPR).

(3) Please use the above address for matters of this kind.

3. Collection of Personal Data When You Visit Our Website

(1) In the case of merely informational use of the website, that is, when you do not log in, register, or provide us with any other information to use the website, we will not collect any personal data other than the data your browser sends to our servers. If you wish to view our website, we collect the following data that are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 No. 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Quantity of data transferred in each case
  • Website sending the request
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

(2) If you contact us by email or through a contact form, we will store and process your request, including all personal data resulting from such (name and request), for the purpose of processing your concern. We will not disclose this information to third-parties without your consent unless such is necessary to fulfill your request. This information is processed on the basis of Art. 6 No. 1 lit. b GDPR provided that your request is related to fulfilling a contract or is required to perform precontractual measures. In all other cases, processing is based on our legitimate interests in the effective handling of the requests directed to us pursuant to Art. 6 No. 1 lit. f GDPR or based on your consent according to Art. 6 No. 1 lit. a GDPR if you were asked for such. The data you send to us in the contact form remain with us until you request erasure, you withdraw your consent to data storage, or the purpose of data storage no applies (for example, after we have completed processing your case). Compelling legal requirements—in particular legal data retention periods—shall remain unaffected.

(3) If we use authorized service providers for individual functions of our services or would like to use your data for marketing purposes, we will inform you of the respective activities in detail below. We will also name the specific criteria for the storage period.

4. Third-party Content

4.1 Google Maps

(1) With your consent, we use the services of Google Maps on this website. This allows us to display to you interactive maps directly in the website and allows you to use the map function conveniently.

(2) When you visit the website, Google is informed that you viewed the respective subpage of our website. This happens regardless of whether Google provided a user account that you used to log in or you do not have a user account. When you are logged in to Google, your data will be directly linked to your account. If you do not want this linking to your Google profile, you must log out before activating the button. Google saves your data as usage profiles and uses them for its own purposes of marketing, market research, and/or configuring its website tailored to need. This kind of analysis is done in particular (even for users who are not logged in) to provide need-based marketing and to inform other users of social networks about your activities on our website. You have the right to object to the generation of these user profiles, but you must contact Google to exercise this right.

(3) Additional information on the purpose and scope of data collection and of the processing of your data by the plug-in provider can be found in the provider’s privacy statements. There you will also find more information on your rights in this regard and setting options to protect your private sphere: http://www.google.com/intl/en/policies/privacy.

Google processes your personal data in the USA as well.

4.2 Usage of Google Fonts

We use fonts provided by Google on our website. These web fonts are hosted locally on our systems so that no data is transferred to Google.

4.3 Google reCAPTCHA

On this website, we use reCAPTCHA on the basis of our legitimate interests of secure data processing and to meet the requirements from Art. 32 GDPR. However, no data are transferred to third-party providers with cookie storage.

Google Privacy Policy

5. Cookies/Tracking Activities

(1) Our web pages use “cookies.” Cookies are small text files that save information on your use of the website. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).

(2) Cookies have different functions. Numerous cookies are technically necessary as certain website functions would not work without them (like consent management). Other cookies are used to analyze user behavior and display advertisements. Cookies that are necessary to transmit an electronic communication (essential cookies) or to provide certain functions you request (functional cookies) or to optimize the website are stored based on Art. 6 No. 1 lit. f GDPR unless another legal basis is stated. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services.

(3) Sometimes cookies from third-parties (third-party cookies) can also be stored on your end device, as can technically non-essential cookies. This allows us or you to use certain services from the third-party. Such cookies are stored solely on the basis of your consent (Art. 6 No. 1 lit. a GDPR). You can withdraw your consent at any time.

(4) Other cookies not essential to the use and functionalities of the website operator and of third-parties may not be used without your consent. When calling up the website, you will be asked to select allowed cookies and functions. Your selection will in turn be stored in a cookie until you delete this cookie from your end device.

5.1 Cookie management and consent management platform

(1) We provide you with a consent management platform (CMP) based on legal obligations. You also have the option to configure your consent to the use of cookies and similar technologies individually. You can make these setting in the Cookie popout at the bottom left of the screen. Our cookie policy contains more information on each of the technologies used.

(2) A company involved as an order processor provides the necessary technology. The exchange of data with the provider is contractually regulated.

5.2 User analysis – Google Analytics

(1) We use Google Tag Manager to incorporate Google functionalities.

We use Google Analytics only with your consent to analyze the usage on our website and make continual improvements. Using the statistics we collect, we can improve our services and configure them in a way that is more interesting for you as a user. The legal basis for using Google Analytics is Art. 6 No. 1 lit. a GDPR. You can withdraw the consent you gave at any time in the future by opening the popout at the bottom left while at the top of the screen.

(2) Google Analytics is a web analytics service from Google Inc. (“Google”). Google Analytics uses cookies that are stored on your computer and make it possible to analyze your website usage. The information on your use of this website generated by cookies is usually transferred to a Google server and stored. Only on rare occasions will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyze your usage of the website, to compile reports on website activities, and to provide website operators other services related to website usage and Internet usage.

5.3 Use of Google Ads

(1) We use the services of Google Ads to draw attention to our attractive services using advertising media (Google Ads) on external websites. We can determine in relation to the data of the marketing campaign how successful the individual marketing activities are. Therefore, we pursue the interest of showing you advertisements that interest you.

(2) These advertising media are supplied by Google through “ad servers.” For this purpose, we use ad server cookies that can measure certain parameters for measuring success, like displaying ads or user clicks. If you get to our website through a Google ad, Google Ads will store a cookie on your computer. These cookies usually become invalid after 30 days. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), and last impression (relevant for post-view conversions) are usually stored as analysis values.

(3) These cookies allow Google LLC to recognize your Internet browser. If a user visits certain pages of the website of a Google Ad customer and the cookie stored on the user’s computer has not expired, Google and the customer can see that the user clicked the ad and was routed to this site. Every Google Ad customer is allocated a different cookie. Cookies cannot, therefore, be traced through the websites of Google Ad customers. We ourselves do not collect or process any personal data in said marketing activities. Google provides us only with statistical analyses. Based on these analyses, we can see which marketing activities we used are particularly effective. We do not receive additional data from the use of the advertising media; specifically, we cannot identify users based on this information.

(4) Based on the marketing tools used, your browser automatically creates a direct connection to the Google server. We do not have any influence on the scope and further use of data collected by Google through the use of this tool, and we are, therefore, informing you accordingly based on what we know: By incorporating ads conversion, Google receives information that you viewed the respective part of our web presence or clicked one of our ads. If you are registered with a Google service, Google can link the visit to your account. Even if you are not registered with Google or you did not log in, there is still the possibility that the provider can find out and store your IP address.

(5) You can avoid participating in this tracking process in several ways:

a) You do not give us permission to use Google Ads;

b) By deactivating the interest-based ads from the provider that are part of the “About Ads” self-regulation campaign using the link http://www.aboutads.info/choices, but this setting will be deleted when you delete your cookies;

c) By permanent deactivation in your browsers using the link http://www.google.com/settings/ads/plugin. We are letting you know that in this case you may not be able to use all functions of this service in their entirety.

(6) The legal basis for processing your data is Art. 6 No. 1 S. 1 lit. a GDPR. You can find more information on Google’s data protection here: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html.

5.4 DoubleClick

DoubleClick puts a cookie on your computer to track your browsing behavior on different websites (tracking) and to display interest-based marketing. In addition, DoubleClick uses pixel tags and local storage. It processes the following data in the process: site visits, cookie ID, transactions, mobile ID, click pad, usage data, and IP address. The legal basis for using DoubleClick is Art. 6 No. 1 lit. a GDPR. In the process, data are transferred to servers in the USA. You can withdraw the consent you gave at any time in the future.

5.5 Clicky

(1) With your consent, we use Clicky—a web analytics service from Roxr Software Ltd., 10883 SE Main St #201, Milwaukie, OR, 97222—to log and analyze the traffic on our website. In the process, data are transferred to servers in the USA. You can view Clicky’s privacy policy under Clicky’s privacy policy.

(2) The legal basis for using GetClicky is Art. 6 No. 1 lit. a GDPR. You can withdraw the consent you gave at any time in the future.

6. Social Media Online Presences

We operate from our legitimate interests social media sites that can be reached through a link from our website. If you do not use these links, we will not send any personal data to social media platforms.

6.1 Facebook/Instagram/Twitter

(1) When Facebook and Instagram are used, we are responsible for processing personal data, as are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland as joint controllers according to Art. 26 GDPR with the Facebook pages Insights addendum (https://www.facebook.com/legal/terms/page_controller_addendum)

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Privacy information/opt-out: http://instagram.com/about/legal/privacy/.

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA – Privacy information: https://twitter.com/privacy

Opt-out: https://twitter.com/personalization

(2) Facebook Ireland Ltd. processes (personal) data when Facebook products are used—including during visits to our Facebook or Instagram page—and even from persons who are not logged in to any Facebook services. Facebook describes in its data policy, which applies to all Facebook products, which (personal) data these are specifically and how, for which purposes, and on which legal basis they are processed (https://help.instagram.com/519522125107875?helpref=page_content). The policy also contains information on options for contacting Facebook and setting options for ads, cookies, etc. The data may also be sent to countries outside of the European Union.

(3) Facebook provides more information on the cookies that Facebook uses if you have a Facebook account, use Facebook products (including the website and apps), or visit other websites and apps that use Facebook products (including the “Like” button or other Facebook technologies) in its cookie policy (https://www.facebook.com/policies/cookies/). Information on how you can manage the information about you can likewise be found under this link: https://www.facebook.com/policies/cookies/

(4) When you visit our Facebook or Instagram page, Facebook records your IP address, including other information. Along with other information that Facebook receives through cookies, Facebook provides us as the operator of the Facebook page statistical information on the utilization of this Facebook page (called Page Insights). Page Insights are compiled data that are able to detect how users interact with the page. These Page Insights can be based on personal data collected by Facebook related to a user visit or interaction and to our Facebook page and user content. Facebook provides more information about this here: https://www.facebook.com/about/privacy.

(5) With the help of the Page Insights, we can perform an anonymous analysis of the reach, page views, video play time, and actions (likes, comments, and sharing of articles), as well as an analysis based on age, gender, and location (as reported by users in their respective Facebook profiles). Settings can be made for the analysis of the reach, and appropriate filters can be set in regard to the selection of a time frame, viewing of a specific article, and demographic groupings (for example, female, 20–30 years old). These data are anonymized, aggregated, and abstracted. Therefore, these settings do not allow the company to draw any conclusions about individuals. The analysis is used to optimize the services and products on the Facebook page of the company for the purpose of public relations.

(6) The legal basis for this data processing is Art. 6 No. 1 lit. a and f GDPR.

As a provider of the information service, we do not collect or process any other data from the use of the Facebook page.

(7) Irrespective of the rights regarding us, you have the right to lodge a complaint with the Irish Data Protection Commission (responsible for Facebook Ireland Ltd.).

(8) For specific questions on the protection of your data, please contact the company’s data protection officer or the data protection officer for Facebook Ireland Ltd. https://www.facebook.com/privacy/explanation

Opt-out:

https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

6.2 LinkedIn

(1) As the operator of a LinkedIn page, we are a joint controller along with the operator of the social network, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, hereinafter LinkedIn, according to Art. 26 GDPR. When you visit our LinkedIn page, personal data are processed by the controllers. Below we inform you which data are processed, the way in which they are processed, and what your rights are in this regard.

(2) Essential to using LinkedIn’s portal are LinkedIn’s terms and conditions of usage at https://www.linkedin.com/legal/user-agreement and the other conditions and guidelines stated in the agreement. In particular, you can find the privacy policy at https://www.linkedin.com/legal/privacy-policy and you can find the cookie policy at https://www.linkedin.com/legal/cookie-policy.

(3) If you have questions about the processing of your personal data; would like information about the data; want the data blocked, erased, or corrected; want to withdraw your consent; or have objections, please contact the controllers. Information on how LinkedIn handles personal data on its portal can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy, in its cookie policy at https://www.linkedin.com/legal/cookie-policy, and on its help pages at https://www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_privacy-policy&lang=en or https://www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_user-agreement&lang=en.

(4) LinkedIn shows you personalized ads both within and outside its services. You can choose to see ads personalized to you, but you cannot opt out of other ads.

(5) LinkedIn targets ads (and measures their effectiveness) both within and outside of LinkedIn specifically to members, visitors, and others, directly or through various partners. For this purpose, LinkedIn uses the following data, either combined or separately (sometimes your consent is required, for which you will be asked for separately):

  • Data from advertising technologies on and off our services, pixels, tags, cookies, and device identifiers;
  • Information provided by members (for example, contact information, job title, and industry);
  • Data from your use of our services (for example, search history, feed, content you read, whom you follow or who is following you, connections, groups participation, page visits, videos you watch, clicks on an ad, etc.), including as described in Section 1.3;
  • Information from advertising partners, vendors, and publishers; and
  • Information that can be inferred from the data described above (for example, using job titles from a profile to infer industry, seniority, and compensation bracket; using graduation dates to infer age, or using first names and pronoun usage to infer gender; using your feed activity to infer your interests; or using device data to recognize you as a member).

(6) LinkedIn shows you ads called Sponsored Content, which look like non-sponsored content with the exception that they are labeled as advertising (for example, as “ad” or “sponsored”). If you take a social action on these ads (such as “like” labels, comments, or share), your action will be associated with your name and viewable by third-parties. These parties also include the provider of the website. If you take a social action on LinkedIn services, this action may (depending on your settings) be mentioned with related ads.

6.3 Incorporation of YouTube videos

(1) We have incorporated YouTube videos into our online service, which are stored at http://www.YouTube.com and can be played directly from our website. The data listed in Paragraph 2 will not be transmitted until you play the videos or have given consent. We do not have any influence on this data transmission.

(2) When you visit the website, YouTube receives information that you called up the respective subpage of our website. The data listed under No. 3 of this statement are also transmitted. This happens regardless of whether YouTube provided a user account you used to log in or whether you do not have a user account. When you are logged in to Google, your data will be directly linked to your account. If you do not want this linking to your profile with YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of marketing, market research, and/or configuring its website tailored to need. This kind of analysis is done in particular (even for users who are not logged in) to provide need-based marketing and to inform other users of the social network of your activities on our website. You have the right to object to the generation of these user profiles, but you must contact YouTube to exercise this right.

(3) More information on the purpose and scope of data collection and processing can be found in YouTube’s privacy statement. There you will also find more information on your rights and setting options to protect your private sphere: https://www.google.com/intl/en/policies/privacy. Google processes your personal data in the USA as well.

7. External Links

(1) For your optimal information, you can find links to pages of third-parties on our website.

Using these links, you can access websites that we find helpful.

(2) When you leave our website, we generally do not process any other personal data.

3) If this is not apparently visible, we will notify you that an external link is involved. We do not have any influence on the content or configuration of the pages of other providers and, therefore, refer to their privacy statements. The guarantees of this privacy statement do not, of course, apply to third-party websites.