Küschall logo

Datapolitik

Küschall Privacy Policy



I. Küschall EU Privacy Policy

Effective Date: May 25, 2018 Last updated: May 25, 2018

A. Glossary

The following terms are used within this Policy and are defined here for clarification:
“data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by national or EU law;
“data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
“data subject” means an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation);
“personal data” means any information relating to a data subject;
“special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. 

B. The Data Controller

This website (the “Site”) is operated by Invacare International GmbH having its registered office at Neuhofweg 51, 4147 Aesch BL, Switzerland, registered with the Registry of Commerce and Companies of Witterswil under the number CHE-107.895.600; and Küschall AG, having its registered office at Neuhofweg 51, 4147 Aesch BL, Switzerland, registered with the Registry of Commerce and Companies of Witterswil under the number CHE-107.895.600, both acting in their capacity as separate data controllers under applicable data protection laws and regulations (hereinafter the “Controller”, “us”, “we” or “our”). You can contact Invacare International GmbH or Küschall at: phone and contact form which can be found in the footer of the Site.

C. Objective

We take the protection of your personal data seriously. For this purpose, we have developed this EU Privacy Policy (this “Policy”) which explains how we collect, use, disclose, transfer, store and otherwise process your Data.
This Policy applies to the processing of personal data of Site visitors from the EU or where applicable EU, EU Member State or Swiss data protection laws so provide.

D. Scope

This Policy describes how we process personal data through this Site, which is designed for use in the European Union (“EU”). If you choose to access our other websites which are designed for use in other regions of the world (such as our North American website www.invacare.com), the website privacy policy found on those websites will apply to your use of those websites. We urge you to visit the websites intended for use in your country.
 

E. Categories of Data processed, legal basis and purposes of the Data processing

 E.1 Details of the data processing activities
Depending on the services provided by the Site and used by you, on your choices and configuration (with respect to cookies and other tracking technology) of your computer or other device with which you access this Site, the Controller processes the following personal data concerning you (your “Data”):
Processing Purpose Categories of Data Legal basis of the processing pursuant to Art. 6 and 9 of the GDPR, as the case may be Data retention period
To reply to your queries sent via the “Contact Invacare” form or via email or via phone or via mail Contact details (first name, last name, country, email), request type, correspondence Legitimate interest to reply to your queries, requests for documentation, to provide you with adequate support or to provide requested information about our products For the time needed to process your request, however, in any case no later than one (1) month after the response has been provided
To register for a training for professionals sent via the “Training” web form Contact details, date and content of training
 
 
Health-related information (i.e., dietary restrictions for catering purposes)
Your consent, and where necessary, your explicit consent Two (2) years as of the date on which the Data was collected or as of your last contact with us
 
Health-related data will be deleted after the training, however, in any case no later than one (1) month thereafter
 
To subscribe to any of Invacare marketing communications sent via the “Subscription” form or by checking the opt-in box in all web-based forms Contact details, marketing preferences and correspondence Your consent Two (2) years as of the date on which it was collected or as of your last contact with us
To create an account to access the Customer Self Service Access (i.e., the Invacare Professional area) to access professional content Credentials and contact details Performance of contract Two (2) years as of the date on which the Data was collected or as of your last contact with us
To secure access the Customer Self Service Access website Credentials and stamp connection Legitimate interest Two (2) years as of the date on which the Data was collected or as of your last contact with us
Statistical purposes and analytical services Connection log Legitimate interests to provide security and performance of the Site and service enhancement Two (2) years as of the date on which the Data was collected or as of your last contact with us
To provide the Site in your preferred language IP address and language preference Legitimate interest to customize the Site in line with your requested language preference Two (2) years as of the date on which the Data was collected or as of your last contact with us
 
For information about cookies and other tracking technology used on this Site, please see our Invacare EU Cookies Policy.
Data that is indispensable (such as contact details for the “Contact Invacare” form) for the Controller to fulfil the purposes that are described above is marked with an asterisk at the appropriate place where we ask for it on the various pages of the Site. If you do not complete these mandatory fields, we may not be able to take care of your request and/or to provide you with the requested services.  Other Data is purely optional and you can decide to provide it or not, but it allows us to know you better and to improve our communications and services.
E.2 Legal bases of the data processing activities
According to GDPR Article 6 (1), any processing activities must have a lawful legal basis.
The processing activities concerning your Data have one of the following legal basis:
  • processing is necessary for the performance of a contract to which the data subject (i.e., the Site visitor) is party or to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party as identified in the purpose section (for example to prevent fraud, for information security or administrative purposes or in order to report potential crimes). We will never process your data where these interests are overridden by your own interests or by your fundamental rights and freedoms.
  • the data subject has given consent to the processing of his or her Data for one or more specific purposes. 
In addition to the above, when processing special categories of personal data, we base such processing on one of the following legal bases, as provided in Article 9 of the GDPR:
  • the data subject has given explicit consent to the processing of his or her Data for one or more specific purposes; or
  • the processing is necessary for the establishment, exercise or defense of legal claims.
 

F. Legitimate interests pursued

As a company pursuing the manufacture and distribution of innovative home and long-term care medical products that promote recovery and active lifestyles, we sometimes need to process your Data to pursue our legitimate business interests, for example, to prevent fraud, information security, administrative purposes or reporting potential crimes. The nature of our legitimate interests is described in Section E.1. We will not process your Data where these interests are overridden by your own interests or by your fundamental rights and freedoms.
 

G. Recipients of the Data and Data Transfer to a Third Country

Your Data is processed by the Controller. Your Data is being transmitted Intra-Group or made accessible to our service providers who support us with respect to our Data processing activities and other recipients for all the purposes set out above in Section E.1, as specified further below.
G.1 Intra Group
We also disclose your Data to other Invacare group companies and departments (such as Marketing, IT, and Sales), for all the purposes specified in Section E.1. A list of Invacare group companies is available at http://www.invacare.com/cgi-bin/imhqprd/global.jsp.
G.2 Third Parties
Recipient Category of Data Purpose of the data processing
Service providers in the sector of information technology providing Site hosting services; 
Service providers in the sector of marketing providing site development services
Contact details See Processing Purposes in Section E.1
Service providers in the sector of information technology providing Site hosting services; 
Subcontractors in the sector of marketing providing site development services
IP address To access the microsites of Invacare in your preferred language
Service providers in the sector of information technology providing site hosting services; 
service providers in the sector of marketing providing Site development services
Connection log See Processing Purposes in Section E.1
 
 
The Controller also discloses your Data to third parties if such disclosure is required by law, by a statutory requirement or by a court ruling, or if this disclosure is necessary in order to protect the vital interests of the data subject or of another natural person or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court proceedings.
 

H. International Data Transfers

Due to the global nature of our operations, some of the recipients of your Data are located abroad, including in third countries outside the European Economic Area (“EEA”) which do not provide an adequate level of protection for personal data. You can find the list of third countries that have been officially recognized by the European Commission as providing an adequate level of protection at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. This includes Switzerland.
H.1 Intra-Group
International intra-group Data transfers will be to countries where Invacare has offices, including Switzerland and the United States of America. Transfers to Switzerland are based on the European Commission’s adequacy finding (see here). The transfer of your Data outside the EEA to the USA takes place on the basis of Invacare’s EU-U.S. Privacy Shield certification.
H.2 Third Parties
Some of the third parties with whom we share Data are also located outside the EEA.

Transfers to third parties located in third countries outside the EEA take place using a data transfer mechanism which is acceptable under the applicable data protection laws, such as the EU-US Privacy Shield for transfers to self-certified US organizations (see here), the EU Standard Contractual Clauses (see here), Binding Corporate Rules (see here), approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations. 

Please contact EUprivacy@invacare.com, if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
 

I. Your Rights

In accordance with applicable data protection laws, you have the following rights in relation to your personal data:
I.1 Access
You have the right to access. i.e.: the right to obtain from the Controller confirmation if your personal data is being processed, access to your personal data and the relevant information about such processing as provided by applicable data protection laws. You also have the right to obtain from the Controller a copy of the personal data undergoing processing.
I.2 Rectification
You have the right to rectify. i.e.: the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete data completed.
I.3 Erasure
You have the right to erase (i.e., delete) your personal data held by the Controller: this means you have the right to obtain from the Controller the erasure of personal data concerning you without undue delay when one of the following grounds applies:
  • the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  • you withdrew the consent on which the data processing is based and there is no other legal ground for the processing;
  • you object to the data processing and there are no overriding legitimate and compelling grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data shall be erased to comply with a legal obligation in the EU or with an EU Member State law to which the Controller is subject.
I.4 Objection
You have the right to object to the processing of your personal data on grounds relating to your particular situation.
 
You can also object at any time to the processing of your personal data for marketing purposes.
 
I.5 Restriction
You may request Controller to restrict the processing if:
  • you contest the accuracy of your personal data;
  • the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, the exercise or the defense of legal claims;
  • you object to the processing of your personal data based on public or legitimate interest – for a period we need to verify your request.
I.6 Data Portability
You have the right to receive the personal data concerning you which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the first controller.
 
I.7 Refusal to Give and Withdrawal of Consent
You are free to refuse to give consent and you can withdraw your consent to the processing at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
 
I.8 Separate Controllers
The Controller entities act as separate controllers so you can exercise your rights set out in this Notice in respect of and against each of them. The Controller entities which act as separate controllers have concluded an agreement reflecting their respective roles and relationships. Please contact EUprivacy@invacare.com if you want to know more about this contractual arrangement.

J. Contact details of the Privacy Lead (PL) and right to lodge a complaint

You can exercise your rights described in Section I above at any time by contacting:
Invacare International GmbH
Attention to: Privacy Lead (PL)
Neuhofweg 51
4147 Aesch BL
Switzerland

Küschall AG
Attention to: Privacy Lead (PL)
Neuhofweg 51
4147 Aesch BL
Switzerland

Invacare Poirier SAS
Attention to: Privacy Lead (PL)
Route de Saint Roch
37230 Fondettes
France

Email address: EUprivacy@invacare.com

Should you have any question about the collection and processing of your Data by the Controller, you can contact us at the same address listed above.
You may also address any complaint to the competent supervisory authority, in particular in the EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred, regarding the way in which the Controller collects and processes your Data.
 
Logo Küschall