B. The Data Controller
E. Categories of Data processed, legal basis and purposes of the Data processing
E.1 Details of the data processing activities
E.2 Legal bases of the data processing activities
F. Legitimate interests pursued
G. Recipients of the Data and Data Transfer to a Third Country
G.1 Intra Group
G.2 Third Parties
H. International Data Transfers
H.2 Third Parties
I. Your Rights
I.6 Data Portability
I.7 Refusal to Give and Withdrawal of Consent
I.8 Separate Controllers
J. Contact details of the Privacy Lead (PL) and right to lodge a complaint
II. Invacare EU Cookies Policy
A. What are cookies
C. How to control cookies or similar technologies
Effective Date: May 25, 2018 Last updated: June 26, 2018
The following terms are used within this Policy and are defined here for clarification:
“data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by national or EU law;
“data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
“data subject” means an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation);
“personal data” means any information relating to a data subject;
“special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
This website (the “Site”) is operated by Invacare International GmbH having its registered office at Benkenstrasse 260, 4108 Witterswil, Switzerland, registered with the Registry of Commerce and Companies of Witterswil under the number CHE-109.561.251; and by Invacare Ltd UK, having its registered office at Unit 4 Pencoed Technology Park, Bridgend CF35 5AQ United Kingdom, registered with the Registry of Commerce and Companies of Cardiff under the number 5178693, both acting in their capacity as separate data controllers under applicable data protection laws and regulations (hereinafter the “Controller”, “us”, “we” or “our”). You can contact Invacare International GmbH or Invacare Ltd UK at: phone and contact form which can be found in the footer of the Site.
This Policy applies to the processing of personal data of Site visitors from the EU or where applicable EU, EU Member State or Swiss data protection laws so provide.
Depending on the services provided by the Site and used by you, on your choices and configuration (with respect to cookies and other tracking technology) of your computer or other device with which you access this Site, the Controller processes the following personal data concerning you (your “Data”):
|Processing Purpose||Categories of Data||Legal basis of the processing pursuant to Art. 6 and 9 of the GDPR, as the case may be||Data retention period|
|To reply to your queries sent via the “Contact Invacare” form or via email or via phone or via mail||Contact details (first name, last name, country, email), request type, correspondence||Legitimate interest to reply to your queries, requests for documentation, to provide you with adequate support or to provide requested information about our products||For the time needed to process your request, however, in any case no later than one (1) month after the response has been provided|
|To register for a training for professionals sent via the “Training” web form||Contact details, date and content of training
Health-related information (i.e., dietary restrictions for catering purposes)
|Your consent, and where necessary, your explicit consent||Two (2) years as of the date on which the Data was collected or as of your last contact with us
Health-related data will be deleted after the training, however, in any case no later than one (1) month thereafter
|To subscribe to any of Invacare marketing communications sent via the “Subscription” form or by checking the opt-in box in all web-based forms||Contact details, marketing preferences and correspondence||Your consent||Two (2) years as of the date on which it was collected or as of your last contact with us
|To create an account to access the Customer Self Service Access (i.e., the Invacare Professional area) to access professional content||Credentials and contact details||Performance of contract||Two (2) years as of the date on which the Data was collected or as of your last contact with us|
|To secure access the Customer Self Service Access website||Credentials and stamp connection||Legitimate interest||Two (2) years as of the date on which the Data was collected or as of your last contact with us|
|Statistical purposes and analytical services||Connection log||Legitimate interests to provide security and performance of the Site and service enhancement||Two (2) years as of the date on which the Data was collected or as of your last contact with us|
|To provide the Site in your preferred language||IP address and language preference||Legitimate interest to customize the Site in line with your requested language preference||Two (2) years as of the date on which the Data was collected or as of your last contact with us|
For information about cookies and other tracking technology used on this Site, please see our Invacare EU Cookies Policy.
Data that is indispensable (such as contact details for the “Contact Invacare” form) for the Controller to fulfil the purposes that are described above is marked with an asterisk at the appropriate place where we ask for it on the various pages of the Site. If you do not complete these mandatory fields, we may not be able to take care of your request and/or to provide you with the requested services. Other Data is purely optional and you can decide to provide it or not, but it allows us to know you better and to improve our communications and services.
According to GDPR Article 6 (1), any processing activities must have a lawful legal basis.
The processing activities concerning your Data have one of the following legal basis:
- processing is necessary for the performance of a contract to which the data subject (i.e., the Site visitor) is party or to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party as identified in the purpose section (for example to prevent fraud, for information security or administrative purposes or in order to report potential crimes). We will never process your data where these interests are overridden by your own interests or by your fundamental rights and freedoms.
- the data subject has given consent to the processing of his or her Data for one or more specific purposes.
In addition to the above, when processing special categories of personal data, we base such processing on one of the following legal bases, as provided in Article 9 of the GDPR:
- the data subject has given explicit consent to the processing of his or her Data for one or more specific purposes; or
- the processing is necessary for the establishment, exercise or defense of legal claims.
As a company pursuing the manufacture and distribution of innovative home and long-term care medical products that promote recovery and active lifestyles, we sometimes need to process your Data to pursue our legitimate business interests, for example, to prevent fraud, information security, administrative purposes or reporting potential crimes. The nature of our legitimate interests is described in Section E.1. We will not process your Data where these interests are overridden by your own interests or by your fundamental rights and freedoms.
Your Data is processed by the Controller. Your Data is being transmitted Intra-Group or made accessible to our service providers who support us with respect to our Data processing activities and other recipients for all the purposes set out above in Section E.1, as specified further below.
We also disclose your Data to other Invacare group companies and departments (such as Marketing, IT, and Sales), for all the purposes specified in Section E.1. A list of Invacare group companies is available at http://www.invacare.com/cgi-bin/imhqprd/global.jsp.
|Recipient||Category of Data||Purpose of the data processing|
|Service providers in the sector of information technology providing Site hosting services;
Service providers in the sector of marketing providing site development services
|Contact details||See Processing Purposes in Section E.1|
|Service providers in the sector of information technology providing Site hosting services;
Subcontractors in the sector of marketing providing site development services
|IP address||To access the microsites of Invacare in your preferred language|
|Service providers in the sector of information technology providing site hosting services;
service providers in the sector of marketing providing Site development services
|Connection log||See Processing Purposes in Section E.1|
The Controller also discloses your Data to third parties if such disclosure is required by law, by a statutory requirement or by a court ruling, or if this disclosure is necessary in order to protect the vital interests of the data subject or of another natural person or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court proceedings.
Due to the global nature of our operations, some of the recipients of your Data are located abroad, including in third countries outside the European Economic Area (“EEA”) which do not provide an adequate level of protection for personal data. You can find the list of third countries that have been officially recognized by the European Commission as providing an adequate level of protection at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. This includes Switzerland.
International intra-group Data transfers will be to countries where Invacare has offices, including Switzerland and the United States of America. Transfers to Switzerland are based on the European Commission’s adequacy finding (see here). The transfer of your Data outside the EEA to the USA takes place on the basis of Invacare’s EU-U.S. Privacy Shield certification.
Some of the third parties with whom we share Data are also located outside the EEA.
Transfers to third parties located in third countries outside the EEA take place using a data transfer mechanism which is acceptable under the applicable data protection laws, such as the EU-US Privacy Shield for transfers to self-certified US organizations (see here), the EU Standard Contractual Clauses (see here), Binding Corporate Rules (see here), approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations.
Please contact EUprivacy@invacare.com, if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
In accordance with applicable data protection laws, you have the following rights in relation to your personal data:
You have the right to access. i.e.: the right to obtain from the Controller confirmation if your personal data is being processed, access to your personal data and the relevant information about such processing as provided by applicable data protection laws. You also have the right to obtain from the Controller a copy of the personal data undergoing processing.
You have the right to rectify. i.e.: the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete data completed.
You have the right to erase (i.e., delete) your personal data held by the Controller: this means you have the right to obtain from the Controller the erasure of personal data concerning you without undue delay when one of the following grounds applies:
- the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- you withdrew the consent on which the data processing is based and there is no other legal ground for the processing;
- you object to the data processing and there are no overriding legitimate and compelling grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data shall be erased to comply with a legal obligation in the EU or with an EU Member State law to which the Controller is subject.
You have the right to object to the processing of your personal data on grounds relating to your particular situation.
You can also object at any time to the processing of your personal data for marketing purposes.
You may request Controller to restrict the processing if:
- you contest the accuracy of your personal data;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, the exercise or the defense of legal claims;
- you object to the processing of your personal data based on public or legitimate interest – for a period we need to verify your request.
You have the right to receive the personal data concerning you which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the first controller.
You are free to refuse to give consent and you can withdraw your consent to the processing at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
The Controller entities act as separate controllers so you can exercise your rights set out in this Notice in respect of and against each of them. The Controller entities which act as separate controllers have concluded an agreement reflecting their respective roles and relationships. Please contact EUprivacy@invacare.com if you want to know more about this contractual arrangement.
You can exercise your rights described in Section I above at any time by contacting:
Invacare International GmbH
Attention to: Privacy Lead (PL)
Invacare Ltd UK
Attention to: Privacy Lead (PL)
Unit 4 Pencoed Technology Park
Invacare Poirier SAS
Attention to: Privacy Lead (PL)
Route de Saint Roch
Email address: EUprivacy@invacare.com
Should you have any question about the collection and processing of your Data by the Controller, you can contact us at the same address listed above.
You may also address any complaint to the competent supervisory authority, in particular in the EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred, regarding the way in which the Controller collects and processes your Data.
Effective Date: May 25, 2018 Last updated: May 25, 2018
This website (the “Site”) is operated by Invacare International GmbH having its registered office at Benkenstrasse 260, 4108 Witterswil, Switzerland, phone and contact form can be found on the footer of the Site, registered with the Registry of Commerce and Companies of Witterswil under the number CHE-109.561.251, (hereinafter the “Controller”, “us”, “we” or “our”).
A cookie is a small text file that a website saves on your computer or mobile device when you visit the Site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.
The cookies we use for the Site are:
Essential cookies or strictly necessary cookies (first party cookies):
Non-essential cookies (third-party cookies):
These cookies are mostly third-party cookies, they are not saved by us. We therefore suggest that you read the websites of these third-parties to find out more about the saved cookies and how they are managed.
Sharing cookies (social links)
Our site also contains links to social media sites. When you use these shared buttons, a third-party cookie or other technologies may be installed.
Please read the privacy policies of these social media sites to ensure that you are aware of your rights and the usage purposes, in particular advertising, of browsing information they may collect via these application buttons.
You can withdraw or control or delete or reject cookies as you wish – for details, see aboutcookies.org. While most browsers are initially set up to accept cookies, you can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed and notify you when you have received a cookie. If you do this, however, you may have to manually adjust some preferences every time you visit our Site. It is important to note that you may not be able to use certain features on our Site.
Please find below of third-party websites to withdraw or control or delete or reject cookies;
Google Analytics: support.google.com/analytics/answer/6004245?hl=en