Invacare Policy Bescherming Persoonsgegevens & Cookies
Effective Date: Tue 25, 2020 Last updated: Thu 11, 2024
INVACARE EU, Swiss, and UK PRIVACY POLICY & EU, COOKIES POLICY
I. Invacare EU, Swiss, and UK Privacy Policy
A. Glossary
B. The Data Controller
C. Objective
D. Scope
E. Categories of Data processed, legal basis and purposes of the Data processing
E.1 Details of the data processing activities
E.2 Legal bases of the data processing activities
F. Legitimate interests pursued
G. Recipients of the Data and Data Transfer to a Third Country
G.1 Intra Group
G.2 Third Parties
H. International Data Transfers
H.1 Intra-Group
H.2 Third Parties
I. Your Rights
I.1 Access
I.2 Rectification
I.3 Erasure
I.4 Objection
I.5 Restriction
I.6 Data Portability
I.7 Refusal to Give and Withdrawal of Consent
I.8 Separate Controllers
J. Contact details of the Privacy Lead (PL) and right to lodge a complaint
II. Invacare EU, Cookies Policy
A. What are cookies
B. Use of cookies or similar technologies in our Site
B.1 Cookies
C. How to control cookies or similar technologies
I. INVACARE EU, SWISS, and UK PRIVACY POLICY
Effective Date: May 25, 2018 Last updated: December 1, 2023
The following terms are used within this Policy and are defined here for clarification:
“data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by national or EU law;
“data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
“data subject” means an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
“FADP” means the Swiss Federal Act on Data Protection (FADP);
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation);
“personal data” means any information relating to a data subject as defined by GDPR, UK GDPR, or FADP, as applicable;
“UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council as complimented and supplemented by and the amended version of the UK Data Protection Act 2018;
“special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
This website (the “Site”) is operated by Invacare International GmbH having its registered office at Neuhofweg 51, 4147 Aesch, Switzerland, registered with the Registry of Commerce and Companies of Basel-Landschaft under the number CHE- 550.1.029.471-6; and by Invacare Limited UK, having its registered office at Unit 4 Pencoed Technology Park, Bridgend CF35 5AQ United Kingdom, registered with the Registry of Commerce and Companies of Cardiff under the number 5178693, both acting in their capacity as separate data controllers under applicable data protection laws and regulations (hereinafter the “Controller”, “us”, “we” or “our”). You can contact Invacare International GmbH or Invacare Limited UK at: phone and contact form which can be found in the footer of the Site.
We take the protection of your personal data seriously. For this purpose, we have developed this EU, Swiss, and UK Privacy Policy (this “Policy”) which explains how we collect, use, disclose, transfer, store and otherwise process your Data.
This Policy applies to the processing of personal data of Site visitors from the EU or where applicable the EU Member State, the UK, or Switzerland.
This Policy describes how we process personal data through this Site, which is designed for use in the European Union (“EU”), Switzerland, and the United Kingdom (“UK”). If you reside in the EU, Switzerland, or the UK, then the applicable privacy laws and regulations of your country of residence will control. If there are any rights granted to you under this Policy that conflict with or do not exist under the applicable privacy laws and regulations, then the applicable privacy laws and regulations will control. If you choose to access our other websites which are designed for use in other regions of the world (such as our North American website www.invacare.com), the website privacy policy found on those websites will apply to your use of those websites. We urge you to visit the websites intended for use in your country.
E. Categories of Data processed, legal basis and purposes of the Data processing
E.1 Details of the data processing activities
Depending on the services provided by the Site and used by you, on your choices and configuration (with respect to cookies and other tracking technology) of your computer or other device with which you access this Site, the Controller processes the following personal data concerning you (your “Data”):
Processing Purpose |
Categories of Data |
Legal basis of the processing pursuant to Art. 6 and 9 of the GDPR, and UK GDPR, and justification of the processing pursuant to Art. 31 of the FADP, as the case may be |
Data retention period |
To reply to your queries sent via the “Contact Invacare” form or via email or via phone or via mail |
Contact details (first name, last name, country, email), request type, correspondence |
Legitimate interest to reply to your queries, requests for documentation, to provide you with adequate support or to provide requested information about our products |
For the time needed to process your request, however, in any case no later than one (1) month after the response has been provided |
To register for a training for professionals sent via the “Training” web form |
Contact details, date and content of training |
Your consent, and where necessary, your explicit consent |
Two (2) years as of the date on which the Data was collected or as of your last contact with us |
To subscribe to any of Invacare marketing communications sent via the “Subscription” form or by checking the opt-in box in all web-based forms |
Contact details, marketing preferences and correspondence |
Your consent |
Two (2) years as of the date on which it was collected or as of your last contact with us
|
To create an account to access the Customer Self Service Access (i.e., the Invacare Professional area) to access professional content |
Credentials and contact details |
Performance of contract |
Two (2) years as of the date on which the Data was collected or as of your last contact with us |
To secure access the Customer Self Service Access website |
Credentials and stamp connection |
Legitimate interest |
Two (2) years as of the date on which the Data was collected or as of your last contact with us |
Statistical purposes and analytical services |
Connection log |
Legitimate interests to provide security and performance of the Site and service enhancement |
Two (2) years as of the date on which the Data was collected or as of your last contact with us |
To provide the Site in your preferred language |
IP address and language preference |
Legitimate interest to customize the Site in line with your requested language preference |
Two (2) years as of the date on which the Data was collected or as of your last contact with us |
For information about cookies and other tracking technology used on this Site, please see our Invacare EU Cookies Policy.
Data that is indispensable (such as contact details for the “Contact Invacare” form) for the Controller to fulfil the purposes that are described above is marked with an asterisk at the appropriate place where we ask for it on the various pages of the Site. If you do not complete these mandatory fields, we may not be able to take care of your request and/or to provide you with the requested services. Other Data is purely optional and you can decide to provide it or not, but it allows us to know you better and to improve our communications and services.
E.2 Legal bases of the data processing activities
- processing is necessary for the performance of a contract to which the data subject (i.e., the Site visitor) is party or to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party as identified in the purpose section (for example to prevent fraud, for information security or administrative purposes or in order to report potential crimes). We will never process your data where these interests are overridden by your own interests or by your fundamental rights and freedoms;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
- the data subject has given consent to the processing of his or her Data for one or more specific purposes.
In addition to the above, when processing special categories of personal data, we base such processing on one of the following legal bases, as provided in Article 9 of the GDPR:
- the data subject has given explicit consent to the processing of his or her Data for one or more specific purposes; or
- the processing is necessary for the establishment, exercise or defense of legal claims.
According to FADP Article 31, processing activities must be justified. The processing activities concerning your Data have one of the following justifications: your consent, an overriding private or public interest or by law, our overriding interests, as the controller, which includes:
- processing in direct connection with the conclusion or the performance of a contract;
- processing for competitive purposes that is not disclosed to third parties, except to other Invacare group companies and departments (such as Marketing, IT, and Sales);
- processing for verifying your creditworthiness, provided: the processing does not involve sensitive personal or high-risk profiling, the Data is only disclosed to a third party for the performance of a contract with the data subject, the Data is not older than ten years, and the data subject is of age;
- processing on a professional basis exclusively for publication in an edited section of a periodically published medium or the Data is used exclusively by us as a personal working instrument with no publication;
- processing not specific to the data subject and for purposes of research, planning and statistics, provided: the Data is anonymized as soon as the purpose of the processing allows for it or we take reasonable measures to prevent the data subject’s identification if anonymization is impossible or requires a disproportionate effort, any sensitive Data is disclosed to third parties in a manner that the data subject is not identified and if that is not possible we take measures to make sure the third parties only process the Data for non-personal related purposes, and the results are published in such a manner that the data subject is not identified;
- processing of a data subject that is a person of public interest, and the processing relates to the data subject’s public activities.
F. Legitimate interests pursued
As a company pursuing the manufacture and distribution of innovative home and long-term care medical products that promote recovery and active lifestyles, we sometimes need to process your Data to pursue our legitimate business interests, for example, to prevent fraud, information security, administrative purposes or reporting potential crimes. The nature of our legitimate interests is described in Section E.1. We will not process your Data where these interests are overridden by your own interests or by your fundamental rights and freedoms.
G. Recipients of the Data and Data Transfer to a Third Country
Your Data is processed by the Controller. Your Data is being transmitted Intra-Group or made accessible to our service providers who support us with respect to our Data processing activities and other recipients for all the purposes set out above in Section E.1, as specified further below.
We also disclose your Data to other Invacare group companies and departments (such as Marketing, IT, and Sales), for all the purposes specified in Section E.1. A list of Invacare group companies is available at http://www.invacare.com/cgi-bin/imhqprd/global.jsp.
Recipient |
Category of Data |
Purpose of the data processing |
Service providers in the sector of information technology providing Site hosting services; |
Contact details |
See Processing Purposes in Section E.1 |
Service providers in the sector of information technology providing Site hosting services; |
IP address |
To access the microsites of Invacare in your preferred language |
Service providers in the sector of information technology providing site hosting services; |
Connection log |
See Processing Purposes in Section E.1 |
The Controller also discloses your Data to third parties if such disclosure is required by law, by a statutory requirement or by a court ruling, or if this disclosure is necessary in order to protect the vital interests of the data subject or of another natural person or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court proceedings.
H. International Data Transfers
Due to the global nature of our operations, some of the recipients of your Data are located abroad, including in third countries outside the European Economic Area (“EEA”) which do not provide an adequate level of protection for personal data. You can find the list of third countries that have been officially recognized by the European Commission as providing an adequate level of protection here. This includes Switzerland.
International intra-group Data transfers will be to countries where Invacare has offices, including Switzerland and the United States of America. Transfers to Switzerland are based on the European Commission’s adequacy finding (see here). The transfer of your Data outside the EEA to the USA takes place on the basis of Invacare’s certification to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). To learn more about the EU-U.S. DPF, Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and to view our certifications see here.
Some of the third parties with whom we share Data are also located outside the EEA.
Transfers to third parties located in third countries outside the EEA take place using a data transfer mechanism which is acceptable under the applicable data protection laws, such as the EU-U.S. DPF and the Swiss-U.S. DPF for transfers to self-certified U.S. organizations (see here), the EU Standard Contractual Clauses (see here), Binding Corporate Rules (see here), approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations.
Please contact EUprivacy@invacare.com, if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
In accordance with applicable data protection laws, you have the following rights in relation to your personal data:
You have the right to access. i.e.: the right to obtain from the Controller confirmation if your personal data is being processed, access to your personal data and the relevant information about such processing as provided by applicable data protection laws. You also have the right to obtain from the Controller a copy of the personal data undergoing processing.
You have the right to rectify. i.e.: the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete data completed.
You have the right to erase (i.e., delete) your personal data held by the Controller: this means you have the right to obtain from the Controller the erasure of personal data concerning you without undue delay when one of the following grounds applies:
- the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- you withdrew the consent on which the data processing is based and there is no other legal ground for the processing;
- you object to the data processing and there are no overriding legitimate and compelling grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data shall be erased to comply with a legal obligation in the EU or with an EU Member State law to which the Controller is subject.
You have the right to object to the processing of your personal data on grounds relating to your particular situation.
You can also object at any time to the processing of your personal data for marketing purposes.
You may request Controller to restrict the processing if:
- you contest the accuracy of your personal data;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, the exercise or the defense of legal claims;
- you object to the processing of your personal data based on public or legitimate interest – for a period we need to verify your request.
You have the right to receive the personal data concerning you which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the first controller.
I.7 Refusal to Give and Withdrawal of Consent
You are free to refuse to give consent and you can withdraw your consent to the processing at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
The Controller entities act as separate controllers so you can exercise your rights set out in this Notice in respect of and against each of them. The Controller entities which act as separate controllers have concluded an agreement reflecting their respective roles and relationships. Please contact EUprivacy@invacare.com if you want to know more about this contractual arrangement.
J. Contact details of the Privacy Lead (PL) and right to lodge a complaint
You can exercise your rights described in Section I above at any time by contacting:
Invacare International GmbH
Attention to: Privacy Lead (PL)
Neuhofweg 51
4147 Aesch
Switzerland
Invacare Limited UK
Attention to: Privacy Lead (PL)
Unit 4 Pencoed Technology Park
Bridgend
CF35 5AQ
United Kingdom
Invacare Poirier SAS
Attention to: Privacy Lead (PL)
Route de Saint Roch
37230 Fondettes
France
Email address: EUprivacy@invacare.com
Should you have any question about the collection and processing of your Data by the Controller, you can contact us at the same address listed above. You may also address any complaint to the competent supervisory authority, in particular in the EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred, regarding the way in which the Controller collects and processes your Data.
II. INVACARE EU COOKIES POLICY
Effective Date: May 25, 2018 Last updated: December 1, 2023
This website (the “Site”) is operated by Invacare International GmbH having its registered office at Neuhofweg 51, 4147 Aesch, Switzerland, phone and contact form can be found on the footer of the Site, registered with the Registry of Commerce and Companies of Basel-Landschaft under the number CHE- 550.1.029.471-6 (hereinafter the “Controller”, “us”, “we” or “our”).
A cookie is a small text file that a website saves on your computer or mobile device when you visit the Site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.
B. Use of cookies or similar technologies in our Site
We use cookies or similar technologies to provide you with information adapted to your interests and based on your usage, to have visit statistics, to administer our Site and to optimize the Site user experience.
The cookies we use for the Site are:
Essential cookies or strictly necessary cookies (first party cookies):
Our Site uses cookies to ease your visit. Those cookies are essential to run the Site or save your user preference. For example, they are used to store the preferred language used to browse our Site, to memorize your preference, and to balance the visit’s load on our Site servers. These cookies are valid either for the session time or in the limit of thirteen (13) months.
Non-essential cookies (third-party cookies):
Analytical cookies
We also use cookies to help us for statistical purposes and analytical services such as how many visits we have to our Site, as a type of aggregate counter. We do not link the information stored in cookies to any personal data you submit while on our Site.
These cookies are mostly third-party cookies, they are not saved by us. We therefore suggest that you read the websites of these third-parties to find out more about the saved cookies and how they are managed.
Sharing cookies (social links)
Our site also contains links to social media sites. When you use these shared buttons, a third-party cookie or other technologies may be installed.
Please read the privacy policies of these social media sites to ensure that you are aware of your rights and the usage purposes, in particular advertising, of browsing information they may collect via these application buttons.
C. How to control cookies or similar technologies
You can withdraw or control or delete or reject cookies as you wish – for details, see aboutcookies.org. While most browsers are initially set up to accept cookies, you can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed and notify you when you have received a cookie. If you do this, however, you may have to manually adjust some preferences every time you visit our Site. It is important to note that you may not be able to use certain features on our Site.
Please find below of third-party websites to withdraw or control or delete or reject cookies;
X: help.twitter.com/en/safety-and-security#ads-and-data-privacy
Facebook: facebook.com/policies/cookies
YouTube: policies.google.com/privacy?hl=en
Pinterest: help.pinterest.com/en/articles/personalization-and-data
Google Analytics: support.google.com/analytics/answer/6004245?hl=en