Privacy Policy
Last revised: 11/15/2024
KARL STORZ, as identified in Sec. 6 (Contact us) below, is pleased about your visit to its websites as well as your interest in our company and our products. We take the protection of your personal data serious and we want you to feel comfortable visiting our websites. The protection of your privacy in the processing of personal data is an important concern for us, which we take into account in our business processes.
This Privacy Policy informs the users of www.karlstorz.com and other KARL STORZ websites on which this Privacy Policy is displayed ("Website") how we, as controller within the meaning of the General Data Protection Regulation ("GDPR") collect and process the personal data and other information of such users in connection with their usage of the Website.
Table of contents
- Categories of personal data, processing purposes and legal bases
- Third parties and international transfers
- What rights do you have and how can you assert your rights?
- Cookies, other tracking technologies and interactive online content
- How long do we keep your personal data?
- Contact us
- Changes to this Privacy Policy
1. Categories of personal data, processing purposes and legal bases
Website data
When you visit our Website we will generally collect the following website data that result from your usage of the Website (inter alia): browser type and version, operating system used, website from which you are visiting us (referrer URL), website you are visiting, date and time of accessing our Website, and internet protocol (IP) address. Your IP address will be used to enable your access to our Website (please see also below Sec. 4 (Cookies, other tracking technologies and interactive online content) for additional information on Cookies and other tracking technologies).
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service, to achieve the transmission of the communication and to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications.
Account – Website (restricted area)
If you register and create an account on our Website for access to the restricted area of the KARL STORZ website, we may ask you to provide the following personal data about you (inter alia): name, gender (salutation), academic title, name and type of your organization (e.g., hospital), specialty/application area (e.g., urology), function (e.g., physician), postal address, email address, telephone number, fax number, customer number, selected password for your account, and request to receive marketing emails or postal mails (voluntary) (together "User Data"). We process such User Data for purposes of providing you access to materials in the restricted area of our website, account administration, answering your queries or information requests, providing desired products or services, providing you with marketing materials to the extent permitted by applicable law, analyzing your interests for marketing purposes to the extent permitted by applicable law, processing contracts, improving our website according to usage patterns, protecting our business secrets, and for technical administration or other purposes to which you have agreed.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Site for KARL STORZ dealers
If you are a KARL STORZ Dealer and create an account on our SharePoint site, we may ask you to provide (inter alia) User Data (as defined above) about you. We process such User Data for purposes of providing our services to you, providing you with marketing materials to the extent permitted by applicable law, protecting our business secrets, and analyzing your interests for marketing purposes.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Product orders/product inquiries
If you order or inquire about a product via our Website, we may collect and process the following personal data about you (inter alia): User Data (as defined above), type and amount of product, order date, order status, and customer care requests. We process such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, providing you with marketing materials to the extent permitted by applicable law, and analyzing your interests for marketing purposes.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Product repairs
If you request to initiate repair services for a product or product replacement via our Website, we may collect and process the following personal data about you (inter alia): User Data (as defined above), type of requested repair service, selection of optional services (e.g., cost estimate, warranty testing), product related information (e.g., product/set number, serial/lot number, amount of product, invoice number and date, error description, whether and how the product is decontaminated), order date, dates related to the repair (e.g., date of request), repair status, customer care requests and additional information you provide. We process such personal data for purposes of carrying out the contractual relationship and the repair of the product or product replacement, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Newsletter
If you request to receive our newsletter, we may collect and process (inter alia) User Data (as defined above). We process such User Data for purposes of providing the newsletter and other marketing materials to the extent permitted by applicable law, and analyzing your interests for marketing purposes.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, you have given your consent to the processing of your data for one or more specific purposes. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
Career and recruiting
You can also apply online for a job at KARL STORZ Group. For further information on the data processing operations carried out in connection with our career and recruiting sections of our website please find further information here.
Other online forms and general communications with us:
If you have questions, suggestions or comments you can send those to us. If you contact us (e.g., by using an online form) we may collect and process the following personal data about you (inter alia): name, gender (salutation), title, area of practice (e.g., human medicine), name of your organization, postal address, email address, telephone number, fax number, and you inquiry. We process such personal data for purposes of answering your request.
We may carry out the processing of your personal data on the following legal bases: The processing is necessary to provide you with the service. Moreover, the processing is necessary for the performance of a contract to which you are subject to or in order to take steps at your request prior to entering into a contract. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
In general, the provision of your personal data is voluntary, but in certain cases it is necessary in order to enter into a contract with us or to receive our services/products as requested by you.
Not providing your personal data may result in disadvantages for you – for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
2. Third parties and international transfers
Recipients within the KARL STORZ Group
Your personal data may be received by different recipients within the KARL STORZ Group. Depending on the categories of personal data and the purposes for which the personal data has been collected, different KARL STORZ entities and the internal departments within the KARL STORZ entities may receive your personal data. For example, our IT department may have access to your account data, and our marketing and sales departments may have access to your account data or data relating to product orders. Moreover, other departments within the KARL STORZ Group may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department or internal auditing.
Transfer to service providers
We may engage external and internal service providers, who act as our data processor in order to provide certain services to us, such as website service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you in any other way. When providing such services, the external service or internal providers may have access to and/or may process your personal data. We require those service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
Other recipients
We may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without permission.
International transfers of personal data
The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). For recipients located outside of the EEA, some are located in countries with adequacy decisions (in particular, UK, Argentina, Canada (for non-public organizations subject to the Canadian Personal Information Protection and Electronic Documents Act) and Switzerland), and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective. We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Sec. 6 (Contact us) below.
3. What rights do you have and how can you assert your rights?
If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you can withdraw this consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing (free of charge) without incurring any costs other than the transmission costs in accordance with the basic tariffs (see below for further information on the right to object).
Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; (vi) object to the processing of your personal data (including objection to profiling); and (vii) exercise other rights in connection with automated decision-making.
Please note that the abovementioned rights might be modified under the applicable data protection law. Below please find further information on your rights to the extent that the GDPR applies:
(i) Right to request access to your personal data
You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to request rectification
You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to request erasure (right to be forgotten)
Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
(iv) Right to request restriction of processing
Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
(v) Right to request data portability
Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
(vi) Right to object
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if KARL STORZ collects and processes your personal data for profiling purposes in order to better understand your business interests in KARL STORZ' products and services. Further you may object to the use of your data for direct marketing via personal visits, postal mail or – in case of an ongoing business relationship - email. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. To exercise this right please contact us as stated under Sec. 6 (Contact us) below.
However, such a right to object may in particular not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
In case you have given us your consent for direct marketing purposes (e.g., you actively subscribed to our newsletters) you can withdraw your consent as described at the top of this Sec. 3. |
(vii) Other rights in connection with automated decision-making
Furthermore, under certain circumstances with respect to automated individual decision-making, you have the right to obtain human intervention, express your point of view, and contest the decision.
To exercise your rights, please contact us as stated under Sec. 6 (Contact us) below.
You also have the right to lodge a complaint with the competent data protection supervisory authority. You can execute this right at a supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
4. Cookies, other tracking technologies and interactive online content
Cookies and other tracking technologies
We and our service providers use cookies, beacons and embedded scripts in connection with the Website.
- Cookies are small text files that are stored on your computer when you visit our Website. Cookies allow a webpage to recognize a particular device or browser. The use of cookies is a standard practice among webpages to collect information about visitors' activities while using the webpage.
- Beacons are small graphical images (also known as "pixel tags" or "clear GIFs") that may be included on our Websites and typically work in conjunction with cookies to identify our users and user behavior.
- An embedded script is a programming code that is designed to collect information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the Websites, and is deactivated or deleted thereafter.
The above technologies are used in administering the Website, analyzing trends, services and products, and tracking users’ movements around the Website.
The table below sets out more detailed information on the cookies and similar technologies we use on the Websites, their purpose, and how you may opt out of our use of these cookies and similar technologies.
The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.
Further information on data protection with etracker can be found here.
LinkedIn Insight Tag
This website uses LinkedIn Insight Tag, a tracking and analytics tool provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag enables the collection of data about members' visits to our website, including URL, referrer, IP address, device and browser characteristics, timestamp, and page views. The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website.
LinkedIn does not share the personal data with the website owner, but only provides aggregated reports on the website's audience and ad performance. LinkedIn also offers retargeting for website visitors, enabling the website owner to serve personalized ads on their website using this data without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our website ("opt-out") click here.
The purpose of data collection is to analyze visits to our website and campaign results in order to provide you with interesting information. The legal basis for the processing of personal data is Article 6 (1) (f) GDPR.
LinkedIn members can control the use of their personal data for advertising purposes via their account settings.
For more information on data protection at LinkedIn, please see LinkedIn's privacy policy.
Google Ads
On our websites we use Google Ads. Google Ads is an online advertising program by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use on the one hand the remarketing function within the Google Ads service. With the remarketing function, we can present adverts based on their interests to website users on other websites in the Google display network (Google itself, so-called “Google ads”, or on other websites). For this, the user’s interaction on our website is analyzed, e.g. the offers the user is interested in, to be able to show target adverts on other pages after visiting our website. To do so, Google saves a number in the user's browser when they visit certain Google services or websites in the Google display network. This user's visits are recorded via this number, which is referred to as a “Cookie”. This number is used to uniquely identify a web browser on a particular computer and not to identify a person; personal data is not stored. You can deactivate the use of the Cookie by Google by following this link, then downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin. For more information on Google remarketing and the Google data privacy declaration, see: https://www.google.com/privacy/ads/
We also use so-called conversion tracking as part of the Google Ads service. When you click on an advert placed by Google, a Cookie is stored for conversion tracking on your computer/device. These Cookies become invalid after 30 days, do not contain personal information and are not used for personal identification. The information obtained using the conversion Cookie is used to produce conversion statistics for Google Ads customers who have chosen conversion tracking.
You can prevent the installation of Cookies by adjusting the relevant setting in your browser software; but in this case, we expressly point out that you may not be able to use the full functions of this website. You can also deactivate interest-related adverts on Google and interest-related Google adverts in the web (within the Google display network) in your browser by activating the “Off” button under https://www.google.com/settings/ads or deactivating it at https://www.aboutads.info/choices/. You can find additional information on related options and data privacy at Google under https://policies.google.com/privacy.
Meta Pixel
Our website uses the Meta Pixel, an analysis tool to measure the effectiveness of our Facebook advertising and to optimize target group-specific data. The Meta Pixel tracks user behavior on our website and links this information with user data on Facebook. Cookies and similar technologies are used for this purpose. The Meta Pixel is used to measure the success and optimize our advertisements via social networks. It enables us to reach better-defined target groups and thus generate higher sales and reach.
Data processing is carried out on the legal basis of Art. 6 para. 1 lit. a GDPR. The data collected is anonymous to us as the website operator. We cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection with the respective user profile on Facebook is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy. The Meta Privacy Policy can be found here: Meta Privacy Policy. Meta processes your data, including personal information, in the USA and other countries. As an active participant in the EU-US Data Privacy Framework, Meta ensures the proper and secure transfer of personal data of EU citizens to the US. Further information can be found on the website of the European Commission: Adequacy decision for the EU-US Data Privacy Framework.
Meta also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). These Standard Contractual Clauses (SCC) are provided by the EU Commission. With the EU-US Data Privacy Framework and the Standard Contractual Clauses, Meta undertakes to comply with the European level of data protection when processing your personal data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the standard contractual clauses here. This allows Meta to place adverts on Facebook pages as well as outside of Facebook. We have no influence on this. Users have the option to object to tracking by Meta Pixel at any time. The objection has no negative consequences.
Friendly Captcha (Bot/Spam Protection)
We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor's end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted after 30 days.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
Interactive online content
Our Website uses technologies to display certain content to you, such as video players, locations maps or other interactive online content. Such technologies are stored on a service provider's server and cookies and other tracking technology may be used by the service provider. Moreover, we may use certain auto-complete functions to assist you when filling in your address details. Also this data may be shared with a service provider making this functionality available to you.
Legal bases
We may carry out the processing of your personal data with regard to cookies, other tracking technologies and interactive online content on the following legal bases: The processing is necessary to provide you with the service, to achieve the transmission of the communication and to maintain or restore the security of electronic communications networks and services, or detect technical faults and/or errors in the transmission of electronic communications. Moreover, you have given your consent to the processing of your data for one or more specific purposes. Additionally, the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (see above for such interests), except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
5. How long do we keep your personal data?
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once you have deleted your account or otherwise ended your relationship with us, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply (such as for taxation purposes). We may retain your contact details and interests in our products or services for a longer period of time if KARL STORZ is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
6. Contact us
If you want to exercise your data privacy rights as stated in Sec. 3 above or if you have concerns or questions regarding this Privacy Policy, please contact us:
KARL STORZ SE & Co. KG
Dr.-Karl-Storz-Straße 34, 78532 Tuttlingen, Germany
Tel. +49 7461 708-0
info@karlstorz.com
The contact details of our data protection officer are as follows:
KARL STORZ SE & Co. KG
ATTN: KARL STORZ Data Protection Officer
Dr.-Karl-Storz-Straße 34, 78532 Tuttlingen, Germany
Tel. +49 7461 708-0
privacy@karlstorz.com
7. Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. We will notify you of any such changes, including when they will take effect, by updating the "Last revised" date above or as otherwise required by applicable law.