1. Introduction
The protection and security of personal data is of paramount importance to Institut Straumann AG and its affiliates (“Straumann”). We collect and process personal data in compliance with applicable data protection and privacy laws and regulations, including the GDPR (EU Data Protection Regulation), and Swiss data protection law..
It is important for us that you are aware of which personal data are collected when you visit our website and when you make use of our services or offers. We also want you to be aware of how we use this data subsequently. This privacy notice provides information on this and about how we protect your personal data from manipulation, loss, destruction or improper use. Specific Straumann services may be subject to further information, which we will provide in additional privacy notices.
2. What measures do we implement to keep your data secure?
We take technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The measures are designed to ensure the confidentiality and integrity of your data and to ensure the continued availability and resilience of the systems and services processing them. Our security measures include encryption of your data, firewalls and password protection. Our data processing and security measures are improved constantly in line with technological developments. Please note, however, that, when accessing our websites and services, you are solely responsible for using adequately secured devices (e.g. antivirus software) in order to avoid any unauthorized access by third parties.
3. How do we use your personal data?
"Personal Data" refers to any information that identifies, or can be used to reasonably identify, you personally, for example your name, address, phone number, email address or invoicing details, or any materially similar or analogous concept or definition as defined and protected by applicable data protection laws and regulations. In certain jurisdictions, sensitive information is a sub-set of Personal Data which is subject to greater privacy protections, and includes health information. The Personal Data we will collect from you varies depending on the purpose it is collected for and may include identifying information such as name, age and contact details and/or if related to patients may include health related information. .Where sensitive information may only be collected with your consent under applicable laws, we will obtain your consent for doing so.
We will only use or disclose your Personal Data for the purpose for which it was collected, unless an exception or other legal basis for its processing applies, in which case we may use or disclose your Personal Data for another purpose pursuant to applicable laws.
We collect and process Personal Data only if permitted by law or if you have given prior consent. We will process and store your information as long as we are required to do so by law or until the reasonable fulfilment of the purposes for which it was collected; for your rights (which may include revocation, withdrawal and deletion rights, depending on applicable laws) please see sections 7 and 9 below. We obtain Personal Data relating to you either directly from you, from partnered third party companies whose products you have acquired and, to the extent legally permitted, from publicly available sources. Unless otherwise provided in specific separate applicable documentation or in specific sections hereunder, Straumann is always an independent controller under applicable data protection laws.
Our processing of your Personal Data depends on your interaction with us and requires your consent or another legal basis. We will process your Personal Data for the following purposes:
a. Contact and information requests
We use your Personal Data to process and respond to your contact and information requests. The legal basis depends on the nature of the request: contractual necessity, your consent or our legitimate interests.
b. E-shop & Orders
We use your Personal Data for registration in our eShop and other platforms to process your orders, payments, invoicing and for providing customer support. Your details will also be processed by our production partners and for shipping the products you order as well as to address your inquiries about products. Our legal bases are contractual necessity, your consent, the defense of legal claims and legal obligations to which we are subject to, such as retention of invoices for statutory retention periods.
Your Personal Data may further be used to improve the eShop and for marketing purposes based on our legitimate interests or your consent if the latter is required by applicable laws.
c. Offline and online Marketing
We may inform you about our products, services, training courses, events and customer surveys in the field of dentistry. We may also conduct customer analysis, which may include the combination of data we receive from you offline and online, in order to provide you with customized information or offers as well as courses, events and customer satisfaction surveys which may be of interest to you in the field of dentistry. Subject to applicable laws, our legal bases are your consent or our legitimate interests. We will obtain your consent to conduct marketing your Personal Data if required by applicable laws.
d. Course & event registrations
We use your Personal Data to carry out registration for courses and events, to provide subscribed services, and to send invoices, based on your consent or our contractual obligation. We may also provide you with information about such courses or events based on your consent or our legitimate interests depending on applicable data protection laws’ requirements. Where applicable and indicated, your details will also be processed by our cooperation partners for the execution and/organization of the courses and events. We may further process the data based on legal obligations to retain data pertaining to invoices or contracts, our legitimate interests, and the defence of legal claims.
e. Online job applications
When you apply for a job opening, training opportunity or internship with us, whether directly on our dedicated website, through a third-party agency or website or by referral, we use and process your address, contact information and application data for the purpose of processing and evaluating your application, contacting you and performing interviews. The legal bases are your consent, contractual necessity, legitimate interests or our legal obligations in verifying certain information. We may further process information in order to improve our application process based on our legitimate interests.
f. Social media pages
Straumann has a presence on certain social media networks, such as Facebook, LinkedIn, TikTok and Instagram. These offer you the opportunity to respond to our posts, comment on them, create a user post yourself and to send us private messages with personal concerns. For EEA countries, certain aspects of the administration of those social media pages is performed based on joint controllership subject to the terms provided by such social media networks, which also make available the essence of the arrangement with Straumann. The data you provide in this context and which may be accessible to us (e.g. username, pictures, interests if applicable, contact data, interactions with our pages, likes and comments to our posts, direct messages) will be used by us exclusively for the purpose of customer and prospect communication based on our legitimate interests. Our interest lies in providing you with a platform on which we can display up-to-date information and with the help of which you can address your request to us and we can respond to your request in a timely manner.
g. Regulatory obligations and scientific research
In its role as legal manufacturer of medical devices, Straumann is subject to a variety of laws, regulations and standards globally which aim at providing a high levels of patient health protection and high quality and safety standards for medical devices. As such, Straumann is required to ensure the safety, quality, and effectiveness of its products through compliance with the following non-exhaustive list of obligations: obtaining regulatory authorities’ approvals, informing itself about and tracking, monitoring and reporting adverse events, testing and clinical evaluations, post market clinical follow-up reporting and surveillance processes, maintenance of quality management systems and quality complaints processes. When data is passed on to the regulatory authorities in this context it is always in an aggregated or pseudonymized form so as not to enable identification of the data subjects involved. The legal bases for these further processing activities are our legal obligations and the public interest in ensuring high quality and safety standards for medical devices and health care treatments, scientific research, and the defense of legal claims, or our legal obligations and our legitimate interests in complying with cross-border laws and regulations applicable to us and a public interest in global medical devices safety standards as well as the defense of legal claims .Data subject consent may be the applicable basis where legally required.
Scientific research, product development and clinical evaluations may also be performed by Straumann, in compliance with applicable laws and regulations, based on pseudonymized data and with all appropriate documentation and information in place. The legal bases for such processing activities are our legitimate interests in achieving high quality and safety standards for our medical devices, patient health care as well as scientific research.
h. Statistical and usage data
Straumann uses products, services and software information pertaining to performance and usage of the same (“Usage Data”) in order to analyze and leverage understanding of the use of such products, services and software through statistics (in aggregated or pseudonymized form) to improve them, develop new ones, for training purposes, to optimize their usage and ultimately to provide better support to users. Straumann may obtain such Usage Data directly through your use of our products, services and software or through OEMs to the extent the user has purchased the relevant product through Straumann or has interconnected with such product, service or software through our platforms or websites. The legal bases are your consent or our legitimate interests.
i. Referrals
Through your use of our products and services you may be able to refer, or grant access to, patient cases to other healthcare professionals. You are fully and solely responsible for ensuring that you have all appropriate consents and information notices in place to grant such healthcare professionals access to such patient cases. You warrant to Straumann that you will only refer or grant access to such patient cases in a lawful manner and in compliance with applicable laws, regulations and professional standards applicable to you.
j. Implant Treatment Recording
Healthcare professionals using the dental practices quality management services of the Implant Registry available on the Straumann AXS Platform, (which is a platform where healthcare professionals can easily access various products and services of the Straumann Group and third party partners) can record past and ongoing product and treatment related information linked to their patients subject to separate data sharing terms set forth in the AXS Terms of Use. For such uses, the respective healthcare professionals will provide you with additional information regarding your privacy.
4. Patient Data
Certain services provided by Straumann, such as orthodontic treatments or AXS platform services, require the provision of patient data. We process any such provided personal data securely and with all necessary care as described under Section 3 above or as otherwise further described in this Privacy Notice. We ask you to only provide us with personal data if and where required. Please do not use directly identifiable information, such as patient name, in reference fields.
Unless specifically agreed otherwise with Straumann, you are considered an independent controller for the healthcare services and treatments you provide and prescribe to your patient. You warrant that where and when legally required, you have obtained appropriate patient consent for the medical treatment of your patient and provided him with the appropriate data protection information notice. If personal data is shared outside of the dedicated channels provided by Straumann, you are responsible for ensuring that such data is shared in a secured manner by using appropriate encryption.
5. Mandatory Information
If a data collection form contains data fields that are marked as mandatory or with an asterisk (*), the provision of such information is either required by law or by contract or may be needed for the conclusion of a contract, provision of services or the fulfillment of the stated purpose. If you do not provide the required information, this may result in us not being able to fulfill a contract, the requested service not being provided or the stated purpose not being achievable.
6. With whom do we share your data?
Your Personal Data and personal data of third parties you provide to us may be shared with third-party service providers, suppliers and other cooperation partners used by Straumann for processing your orders, requests and registrations for courses and events. Such Personal Data may also be shared with third-party service providers that provide support services to Straumann, including, for example, printers, lettershops, call centers, advertising agencies, internet and IT service providers, certification partners, notified bodies and data centers. In addition, we may share your information with other affiliates within the Straumann Group, in particular for support, processing, supply or marketing purposes.
Our service providers, suppliers and other cooperation partners may only process your Personal Data for our purposes. Any sharing of Personal Data with third parties and affiliates is subject to their compliance with our privacy and confidentiality terms.
Some or all of our service providers, suppliers and other cooperation partners may be located outside of your country of residence, for the purposes set forth in this Privacy Notice or other applicable data protection terms. Your personal data may be transferred to other entities in the Straumann Group and third party service providers located in countries such as USA, Canada, Switzerland, EU countries.Data protection standards and legislation in such countries may differ from those in your country of residence. For such transfers, Straumann will ensure that adequate safeguards as required by applicable laws are implemented. Straumann will rely on the so-called Standard Contractual Clauses for these transfers if the recipient is not subject to an adequacy decision and none of the derogations apply. Please contact us if you have further questions, including on where to obtain a copy.
7. Your right to object to processing
You have the right to object to the processing of your Personal Data by us, on grounds relating to your particular situation, subject, however, to applicable legal requirements or rights.
If you object to the processing of your data or want to revoke a given consent, please send a short message to the email or postal address provided under Section 9.
8. Server log files and cookies
Every time a visitor accesses our website, data about this process is temporarily stored in a log file (Server Log Files) and processed. The log file stores the following information:
- a description of the type and version of the web browser used
- the operating system used
- the referrer URL category
- the host name of the accessing terminal
- the date and time of the server request
- the IP address.
An IP address is a numerical address of your technical device (computer or mobile device) used for accessing the internet and our websites. The IP address enables communication between computers and servers. The processing of this so-called server log data by Straumann is required for technical reasons, website analysis and improvement as well as to ensure system security.
Like many other companies, we also use so-called “cookies” and comparable technologies on our websites and in our apps. Cookies are small files that are sent to and stored on your device and kept ready for later retrieval. We use both permanent cookies that will remain on your device when you leave the Straumann website, and session cookies which expire when the browsing session ends, or you choose to close the browser window. To the extent required by applicable laws we will ask for your consent prior to using these technologies. We will also provide information about who can place and/or read cookies, as well as other information required under applicable data protection laws. To the extent applicable law does not require consent, we rely on our legitimate interests in facilitating and ensuring technical features, making interactions with our websites and apps user-friendly and our interest to match your needs optimally or to evaluate visits to our website for marketing and optimization purposes.
You can manage cookies by removing cookies from your device: you can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Be aware though that you may also lose some saved information (e.g. saved login details, site preferences). You can also manage site-specific cookies in the privacy and cookie settings in your preferred browser. You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page, and some services and functionalities may not work properly at all (e.g. profile logging-in).
9. Information and exercise of privacy rights
If you have any questions about our collection and use of your Personal Data, we will gladly provide it.
In addition, you may have the right to request confirmation of whether we hold any of your Personal Data and access such data, rectification, deletion, limitation of processing, opposition to processing and data portability, subject, however, to legal requirements or rights under applicable data protection laws and regulations.
In each case, please contact us at the following address:
By postal mail: Straumann Group & Clear Correct Singapore Pte Ltd, 250 North Bridge Road, #19-05, Raffles City Tower, Singapore 179101
Or at the postal address of the StraumannGroup subsidiary operating in your country of residence.
You may also contact our data protection officer at: privacy.apac@straumann.com
If you require more information about your privacy rights or wish to file a complaint, you can also contact a protection supervisory authority.
10. Amendments
We reserve the right to update this privacy notice from time to time. The amended version of the privacy notice will be published on this website with a new version date. Therefore, please read through the privacy notice again when you revisit us. Access to and use of Straumann websites and any data collected thereby are subject to the privacy notice published on the respective website at that time.
Schedule 1 Country Specific Terms
Thailand:
The following is added to the end of paragraph 2 of Section 3:
Such exceptions include where you have consented to such secondary use or disclosure, or where you would reasonably expect the secondary use or disclosure provided such secondary use or disclosure is related to the primary purpose of collection (or in the case of sensitive information, provided such secondary use or disclosure is directly related to the primary purpose of collection).
Korea:
The following is added to the end of Section 3:
After the purpose of processing personal data has been achieved, the data will be promptly destroyed in accordance with the legally allowed retention period. Your personal data will be deleted or destroyed after the retention period has expired. Personal data printed on paper will be destroyed by shredding or incineration, or dissolved for destruction by chemical treatment, and personal data stored in electronic files will be deleted using technical methods that render the records unrecoverable.
Section 9:
The Postal address is replaced with:
Straumann Dental Korea Inc.
1005 Korea Trade Tower
06164 Seoul
South Korea
The email is replaced with: privacy.apac@straumann.com
Japan:
If you are using our services in Japan, the following additional terms and amendments apply.
The Straumann entity in Japan:
The entity that processes Your Data obtained in Japan is as follows:
Name: Straumann Japan K.K.
Address: Mita Bellju Bldg. 6F108-0014 Tokyo, Japan
Representative: Yuko Kitamoto
Contact Details: privacy.apac@straumann.com
In case of questions or complaints concerning the handling of Your Data or to submit a request to exercise one of the privacy rights identified in this Patient Privacy Notice, please contact the [name of responsible person or division], at [e-mail address or phone number].
By email:
privacy.group@straumann.com
By mail:
Institut Straumann AG
Legal Department
Peter Merian-Weg 12
CH-4052 Basel
Switzerland
If you require more information about your privacy rights or wish to file a complaint, please contact your local data protection supervisory authority.
11. Amendments
We reserve the right to update this privacy notice from time to time. The amended version of the privacy notice will be published on this website with a new version date. Therefore, please read through the privacy notice again when you revisit us. Access to and use of Straumann Group websites and any data collected thereby are subject to the privacy notice published on the respective website at that time.
Version: May 2018