Privacy policy

Privacy Policy

We take the protection of your personal data very seriously. Your data will be handled confidentially and in accordance with statutory data protection regulations and this privacy policy.
This website collects various types of personal data. Personal data is any data with which you can be personally identified. Below, we explain what data we collect and for what purpose.

Please note that data transmission over the internet may be subject to security vulnerabilities. Complete protection of data from access by third parties is not possible. Terms such as “controller” or “processing” are based on definitions found in Article 4 of the General Data Protection Regulation (GDPR).

1. General Information on Data Protection

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data refers to any data with which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy below.

Controller for Data Processing on This Website

Data processing on this website is carried out by the website operator. You can find the contact details in the legal notice.

Collection of Your Data

Some data is collected when you provide it to us directly, for example via the contact form. Other data is collected automatically — with your consent — when visiting this website through our IT systems. These are primarily technical data. Such data is collected automatically as soon as you enter this website.

Use of the Data

Some of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior.

Your Rights Regarding Your Data

You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time. Under certain circumstances, you also have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For these and any other questions regarding data protection, you can contact us at any time using the address provided in the legal notice.

Analysis Tools and Tools from Third-Party Providers

Your browsing behavior may be statistically analyzed when visiting this website. This is primarily done using analytics programs. More detailed information on this can be found in the privacy policy below.

2. Hosting

We host this website with an external service provider (AIXPRO, a service provided by dogado GmbH, Saarlandstraße 25, 44139 Dortmund, Germany). Personal data that we collect on this website is stored on the servers of this provider. A professional provider is used as the hoster in the interest of a reliable and secure presentation of our website.

The hoster will only process your data to the extent necessary to fulfill its service obligations.
Further information on data protection by dogado GmbH can be found at the following link:
https://www.dogado.de/legal/datenschutz

Data Processing Agreement

To ensure data protection-compliant processing, we have concluded a data processing agreement with our hosting provider.

3. Data Controller

Within the meaning of the data protection law, in particular the General Data Protection Regulation (GDPR), the controller is:

Name: 

Dr. med. Bernhard Clasbrummel

Steinstrasse 29

72411 Bodelshausen

Email: 

info@implant-eye.com

Type of Processed Data:
– Inventory data (e.g., names, addresses).
– Contact data (e.g., e-mail, telephone numbers).
– Content data (e.g., text inputs, photographs, videos).
– Contract data (e.g., subject of the contract, duration, customer category).
– Payment data (e.g., bank details, payment history).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Note on Data Transfer to the USA
On our website, we use tools from companies that are based in the USA. As soon as these tools are activated, your personal data is forwarded to US servers of the respective companies. At this point, we would like to point out that the USA is not considered a “safe third country” in terms of EU data protection law. US companies are legally obligated to disclose personal data to security authorities. This is done without you, as the data subject, being able to take action against it. For this reason, it cannot be ruled out that US authorities may analyze, process, and permanently store your data on the US servers for surveillance purposes. We have no influence on these processing activities.

SSL or TLS Encryption
For security reasons, this website uses SSL or TLS encryption to protect the transmission of data. An encrypted connection can be recognized in the browser by „https://“. This prevents third parties from reading the data that you transmit to us.

4. Terminology Used

Under “Personal Data” is understood to mean all information relating to an identifiable or identified natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, an identifier number, an online identifier or one or more factors specific to the physical, genetic, physiological, mental, economic, cultural or social identity of that natural person.

“Processing” is any operation or set of operations which is performed on personal data, whether or not by automated means. This includes any such series of operations in connection with personal data. The term encompasses practically every handling of data.

“Controller” means any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

5. User Rights

Revocation of Data Processing
Every person has the right to revoke their consent to the processing of personal data at any time (Art. 21 GDPR). To revoke consent, it is sufficient to send us an informal e-mail. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Access, Restriction, Deletion, Correction, and Limitation
You have the following rights at any time:

• Access to your data stored with us and its processing (Art. 15 GDPR)
• Restriction of your personal data (§ 35 para. 4 BDSG)
• Deletion of the data stored by you (Art. 17 GDPR)
• Correction of your personal data (Art. 16 GDPR)
• Limitation of your personal data (Art. 18 GDPR)

Right to Data Portability (Art. 20 GDPR)
Every person has the right to receive the personal data concerning them and to transfer those data to another controller. These rights apply insofar as the rights and freedoms of another person are not adversely affected thereby.

Right to Lodge a Complaint with the Supervisory Authority (Art. 77 GDPR)
Every person has the right to report data protection violations to the competent supervisory authority. This is the data protection officer of the federal state in which our company is located. The data protection officers are listed at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Storage Duration of Personal Data
Personal data is stored in accordance with the prescribed legal retention period. If these data are no longer required to fulfill the contract or send reminders, they will be deleted after the expiration of the period, or the data will be deleted when their use is no longer necessary and there are no legal retention obligations against deletion. Deletion is restricted insofar as it is necessary for other legally permissible purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons according to legislation. In Germany, retention takes place according to statutory requirements for 6 years pursuant to § 257 para. 1 HGB, as well as for 10 years pursuant to § 147 para. 1 AO.

6. Collection of General Information When Visiting Our Website (Server Log Files)

When accessing our website, information is automatically transmitted to us. This information is transmitted in the form of server log files. The collection of the data is based on Art. 6 para. 1 lit. f GDPR. The data is not used to draw conclusions about your person. The recipients of the data may be technical service providers who act as processors for the operation and maintenance of the website. The data is deleted as soon as it is no longer necessary for its purpose. Generally, this occurs as soon as you end the session.

Contained Information
The server log files include the following information:

• Browser type and version
• Operating system used
• Domain name of your internet service provider
• IP address and the requesting provider
• Time of the server request
• User’s operating system
• Referrer URL (the previously visited page)
• and similar information

Purpose of the Collected Information
This information serves the following purposes:

• Unproblematic establishment of a connection to the website
• Smooth use of our website
• Analysis of system security and stability, as well as other administrative purposes

Storage
Logfile information is stored for a maximum of 7 days for security reasons. Reasons can include, for example, the clarification of misuse or fraud. After this, the data is deleted. Data that is required for evidentiary purposes is retained until the respective incident is conclusively clarified and is excluded from deletion.

Security Measures
In accordance with Art. 32 GDPR and considering the state of the art, implementation costs, the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, the controller and the processors take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These measures may include, among others:

• Pseudonymization and encryption of personal data
• The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the systems and services related to processing
• The ability to restore the availability of the personal data and access to it promptly in the event of a physical or technical incident
• A procedure for regularly reviewing, assessing, and evaluating the effectiveness of the technical and organizational measures to ensure the security of the processing

Furthermore, in accordance with Art. 25 GDPR, we have taken data protection by design and by default into account. One of these security measures is the encrypted transmission of data between your browser and our server.

Disclosure and Transfer of Data
The disclosure or transfer of data to other persons and companies (processors or third parties), as well as providing access to the data or otherwise granting access, takes place only on the basis of a legal permission pursuant to Art. 6 para. 1 lit. b GDPR. Disclosure or transfer occurs if you have given your consent, if there is a legal obligation, or based on our legitimate interests (which may include, for example, the use of agents, hosting providers, tax, economic and legal advisors, customer service, accounting, and similar services), to ensure an efficient and effective fulfillment of our contractual, administrative tasks, and obligations.

If we commission third parties with the processing of data (so-called “data processing agreements”), this is done on the basis of Art. 28 GDPR.

Transfer to Third Countries
The transfer of data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) occurs only:

• To fulfill our (pre)contractual obligations
• Based on your consent
• Due to a legal obligation
• Based on our legitimate interests.
  We only allow data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met.

7. Cookies
   When you visit our website, so-called „cookies“ are used. These are small text files that are stored on your device as soon as you visit our website. Cookies cannot cause any damage to your computer and cannot contain viruses.

For many cookies, these are so-called „session cookies“ which are deleted again after your visit to our site. Other cookies, however, remain on your device until you delete them. These cookies give us the possibility to recognize you on your next visit to our website.

Your browser offers you the possibility to disable cookies by default. However, this may lead to a restricted functionality of the website. The help function of the browser can provide information on how to activate or deactivate the use of cookies.

Stored cookies that are necessary for carrying out certain functions desired by you are stored on the basis of Art. 6 para. 1 lit. f GDPR. We as the website operator have a legitimate interest in storing cookies for the error-free and optimized provision of services. If consent to the storage of cookies has been given, they are stored exclusively on the basis of Art. 6 para. 1 lit. f GDPR. Consent to the storage of cookies can be revoked at any time.

All necessary information about cookies can be retrieved in the respective browsers at the following links:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

Consent with Borlabs-Cookie
We use the cookie consent technology from Borlabs Cookie for our website (legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR). We use this to obtain your consent for the storage of certain cookies. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg.

When you access our website, your consent or revocation is stored in a Borlabs cookie in your browser. This data is not transmitted to Borlabs Cookie. Under the following link, you can find details on the data processing by Borlabs Cookie:
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The collected data is stored until you request us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data ceases to exist. Mandatory statutory retention periods remain unaffected. Details on the data processing by Borlabs Cookie can be found in relation to the use of the Borlabs-Cookie-Consent technology to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
Changing the cookie settings:
You can change your cookie settings under the following link.
[borlabs-cookie type=“btn-cookie-preference“ title=“Cookie Settings“]

8. Registration on This Website
   You can register on our website to be able to use further functions of the site. The data entered in the process is used exclusively for the use of the respective offer or service for which you have registered. Registration can only be completed if you have filled in all required fields; otherwise, we will reject the registration. Registered users have the possibility, if necessary, to change or delete the data provided.

The processing of the data entered during registration is carried out on the basis of the user’s consent (Art. 6 para. 1 lit. a GDPR). Information about important changes to the offer or necessary technical changes will be communicated to you via the e-mail address you provided during registration. Data is only stored for as long as you have given consent. You can revoke your consent at any time by sending us an informal e-mail. The provision of your personal data is voluntary. Without voluntarily providing your personal data, we cannot grant you access to our services.

Provision of Paid Services
For paid services, we collect additional data, such as payment details. The collection of this data is carried out on the basis of Art. 6 para. 1 lit. b GDPR. These data are stored in our system in accordance with the statutory retention periods.

9. Forms
   The data you enter in forms is only stored for the purpose stated in the form. The stored data is used for the purpose of the inquiry and any subsequent queries.
   To send an inquiry, the required fields must be completed. Additional fields may be completed optionally.

The processing of the data you provide is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

If you use a form for the inquiry of an offer, the processing of the data you have entered is carried out for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

The data you have entered remains stored until you ask us to delete the data, revoke your consent to storage, or the purpose of storage ceases to exist. Consent can be revoked at any time by sending us an informal e-mail.

9.1 Contact Form
The data you enter in the contact form is stored for the purpose of communication. The stored data is used for the purpose of the inquiry and any subsequent queries. For this purpose, a valid e-mail address and your name are required.

If you use the contact form to inquire about an offer, the processing of the data you have entered is carried out for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

9.2 Application Form
On our website, we offer the possibility to apply for job offers and to send these to us by e-mail or by post.
The data you enter or send is stored for the purpose of determining a suitable applicant. The stored data is used for the purpose of the inquiry and any subsequent queries. For this purpose, the following data is required:
Position, first name, last name, e-mail address, telephone number, availability, and curriculum vitae.
If you have sent your application documents by post, we will return your application documents to you after the application process is completed.

10. Inquiry by E-mail or Telephone
    You can contact us at any time by e-mail or telephone. The personal data that arises in the process is stored exclusively for the purpose of handling your request.
    The processing of this data is carried out on the basis of Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in conjunction with legal requirements for promotional communications. In doing so, we process inventory, address, and contact data. In addition, we process contract data of customers, participants, interested parties, and communication partners.

If you use this contact option for the inquiry of an offer, the processing of the data you have entered is carried out for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

The data you have entered remains stored until you ask us to delete the data or revoke your consent to storage or until the purpose of storage ceases to exist.

11. WORDFENCE
    To ensure the security of this website, we use the security plugin WORDFENCE. The provider of this plugin is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104. A data processing agreement has been concluded for GDPR-compliant data processing.

Currently, Wordfence uses three cookies. At the following link, you can read what these cookies process, who uses these cookies, and what these cookies are used for:
https://www.wordfence.com/help/general-data-protection-regulation/
Further information on the handling of user data can be found in DEFIANT’s privacy policy:
https://www.wordfence.com/privacy-policy/

12. Google Web Fonts
    For the uniform presentation of fonts, web fonts provided by Google are used. At the moment of loading our page, the browser loads the required web fonts from the browser cache in order to correctly display fonts and text.
    Through this process, Google becomes aware that you have accessed our website via your IP address. The use of web fonts is in the interest of a uniform and appealing presentation. This is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
    If your browser does not support this, a standard font is used.
    When a page is called up, your browser loads the required web fonts into your browser cache so that texts and fonts are displayed correctly.
    For this purpose, the browser you use must establish a connection to Google’s servers. Through this, Google becomes aware that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

13. Matomo (formerly “Piwik”)
    On this website, we use the open-source web analytics service Matomo (formerly “Piwik”). Its provider is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769 (hereinafter: “Matomo”).
    To enable cross-site user recognition for analyzing user behavior, Matomo uses technologies such as cookies or device fingerprinting. The information collected by Matomo about the use of the website is stored on our server. In doing so, the IP address is anonymized before storage. This excludes a direct reference to a person.
    The data stored exclusively on our server includes the following:

• two bytes of the IP address of the user’s accessing system
• the website from which the user reached the accessed webpage (referrer)
• the accessed webpage
• the subpages that are accessed from the webpage
• the duration of stay on the website
• the frequency of access to the website
  The use of this web analytics tool is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize the web offering as well as the advertising for it.
  If consent to the storage of cookies is given, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.
  The information collected by Matomo about the use of the website is not passed on to third parties.

Storage Duration
The deletion of the data occurs as soon as it is no longer required for recording purposes.

Data Protection
Further information on data protection can be found in Matomo’s privacy policy:
https://matomo.org/privacy-policy/

Revocation
You also have the possibility at any time to revoke your consent for the placement of cookies for Matomo. You can simply trigger this with the following button:
[borlabs-cookie type=“btn-switch-consent“ id=“matomo“ title=“Matomo“]

14. Social Plugins
    On the basis of Art. 6 para. 1 lit. f GDPR, we maintain online presences within social networks and platforms. The reason is to be able to communicate with customers, interested parties, and users who are active there and to inform them about our services in social networks and platforms. When the respective networks and platforms are accessed, the terms and conditions and data processing policies of the respective operators apply.
    On our website, we offer you the possibility to use so-called „social media buttons“. To ensure that your data is protected, we implement these using the Shariff procedure. This way, our buttons on our website are only displayed as graphics that contain a link to the respective website. By clicking on this graphic, you are then redirected to the service of the respective provider. Only at this moment is your data sent to that provider. If you do not click the graphic, no data is exchanged between you and the provider of the social media buttons. More information about the Shariff solution can be found at the following link:
    https://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html

We have embedded social media buttons from the following companies on this website:

Facebook
One of these social plugins (“plugins”) is that of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins can present interactive elements or content (e.g., videos, graphics, or text posts) and are recognizable by the Facebook logo – a white “f” on a blue tile, as well as the terms “Like”, “Gefällt mir” (“Like”), or a “thumbs up” symbol, or are marked with the addition “Facebook Social Plugin”. The Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
We have a profile on Facebook. Facebook itself is certified under the EU-US Privacy Shield.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
When a user accesses a function of this online offering that contains such a plugin, a direct connection is established from their device to Facebook’s servers. As a result, the content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. Consequently, Facebook can create usage profiles of the users based on the processed data, over which we have no influence.
Facebook receives information through the use of the plugin that a user has accessed the corresponding page of the online offering. When a user logs into Facebook, Facebook can assign the visit to their Facebook account. For example, if users utilize the „Like“ button or write a comment, Facebook stores this information. Even if they are not members of Facebook, it is still possible that Facebook obtains and stores the IP address. According to Facebook, only an anonymized IP address is stored in Germany.
Details on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as the rights and settings options available for the protection of the user’s privacy, can be found at: https://www.facebook.com/about/privacy/.

If you are a member of Facebook and do not want Facebook to collect data about you via this online offering and link it with the member data stored by Facebook, you must log out of Facebook and delete its cookies before using our online offering. Further options for settings and objections to the use of data for advertising purposes can be found in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings apply across platforms. The settings are adopted for all devices, such as desktop computers or mobile devices.

Instagram
We have a profile on Instagram. The provider of this service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
Further information can be found in Instagram’s privacy policy:
http://instagram.com/about/legal/privacy/

Additional information can also be found in Spotify’s privacy policy:
https://www.spotify.com/de/legal/privacy-policy/

15. Final Notes

Changes to the Data Protection Policy
In order for the data protection regulation to meet current legal requirements, we reserve the right to adjust it as needed. When you visit our site again, the new privacy policy will apply.

Questions about Data Protection
If you have any questions about data protection, you are welcome to send us an e-mail or contact the responsible person directly. This person is described under „Controller.“