Data protection is a subject of special importance for Heraeus Medical: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
Special information for United Kingdom:
Further information can be found under Google Analytics Terms of Service & Privacy. Please note that on this website, Google Analytics code is supplemented by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so called IP-masking).
1. General
1.1. Objective and responsibility
This Privacy Policy is intended to inform you about the nature, scope, and purpose of the processing of personal data on our website www.heraeus-medical.com and the associated web pages, features, and content (hereinafter collectively referred to as the "Website"). This Privacy Policy applies regardless of the systems, platforms, and devices (e.g., desktop or mobile) on which the Website is made available.
The provider of this website and the entity responsible for data protection is Heraeus Medical GmbH (hereinafter referred to as the "Provider," "we," or "us"). For further details and contact information, please refer to the legal information on our website.
You can contact our Data Protection Officer at the following email address: dataprotection@heraeus.com or by mail: Data Protection Officer, c/o Heraeusstr. 12-14, 63450 DE-Hanau.
The term "user" refers to all customers and their employees, as well as visitors to our website.
1.2. Legal basis
Your personal data is collected and processed on the following legal bases:
Consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR): Consent is a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his or her personal data.
Necessity for the performance of a contract or for taking steps prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR, i.e., the data is necessary for us to fulfill our contractual obligations to users, or we need the data to prepare a contract with users.
Processing to fulfill a legal obligation under Article 6(1)(c) of the GDPR, i.e., data processing is required by law or other regulations.
Processing to protect legitimate interests pursuant to Article 6(1)(f) of the GDPR, i.e., processing is necessary to protect our legitimate interests or the legitimate interests of a third party, provided that such interests do not override the fundamental rights and freedoms of users that require the protection of personal data.
1.3. Rights of data subjects
You may exercise your rights as a data subject with respect to your processed personal data at any time by contacting the Data Protection Officer using the contact information provided above. As a data subject, you have the following rights.
1.3.1. Right to withdraw consent: If personal data is processed on the basis of consent, you have the right to withdraw that consent at any time with future effect, in accordance with Article 7 of the GDPR.
1.3.2. Right to information: In accordance with Article 15 of the GDPR, you may request confirmation as to whether your data is being processed. If this is the case, you have the right to obtain information about the data free of charge.
1.3.3. Right to rectification: If personal data has been processed inaccurately, you have the right to have that data rectified without undue delay in accordance with Article 16 of the GDPR.
1.3.4. Right to erasure: If you have withdrawn your consent, objected to the processing of your personal data (and there are no overriding legitimate grounds for the processing), your personal data is no longer necessary for the original purpose of the processing, there is a corresponding legal obligation, or personal data has been processed unlawfully, you have the right to have your personal data erased in accordance with Article 17 of the GDPR.
1.3.5. Right to restriction of processing: In accordance with the provisions of Article 18 of the GDPR, you have the right to request that the processing of your personal data be restricted.
1.3.6. Right to data portability: Under Article 20 of the GDPR, you have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format.
1.3.7. Right to object: If the processing of personal data is necessary to protect the legitimate interests of our company, you may object to such processing at any time in accordance with Article 21 of the GDPR.
1.3.8. Right to lodge a complaint: Under Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authorities.
1.4. Deletion of data
Your personal data will be deleted as soon as the purpose for which it was collected no longer applies and there are no further legal or contractual obligations to retain it.
1.5. Security measures
State-of-the-art organizational and technical security measures are implemented to ensure compliance with legal requirements and to protect personal data against accidental or intentional manipulation, loss, destruction, and unauthorized access.
1.6. Sharing of Data with Third Parties and Third-Party Providers
We disclose data to third parties only in accordance with legal requirements. We share user data with third parties only when necessary (e.g., for billing purposes) or for other purposes required to fulfill our contractual obligations to users or to comply with legal regulations.
To the extent that we use subcontractors to provide our services, we will take appropriate legal precautions as well as technical and organizational measures to protect personal data in accordance with applicable legal requirements.
If, within the scope of this Privacy Policy, we use content, tools, or resources from other providers (hereinafter collectively referred to as "third-party providers") that are based in a third country, it can be assumed that data will be transferred to those third countries.
Third countries are countries where the GDPR does not apply directly, i.e., in principle, all countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if users have given their consent, or if the transfer of such data is permitted by law.
1.7. Obligation to Provide Personal Data
We do not make the conclusion of contracts between you and us contingent on your prior provision of personal data to us. In principle, there is no legal or contractual obligation for you, as a customer, to provide us with your personal data; however, we may be unable to provide certain offers, or only to a limited extent, if you do not provide the necessary data. Should this be the case in exceptional instances with regard to the offers described below, you will be informed of this separately.
1.8. Automated decision-making pro-cess
We do not intend to use the personal data we collect from you for automated decision-making processes (including profiling).
1.9. Update to the Privacy Policy
We reserve the right to amend this Privacy Policy to reflect changes in the legal landscape or changes to our services and data processing practices.
If the user’s consent is required, or if elements of the privacy policy constitute part of the contract entered into with the user, changes will be made only with the user’s consent.
Users are asked to review the privacy policy regularly.
2.1. Hosting & CDN
We host our website externally and use a content delivery network (CDN) to ensure that our website is fast, reliable, and secure.
2.1.1. Amazon Web Services
We use the services and infrastructure of Amazon Web Services to operate our website and its components. The provider is Amazon Web Services, EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as "Amazon").
When you visit our website, Amazon records various log files, including your IP addresses. Amazon’s use of this data is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is provided securely, quickly, and efficiently by a professional service provider.
We have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR for the use of the aforementioned service.
Data is transferred to the United States based on the European Commission’s Standard Contractual Clauses. For more details, please visit: aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/
2.1.2. Fastly
We use the Fastly Content Delivery Network (CDN). The provider is Fastly, Inc., 475 Brannan St 300, San Francisco, USA (hereinafter referred to as "Fastly").
Fastly is a globally distributed content delivery network. For the technically necessary transactions, data is transmitted between your browser and our website via Fastly’s content delivery network. We use Fastly based on our legitimate interest in ensuring that our website is displayed as quickly as possible, without interruptions, errors, or security issues (Art. 6(1)(f) GDPR).
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
Data is transferred to the United States based on the European Commission’s Standard Contractual Clauses. For more details, please visit: www.fastly.com/de/data-processing
Fastly is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participantdetail
2.2. Data Processing on our Website
When you access our website, your browser automatically sends us certain information; This includes the name of the website and files accessed, the date and time of access, the amount of data transferred, notifications of successful access, browser type and version, your operating system, the referrer URL (the page you visited before visiting our website), your IP address, and the requesting provider.
The processing of the aforementioned personal data is technically necessary in order to provide you with our website as a service and is based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR with regard to the operation of our website and to ensure the security of the processing (e.g., to prevent and detect cyberattacks).
2.3. Contacting us
When you contact us (via contact form, e-mail or telephone), your inquiry – including the personal information you provide (name, subject of inquiry, contact information) – will be stored and processed by us for the purpose of handling your inquiry.
The processing of this data is based on Article 6(1)(b) of the GDPR if the inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if applicable.
Your data may be stored in our customer relationship management systems ("CRM systems"). The legal basis for the further processing of your data is the preparation of a business transaction (pursuant to Article 6(1)(f) of the GDPR).
2.4 Consent Management for Data Pro-cessing and the Use of Cookies
We use a Consent Management Platform (CMP) called CookieFirst to obtain the legally required consent for the use of cookies and other information, such as that stored in local and session storage, and to legitimize the subsequent data processing through consent where applicable. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands. For more information, please visit: cookiefirst.com
We use the CMP to comply with legal obligations. Data processing is based on Article 6(1)(c) of the GDPR.
Specifically, we use CookieFirst to obtain your valid consent for the use and storage of information on the device you use to access our website, as well as for subsequent data processing based on consent, if necessary; to properly document this, we use a consent management platform.
When you access our website, a connection is established with the CookieFirst server to allow us to obtain your valid consent to the use of certain cookies and other technologies, as well as to data processing based on your consent. CookieFirst then stores a cookie in your browser to ensure that only the cookies you have consented to are activated and to properly document this. The processed data is stored until the specified retention period expires or you request the deletion of the data. Notwithstanding this, certain statutory retention periods may apply.
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
2.5. Use of cookies
We use essential cookies and similar technologies to the extent that they are technically necessary for our website to function properly. This includes, in particular, saving settings, ensuring that requested content is displayed correctly, and ensuring that technical processes can be executed reliably.
We use non-essential cookies only if you have given your explicit consent (opt-in) in accordance with Article 5(3) of Directive 2002/58/EC (also known as the "ePrivacy Directive," hereinafter "ePD") and the relevant national law implementing Article 5 (3) ePD. If you do not want cookies or other information to be stored on your computer, you can also disable the corresponding option in your browser’s system settings. Stored cookies and other information can also be deleted in the browser’s settings. Disabling cookies and other information may result in functional limitations on this website.
If you have consented to the storage of cookies and information on your device or to the access of information stored on your device, both activities are carried out in accordance with Article 5(3) of the ePD.
We obtain users' consent to the use of cookies and other information on all websites within the domain listed above.
You can change your cookie settings here.
2.6. Google Tag Manager GTM)
We use the Google Tag Manager service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").
Google Tag Manager (“GTM”) is used to centrally manage and control scripts and services (“tags”) on our website. GTM also ensures the proper functioning of the Consent Management Platform (CMP), which manages user consent.
Tags are small pieces of code used to integrate and control services such as analytics, marketing, or functionality on a website. GTM is used on our website solely as a control and management function for external services, ensuring that scripts requiring consent—such as analytics or marketing tools—are only activated after you have given your active consent. For embedded content (e.g., videos or social media elements), GTM ensures that such content is not loaded and displayed automatically, but only after you have given your active consent. Prior to this, only an information banner is displayed.
Google Tag Manager itself does not set any cookies or process any personal data; its sole purpose is to trigger the tags described. Depending on the service being loaded, the loading process may trigger device access requiring consent and data transmission. Which (personal) data is processed and how long it is stored depends entirely on the individual services integrated via GTM.
The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in the simple and efficient integration and management of tags on our website. To the extent that consent is required for certain processing activities, such processing is carried out exclusively on the basis of your prior consent pursuant to Article 6(1)(a) of the GDPR and Article 5(3) of the ePD, provided that the consent covers the storage of cookies or access to information on the user’s device. Consent may be revoked at any time.
The data collected by the individual tags may be transferred to Google’s servers in the United States and processed there. Google is certified under the EU-U.S. Data Privacy Framework, which is intended to ensure an adequate level of data protection.
2.7. Server-side tracking with Google Tag Manager (sGTM)
In addition to the client-side Google Tag Manager (GTM), we use a server-side Google Tag Manager (“sGTM”) to technically control the collection and processing of data. In this process, tracking or analytics information is not transmitted directly from the browser to third-party providers, but is first sent to a server operated by us. There, the data is pseudonymized or aggregated in advance before being forwarded to services such as Google Analytics or other analytics or marketing platforms.
This architecture provides greater control over which information is shared with third parties and reduces reliance on browser-based tracking mechanisms. Depending on the configuration, server-side first-party cookies may also be used.
The processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in data-protection-friendly and efficient web analytics. To the extent that consent is required for certain processing activities, processing is carried out exclusively on the basis of your prior consent pursuant to Article 6(1)(a) of the GDPR and Article 5(3) of the ePD, insofar as the consent covers the storage of cookies or access to information on the user’s device. Consent may be revoked at any time.
For more information about Google's data processing practices, please review Google's Privacy Policy at the following links: https://policies.google.com/privacy?hl=de and https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
2.8. Google Analytics
This website uses features of the web analytics service Google Analytics either directly in your browser (client-side tracking) or indirectly on our web server (server-side tracking). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Analytics enables the website operator to analyze the behavior of website visitors.
The website operator collects various usage data, such as page views, time spent on the site, operating systems used, and the user’s location. Google may combine this data into a profile that is associated with the respective user or their device.
The purpose of using Google Analytics is to enable user recognition for the purpose of analyzing user behavior through the use of various technologies (e.g., cookies or device fingerprinting). We use demographic characteristics for our analyses. The information collected by Google regarding the use of our website is generally transmitted to a Google server in the United States and stored there.
The use of Google Analytics is based on your consent in accordance with Article 6(1)(a) of the GDPR and Article 5(3) of the ePD. You may withdraw your consent at any time with future effect.
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
Data is transferred to the United States based on the European Commission’s Standard Contractual Clauses. For more details, please visit: privacy.google.com/businesses/controllerterms/mccs/.You may object to the collection and storage of your data at any time with future effect. You can object to the collection and storage of data by Google Analytics with future effect by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
Data stored by Google at the user and event level that is associated with cookies, user identifiers (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android Advertising ID) is anonymized or deleted after 26 months. For more details, please visit the following link: support.google.com/analytics/answer/7667196
For more information about how Google uses data, as well as options for managing your settings and opting out, please visit Google’s websites: www.google.com/intl/de/policies/privacy/partners. (“How Google uses data when you use our partners’ websites or apps”), www.google.com/policies/technologies/ads (“How we use data for advertising”), www.google.de/settings/ads (“Manage the information Google uses to show you ads”).
2.9. Friendly Captcha
We use the "Friendly Captcha" service (www.friendlycaptcha.com) on our website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a security measure designed to prevent automated programs and scripts (known as "bots") from accessing our website.
Friendly Captcha does not set or read cookies on the visitor's device. For more information about data protection when using Friendly Captcha, please visit friendlycaptcha.com/legal/privacy-end-users/.
The legal basis for this processing is our legitimate interest in protecting our website from unauthorized access by bots, including protection against spam and the prevention of attacks (e.g., mass requests), pursuant to Article 6(1)(f) of the GDPR.
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
2.10. LinkedIn Insight Tag
We use the LinkedIn Insight Tag service, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn"), to measure conversions. This tool places a cookie in your web browser. We use this cookie exclusively with your consent in accordance with Article 5(3) of the ePD. The processing of the data is based solely on your consent (Art. 6 (1) (a) GDPR).
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
The cookie enables the collection of data regarding LinkedIn members' visits to our website, including the URL, referrer, IP address, device and browser characteristics (user agent), and timestamps. IP addresses are truncated or hashed (when used to reach LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.
LinkedIn does not share any personal data with us, but does provide anonymous reports on website traffic and ad performance.
LinkedIn members can control how their personal data is used for advertising purposes through their account settings: www.linkedin.com/psettings/advertising/actions-that-showed-interest
You can opt out of LinkedIn’s analysis of user behavior and targeted advertising by clicking the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out
For more information about data protection on LinkedIn, please see LinkedIn's Privacy Policy: www.linkedin.com/legal/privacy-policy
2.11. YouTube
We embed videos from the YouTube website. YouTube is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on our website that contains an embedded YouTube video, YouTube is automatically notified of which of our pages you have visited.
YouTube also uses technologies that allow it to collect information about visitors to this website. This information is used, among other things, to generate video statistics, improve the user experience of the website, and prevent fraud.
If you are logged into your YouTube account while visiting our site, you are allowing YouTube to associate your browsing activity directly with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube based on our legitimate interest in presenting our website in an appealing manner, in accordance with Article 6(1)(f) of the GDPR. If consent has been provided, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 5(3) of the ePD, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). This consent may be revoked at any time with future effect.
For more information about YouTube's data processing practices, please refer to YouTube's Privacy Policy: policies.google.com/privacy?hl=en
2.12. Wistia
We embed videos from the Wistia website. Wistia is operated by Wistia, Inc., 120 Brookline St, Cambridge, MA 02139-4503, United States.
When you visit a page on our website that has a Wistia video embedded in it, Wistia automatically receives and stores information in its server logs, including data related to viewing, listening to, or accessing media (including when you pause and resume media, how many and which media items from a specific Wistia customer you have viewed, and how often you have viewed, listened to, or accessed specific media items), data related to the use of Wistia services, IP address, device, “cookie” information, and the page you requested.
We use Wistia based on our legitimate interest in presenting our website in an appealing manner, in accordance with Article 6(1)(f) of the GDPR. If consent has been provided, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Article 5(3) of the ePD, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). This consent may be revoked at any time with future effect.
For more information about Wistia’s data processing practices, please see Wistia’s Privacy Policy: wistia.com/privacy
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participantdetail
We use the Microsoft Dynamics 365 CRM system from Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland; hereinafter “Microsoft”) as a cloud service, which means that the data is processed in Microsoft data centers.
We use your data solely for the technical processing of inquiries and do not share it with third parties.
We use the system primarily to manage customers and prospects (leads) and to process user inquiries more quickly and efficiently. The use of the system is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR.
We have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR for the use of the aforementioned service.
Microsoft 's parent company is located in the United States and is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participantdetail
For more information on data protection, please see Microsoft's Privacy Statement at privacy.microsoft.com/en-US/privacystatement.
4.1. Mailings
We use the Microsoft Dynamics 365 Customer Insights – Journeys automation system from Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland—hereinafter referred to as "Microsoft Dynamics"—to conduct marketing campaigns, for analytical purposes, and to contact customers and prospects in a way tailored to specific target groups. The data is processed within the European Union.
In particular, we use the system to send email notifications (e.g., in connection with the provision of downloads), for event management (e.g., to manage event participants), and to provide landing pages and contact forms.
The use of Microsoft Dynamics, the collection and analysis of statistics, and the logging of the registration process for email communication are carried out, depending on the specific use case, based on your consent pursuant to Art. 6 (1)(a) of the GDPR or on the basis of our legitimate interests in the efficient implementation of marketing and communication measures and the optimization of customer-related processes pursuant to Art. 6(1)(f) of the GDPR. If such consent has been provided, processing is carried out exclusively on the basis of Art. 6(1) (a) GDPR and Art. 5 (3) ePD, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). This consent may be revoked at any time with future effect.
System components integrated into our website (e.g., forms) use so-called "cookies," which are stored on the user's computer and enable us to analyze how the website is used. Specifically, the following information is collected: client ID, geographic location, browser type, duration of the visit, and pages viewed.
Email Tracking: The statistical information collected includes whether the email was opened, when it was opened, and which links you clicked. This information can technically be linked to individual email recipients.
4.2. Double opt-in and data collection for newsletters and white paper requests:
Subscription to our newsletters and requests for white papers are generally subject to a "double opt-in" process. This means that after subscribing to our newsletter or requesting a white paper, you will receive an email asking you to confirm your request. Such confirmation is necessary to ensure that individuals do not sign up using someone else’s email address. Your request is logged so that the registration process can be verified in accordance with legal requirements. This includes recording the date and time of your request and confirmation, as well as your IP address. Any changes to your data stored by us are also logged.
Unsubscribing from newsletters: You can unsubscribe from the newsletter at any time, which means you can withdraw your consent to receive it. There is an unsubscribe link at the bottom of every newsletter. Your personal data processed in connection with the sending of the newsletter will be deleted after you unsubscribe.
For more information on data protection, please see the Microsoft Privacy Statement at https://privacy.microsoft.com/en-US/privacystatement.
For more information about the use of cookies in connection with the system, please visit https://docs.microsoft.com/en-US/dynamics365/marketing/cookies.
5.1. Online Presence and Social Media
We maintain a presence on several social media networks and platforms to communicate with active customers, prospective customers, and users who are active there, and to inform them about our services.
Please note that user data may be processed outside the European Union and Switzerland. This may pose risks to users, as it could, for example, make it more difficult to enforce their rights.
In addition, user data is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting information about users’ interests. These user profiles can in turn be used, for example, to display advertisements—both on and off platforms—that are presumed to align with users’ interests. For these purposes, cookies are typically stored on the user’s computer to track the user’s behavior and interests. Additionally, data in user profiles may also be stored separately from the users’ devices (particularly if the users are members of the respective platforms and are logged in there).
Users’ personal data is processed on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR for the purpose of providing information to users and communicating with them. If users are asked to consent to data processing by the respective providers (i.e., to give their consent, e.g., by checking a box or clicking a button), the legal basis for the processing is consent pursuant to Article 6(1)(a) of the GDPR.
Please note that if you have any requests for information or wish to exercise your rights, it is best to contact the respective provider directly. Only the providers have access to your data and can take appropriate action and provide information. If you still need assistance, please feel free to contact us.
For a detailed overview of the processing and opt-out options described in this section, please refer to the provider’s information available at the following links:
Facebook / Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland)
Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
6.1. Customer Feedback
We collect feedback from our customers at regular intervals and on various occasions. We use your information to contact you and ask you to participate in the survey. Participation in customer surveys is always voluntary.
To conduct customer surveys, we use “Dynamics Customer Voice” from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA)—hereinafter referred to as “Microsoft”—as a cloud service.
For more information about data protection, please see Microsoft's Privacy Statement at https://privacy.microsoft.com/en-gb/privacystatement.
The legal basis for data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR.
To use the service mentioned above, we have entered into a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.
In most cases, we generate an ID for your questionnaire to conduct the survey, which allows us to link your responses to a specific process and, as a rule, to you personally. We do not share your personal data with the provider of the survey tool. If the survey invitation is already sent via the provider’s software, we will first transmit your business contact information to the provider: first name, last name, company name, and email address.
As part of the survey, we may also collect personal data, such as your interest in products, your assessment of your experiences with Heraeus, or your phone number for follow-up questions. We will use your responses to continuously improve our offerings—in collaboration with you, if applicable. In this context, we will contact you if there is a reason to do so, e.g., because you have expressed a request, a suggestion, or an expectation. If you participate in a contest offered by us as part of the survey, we may also use your data to contact you regarding the contest, to inform you of any prize you may have won, and to coordinate the next steps with you.
If you would like your responses to be deleted after the survey begins or even after you submit them, you can let us know at any time—for example, in your reply to the survey invitation. We will then immediately delete your responses from the survey tool and—provided they have been forwarded and no legal requirements prevent it—from our systems. Regardless of this, your data will be deleted from our systems no later than the expiration of the statutory retention periods.
7.1. Platform for electronic Instructions for Use (eIFU)
We provide electronic Instructions for Use (eIFU) to our customers at the external platform ifu.heraeus-medical.com. Provider of the platform is dokspot GmbH (https://www.dokspot.com/).
When visiting the eIFU platform no personal data gets stored. The platform provider is able to generate statistics on the use of the eIFU portal without providing any personal data. These reports may include number of website visits, duration of visits and location of visits.
In order to find, view and download product-related eIFUs the following cookies are set for better user experience:
| Cookie set | Storage duration | Priority | Cookie Purpose |
|---|---|---|---|
| _dokspot_lang | 24 h | Medium | Set selected website language |
| _dokspot_disclaimer | 30 min | Medium | Set healthcare professional confirmation |
| mp_dokspot | 24 h | Medium | Record location and duration of access |
| _dokspot_gdpr-consent | 24 h | Medium | Set user agreement with privacy policy |
| _dokspot_session | 24 h | Medium | Set to time out open content |
The eIFU platform provides the user with the possibility to request a paper copy of an eIFU. For this purpose, personal data (e.g. title, name, business address, business email address or business phone number) need to be submitted in a form. The submitted data is stored in ISO 27001-certified data centers. Access to personal data is password and multi-factor authentication-protected. The personal data will be deleted four weeks after the request has been completed.
The processing of personal data in connection with the use of the eIFU platform is based on Article 6 (1) (f) of the GDPR. Our legitimate interest lies in providing a technically functional and user-friendly platform for electronic instructions for use, as well as in ensuring the security and stability of the service. To the extent that personal data is processed in connection with a request for a paper copy of the eIFU via the provided form, this is done to process the request and is therefore based on Article 6 (1) (b) of the GDPR.
We reserve the right to amend this Privacy Policy to reflect changes in the legal landscape or changes to our services and data processing practices.
If the user’s consent is required, or if elements of the privacy policy constitute part of the contract entered into with the user, changes will be made only with the user’s consent.
Users are asked to review the privacy policy regularly.
Last updated: 16. June 2026