Would you like to see the website in English? English (US) English (US)
Would you like to see the website in English? English (UK) English (UK)
Wählen Sie die Sprachvariante Ihres Landes Deutsch (Deutschland) Deutsch (Deutschland)
¿Desea ver el sitio web en español? Español Español
Vuoi vedere il sito in italiano? Italiano Italiano
Vous voulez voir le site en français? Français Français

SprintRay Privacy and Data Protection Declaration

Effective July 28, 2022

We are SprintRay a company registered in Ireland (CRO: 689744) with a registered address at Regus Harcourt Centre, Harcourt Road, Dublin 2 and at Brunnenweg 11 DE-64331 Weiterstadt (“SprintRay”, “us“, “we“, or “our“).

At SprintRay we are committed to protecting and respecting your privacy. This Privacy Statement is addressed to our Customers (the “Customers” and each a “Customer”) who use our services (the “Services”), and to any Patients (“Patients”) of our Customers using our Services.

This Privacy Statement will let you know how we look after the personal data which we collect from you in connection with the use of our Services. This Privacy Statement also tells you about your privacy rights and how the law protects you.

It is important that you read this Privacy Statement together with any other privacy statement or fair processing policy that we may provide on specific occasions when we are processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Statement supplements other notices and privacy policies and is not intended to override them.

This Privacy Statement also informs you as to our obligations and your rights under data protection law.

1. Who is responsible for your personal data?

For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), the Customer is the data controller with regard to the personal data described in this Privacy Statement.

Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.

In particular, we have appointed a Data Protection Team within SprintRay to monitor compliance with our data protection obligations and with this Privacy Statement and related policies. See Section 11 below for the contact details for our Data Protection Team.

2. What Data do we collect when you visit our website?

When using our website for informational purposes, in circumstances when you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

  1. Our visited website
  2. Date and time of the moment of access
  3. Amount of data sent in bytes
  4. Source/reference from which you came to the page
  5. Browser used
  6. Operating system used
  7. IP address used (if applicable and in anonymized form)

3. What data do we collect when you contact us?

When you contact us via the contact us form or email, personal data is collected. The data collected in the case of a contact form can be seen from the respective contact form. The data is stored and is used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for the processing of data is our legitimate interest in your request in accordance with Art. 6 (1) of the GDPR. Your data will be deleted after final processing of your enquiry if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.

4. What personal data do we collect when you register at the portal or forum?

Note: The legal basis for the below can be found in Article 6 (1) of GDPR.

You can register on our website or portal by entering your personal data. The personal data processed for registration is determined by the input mask used for registration. Our website uses a double opt-in procedure for registration, meaning that your registration is not complete until you have previously confirmed your registration via a confirmation email sent to you for this purpose by clicking the link therein. If you do not receive a confirmation within 24 hours, your registration will automatically be deleted from our database. You are obligated to provide the aforementioned data; all further information can be provided voluntarily using our portal.

If you are using our portal, we store your data necessary for the fulfilment of the contract as well as, if necessary, information on the method of payment, until you finally delete your access. Furthermore, we store the data provided voluntarily by you for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area.

In addition, we store all content published by you, such as public contributions, bulletin board entries, and guestbook entries to operate the website. We have a legitimate interest in providing the website and complete user-generated content. If you delete your account, your public statements, especially in the forum, will remain visible to all readers. However, your account is no longer accessible and all other data will be deleted.

Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour.

Special categories of personal data” of particularly sensitive personal data require higher levels of protection. These special categories regroup personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

When our Customers register and use our Services, we will collect the following personal data:

a) Customer data which include the following (the “Customer Data”):

  1. Customer dental practice name
  2. Customer email address
  3. Customer phone number
  4. Billing data

b) Patient data which include the following (the “Patient Data”):

  1. Patient name
  2. Patient identifier (ID assigned by the Customer, or randomly generated ID)
  3. Patient scans
  4. Treatment type requested
  5. Treatment plan and process
  6. Gender
  7. Age Range

5. How do we collect your personal data?

We collect personal data from the Customer. When using our Services the Customer can upload personal data to the SprintRay Dashboard which is a functionality of our Services.

6. How do we use your personal data and what is our legal basis?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Where we need to perform the contract we are about to enter into or have entered into with a Customer.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal obligation.

Purposes for which we use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose/Activity Type of data Lawful basis for processing
To register you as a new Customer Customer Data a)      Performance of our contract with our Customers
To communicate with our Customers with regard to queries about our Services Customer Data

Patient Data

a)      Necessary for our legitimate interests

 

b)      Performance of our contract with our Customers

 

To process and deliver a Customer’s order including:

a)      Delivery of our Services

 

b)      Managing billing, payments, fees and charges; and

 

c)       Collecting and recovering money owed to us

Customer Data

Patient Data

a)      Performance of a contract with our Customers

 

b)      Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with our Customers which will include:

a)      Notifying you about changes to our terms or privacy policy

 

b)      Asking you to leave a review or take a survey

Customer Data a)      Performance of a contract with our Customers

 

b)      Necessary to comply with a legal obligation

 

c)       Necessary for our legitimate interests (to keep our records updated and to study how Customers use our services)

To administer and protect our business and the SprintRay Dashboard (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data in relation to our Services) Customer Data

Patient Data

a)      Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

 

b)      Necessary to comply with a legal obligation

 

Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

If you require further detail about the specific legal basis we rely on to process your personal data please do not hesitate to contact us.

Data processing is carried out in accordance with Art. 6 (1) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right the review the server log files at any time, if there are any concrete indications of illegal use.

7. Do we share your personal data with anyone else?

We may share your personal data with the following parties in connection with our processing of your personal data for the purposes set out in the above table. These will include:

  1. SprintRay’s affiliate companies, SprintRay Europe Ltd and SprintRay Europe GmbH;
  2. SprintRay affiliate companies; and
  3. third party service providers such as appliance design service providers.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Under certain circumstances, SprintRay may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

8. Keeping your personal data secure

We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality.

We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.  We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.

9. Transferring personal data out of the EEA

Certain of our third-party service providers are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA and the UK.

If circumstances arise in which we have to transfer your personal data out of the EEA, we will always ensure that there are appropriate safeguards in place to protect your personal data such as:

a) the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;
b) appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from us on request; and
c) you have provided explicit consent to the proposed transfer after being informed of any potential risks.

10. For how long do we keep your personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

11. Hosting & Content Delivery Network

Cloudflare

On our website, we use the Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”). A Content Delivery Network is an online service used to deliver large media files, such as graphics, page content or scripts, through a network of regionally distributed servers connected via the internet. The use of Cloudflare’s content delivery network helps SprintRay to optimise the loading speeds of our website. The processing takes place in accordance with Art. 6 (1) point of GDPR on the basis of our legitimate interest in secure and efficient provision, as well as the improvement of the stability and functionality of our website. For more information about Cloudfare’s privacy policy, please visit https://www.cloudfare.com/privacypolicy/

12. Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session; i.e. closing your browser (“session cookies”). Other cookies remain on your terminal and enable us or our partner companies (“third-party cookies”) to recognize your browser on your next visit (“persistent cookies”). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can check the duration of the respective cookie storage in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping basket for a later visit to the website). If personal data are also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser in such a way that you are informed about setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers at the following links:

– Internet Explorer:
https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

– Firefox:
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

– Chrome:
https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

– Safari:
https://support.apple.com/en-gb/guide/safari/sfri11471/mac

– Opera:
https://help.opera.com/en/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if cookies are not accepted.

13. Use of Client Data for Direct Advertising

Subscribe to our e-mail newsletter:

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6 (1) point a GPPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration for the purpose of tracing any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the promotional purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data, or we reserve the right to a more extensive use your data which is permitted by law and about which we inform you in this declaration.

14. Web Analysis Services

Matomo as cloud solution with cookies:

Data is collected and stored on this website using the Matomo web analysis service software (www.matomo.org), a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”). Pseudonymized user profiles can be created and evaluated from this data for the same purpose. To this end, cookies may be used. Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. The cookies allow, among other things, the internet browser to be recognized. The data collected using Matomo technology (including your pseudonymized IP address) is transferred to Matomo servers in New Zealand and processed for usage analysis. For New Zealand, the European Commission has issued a so-called adequacy decision which certifies compliance with European data protection standards for international data transfers.

The pseudonymized information generated by the cookie is not used to personally identify the visitor to this website and is not merged with personal data about the holder of the pseudonym.

All processing described above, in particular the reading of information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GPDR. Without this consent, Matomo will not be used during your visit to the website.

15. Retargeting/Remarketing/ Referral Advertising

15.1. Google Ads Remarketing

This website uses the online advertising program “Google Ads” and, within the scope of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the concern of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred the conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your terminal device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize if the user has clicked on the ad and has been directed to this page. Each Google Ads customer receives a different cookie. Cookies therefore cannot be tracked across Google Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have chosen conversion tracking. Customers learn the total number of users who clicked on their ad and who were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. The use of Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA.

Details on the processing operations initiated by Google Ads conversion tracking and on Google’s handling of data collected from websites can be found here: https://policies.google.com/technologies/partner-sites?hl=en

All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, Google Conversion Tracking will not be used during your visit to the website. You can permanently disable the setting of cookies by Google Ads Conversion Tracking for advertising preferences. You may download and install the browser plug-in available at the following link: https://support.google.com/ads/answer/7395996? Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies.

Further information about Google’s privacy policy can be viewed at:
http://www.google.com/policies/technologies/ads/

15.2. Microsoft Advertising

This website uses the conversion tracking technology “Microsoft Advertising” from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft sets a cookie on your computer if you have accessed our website via a Microsoft Adveristing ad. Cookies are small text files that are stored on your terminal device. These cookies lose their validity after 180 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognise that the user clicked on the ad and was redirected to this page (conversion page).

The information collected using the conversion cookie is used to create conversion statistics, i.e. to record how many users reach a conversion page after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

All processing described above, in particular the setting of cookies for reading out information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a GDPR. Without this consent, Microsoft Advertising will not be used during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

You can obtain further information about Microsoft’s data protection policy at the following Internet address: https://privacy.microsoft.com/en-us/privacystatement

16. Site functionalities

16.1. Use of Vimeo Videos

On our website, plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are embedded. When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Vimeo’s servers. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has called up the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there.

If you are logged in to Vimeo, Vimeo can immediately assign your visit of our website to your Vimeo account. If you interact with the plugins (e.g., pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your related rights and privacy settings can be found in Vimeo’s privacy policy: https://vimeo.com/privacy

For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated. This relates to Vimeo’s own tracking which we do not have access to, and which cannot be influenced by our site. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States, where it may also be transmitted to servers of Google LLC.

All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, Vimeo-Videos will not be used during your visit to the website.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

16.2. Use of YouTube Videos

This website uses the YouTube embedding function for display and playback of videos offered by the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland (“Google”).

To this end, the extended data protection mode is used to ensure, according to provider information, that user information will only be stored once the playback function of the video is started. When the playback of embedded YouTube videos is started, the provider sets “YouTube” cookies to collect information about user behavior. According to indications from YouTube, the use of those cookies is intended, among other things, to record video statistics, to improve user-friendliness and to avoid improper actions. If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.

Regardless of whether the embedded video is played back, a connection to the Google network “double click” is established when visiting this website. This may trigger further data processing beyond our control.

All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, Youtube-Videos will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website. Further information on YouTube’s privacy policy can be found at: www.google.com/policies/privacy/

16.3. Zoom

We use the Zoom service of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter “Zoom”) to conduct online meetings, video conferences and/or webinars.

When using Zoom, different data will be processed. The extend of the processed data depends on the data you provide before or during your participation in an online meeting, video conference or webinar. When using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include your registration data (name, e-mail address, telephone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and audio contributions of the participants, as well as voice inputs can be processed in chats.

When processing personal data necessary for the performance of a contract with you (this also applies to processing operations which are necessary for the performance of pre-contractual measures), Art. 6 (1) point b GDPR constitutes the legal basis. If you have given us your consent for the processing of your data, the processing will be carried out based on Art. 6 (1) point a GDPR. Consent granted can be revoked at any time with effect for the future.

Otherwise, the legal basis for the processing of data when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) point f GDPR in the effective conduct of online meetings, webinars or videoconferences. For more information about Zoom’s use of data, please refer to Zoom’s privacy policy at https://zoom.us/docs/de-de/privacy-and-legal.html

16.4. Applications for job advertisements using a form

On our website, we offer those interested in a job the possibility to apply online using an appropriate form. In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection. The required data includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Where appropriate, health-related information may also be required, which, in the interests of social protection, must be given special consideration in the applicant’s own person under labour and social law. In the course of sending the form, the applicant’s data will be encrypted according to the state of the art, transmitted to us, stored by us and evaluated exclusively for the purpose of processing the application.

The legal basis for these processing operations is generally Art. 6 Para. 1 lit. b, in the sense of which passing through the application procedure is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on the status of severely disabled persons) are requested from applicants in the context of the application procedure, processing is carried out in accordance with Art. Art. 9 para. 2 lit. b. GDPR so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this respect.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR, if it is carried out for purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnosis, care or treatment in the health or social field or for the management of systems and services in the health or social field.

If, in the course of the evaluation described above, the applicant is not selected, or if an applicant withdraws his or her application prematurely, the data submitted on the application form will be deleted after 6 months at the latest after notification. This period is calculated on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligation to provide evidence in accordance with the regulations on the equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of the employment relationship.

16.5. Font Awesome

This site uses so-called web fonts from “FontAwesome”, a service of Fonticons, Inc, 710 Blackhorn Dr, Carl Junction, 64834, MO, USA (“FontAwesome”), for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to FontAwesome’s servers. This may also result in the transmission of personal data to FontAwesome’s servers in the USA. In this way, FontAwesome becomes aware that our website has been accessed via your IP address. The use of FontAwesome fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font from your computer will be used. You can find more information about FontAwesome at: https://fontawesome.com/privacy

On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is mainly used to distinguish whether an entry is made by a natural person or misused by automatic and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The use of Google reCAPTCHA may also result in the transmission of personal data to the servers of Google LLC. in the USA and is carried out in accordance with Art. 6 (1) point f GDPR, on the basis of our legitimate interest in determining the individual willingness of actions on the Internet and avoiding misuse and spam.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=en-GB

17. Tools and Miscellaneous

17.1. This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Through the use of the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the processing is Art. 6 (1) point c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

17.2 – Google Maps

Our website uses Google Maps (AP’I) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and will make it easier for you to find us. When you access the sub-pages that contain the Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers. When using Google Maps, personal data may also be transmitted to the servers of Google LLC. in the USA. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place according to Art. 6 (1) point f GDPR, on the basis of the legitimate interests of Google in the insertion of personalized advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles. If you want to do so, you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of using Google Maps, you may completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. In this case, Google Maps as well as the map display on this website cannot be used.

The Google terms of use can be found at: https://policies.google.com/terms?hl=en. The additional terms of use can be found at:
https://www.google.com/intl/en-US_US/help/terms_maps.html.

You can find detailed information on data protection in connection with the use of Google Maps on Google’s website (“Google Privacy Policy”) at:
https://policies.google.com/privacy?hl=en.

To the extent required by law, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please  follow the procedure described above for submitting an objection.

18. Your data protection rights

Under certain circumstances, by law you have the right to:

  1. Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
  2. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  3. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  4. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  5. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  6. Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. We do not engage in any automated decision making.
  7. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  8. Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  9. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In the event that you wish to make a complaint about how your personal data is being processed by SprintRay, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance:

Contact Data Protection Commission
Telephone +353 57 8684800 / +353 761 104 800
Email [email protected]
Post Data Protection Commission

21 Fitzwilliam Square South
Dublin 2
D02 RD28

Ireland

 

19. Contact us

The data controller for SprintRay Europe Limited and SprintRay Europe GmbH are listed below.  The data controller is in charge of processing of personal data and is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below:

Contact: Data Protection Manager-Europe
Telephone: +49 6150 978948-153
Email: [email protected]
Post: Regus Harcourt Centre, Harcourt Road, Dublin 2
Contact: Data Protection Manager-Germany
Telephone: +49 6150 978948-153
Email:  [email protected]
Post: SprintRay Europe GmbH, Brunnenweg 11, 64331 Weiterstadt, Deutschland, Tel: 06150 978948-153

 

In accordance with German Law and the General Data Protection Regulation (GDPR), SprintRay Europe GmbH has appointed a Data Protection Officer (DPO). The DPO for this website is “Onprivacy Thorsten Pregel, Datenschutzbeauftragter (TUV), Am Weinberg 7, 65207, Weisbaden, [email protected]

20. Updates to this Privacy Statement

Our Privacy Statement may change from time to time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.