1. Access data and hosting
You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves according to Swiss Data Protection Law respectively Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our offer that are overriding in the process of balancing of interests. All access data are deleted no later than seven days after the end of your visit on our website.
Hosting
The services for hosting and displaying the website are partly provided by our service providers on the basis of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
2. Data processing for the purposes of processing the contract, establishing contact
2.1. Data processing for the purposes of performing the contract
For the purpose of performing the contract (including enquiries regarding the processing of any existing warranty and performance fault claims as well as any statutory updating obligations) in accordance with Swiss Data Protection Law respectively Art. 6 (1) (b) GDPR, we collect personal data if you provide it to us voluntarily as part of your order. Mandatory fields are marked as such, as in these cases we necessarily need the data to process the contract and we cannot send the order without their specification. Which data is collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the forwarding of the data to our service providers for the purpose of order, payment and shipping, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Swiss Data Protection Law respectively Art. 6 (1) (c) GDPR, unless you have expressly consented to further use of your data in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.
2.2. Customer account
Insofar as you have given your consent to this in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR by deciding to open a customer account, we will use and store your data for the purpose of opening the customer account as well as for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.
2.3. Establishing contact
As part of our customer communication, we collect personal data in order to process your enquiries in accordance with Swiss Data Protection Law respectively Art. 6 (1) (b) GDPR if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as in these cases we necessarily need the data to process your enquiry. Which data is collected can be seen from the respective input forms. After your enquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.
2.4. Data processing for booking appointments
We collect personal data if you voluntarily provide it to us when booking an appointment. Mandatory fields are marked as such because in these cases we absolutely need the data to book the appointment and you cannot send the appointment booking without providing it. Which data is collected can be seen from the respective input forms. Information in free text fields is voluntary and does not have to be filled in for the appointment booking to be sent. We ask you to refrain from providing sensitive data (e.g. health-related information such as illnesses) in such free text fields.
We use the data you provide for booking appointments in accordance with Swiss Data Protection Law respectively Art. 6 (1) 1 b GDPR. After complete processing of the booked appointment, your data will be restricted for further processing and deleted after expiry of any retention periods under tax and commercial law pursuant to Swiss Data Protection Law respectively Art. 6 (1) 1 c GDPR, unless you have expressly consented to further use of your data pursuant to Swiss Data Protection Law respectively Art. 6 (1) 1 a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this policy.
Appointment booking solutions of Hubspot
For the purpose of booking appointments, we use a booking solution provided by HubSpot Germany GmbH., Am Postbahnhof 17, 10243 Berlin, Germany. The service provider is acting on our behalf.
2.5. Data processing for processing an order
We offer a variety of high-quality prostheses consisting of a socket (connection to the arm) and accessories (Explorer System) and orthoprostheses consisting of a prefabricated cuff (connection to the arm) and accessories (Lynk System). For the purpose of processing the order, individual health data within the meaning of Swiss Data Protection Law respectively respectively Art. 9 para. 1 GDPR may be processed. Depending on the selected sales channel, this includes:
(B2C and B2B2C sales channel)
Opening a customer account with surname, first name, address, billing address, contact details such as email and telephone (online in the web shop or via the accounting system) and creating an order dossier with a numerical ID to record configuration parameters for a product.
Opening an order-specific case dossier for the purpose of customisation and/or determining the appropriate product size. For example, customisation of the Explorer shaft. A case dossier contains the following data: Surname, first name, internal customer ID, in individual cases the insurance number, date of birth, medical prescription (required by law in the case of customisation), photo, video or other pictorial documentation of the affected arm, occasionally photo, video or other pictorial documentation including an image of the healthy arm, occasionally manual measurement values from both arms, generally extraction of measurement values based on the pictorial documentation provided,
(B2B distributor sales channel)
Opening an order dossier with a numerical ID to record configuration parameters for the product and creating an order-specific case dossier for the purpose of customisation and/or determining the appropriate product size. For example, the individualisation of the Explorer shaft. A case dossier contains the following data: Internal customer ID, photo, video or other pictorial documentation of the affected arm, occasional photo, video or other pictorial documentation including an image of the healthy arm, occasional manual measurements of both arms, general extraction of measurements based on the pictorial documentation provided,
(B2B distributor sales channel)
Opening an order dossier with a numerical ID to record configuration parameters for the product and creating an order-specific case dossier for the purpose of customisation and/or determining the appropriate product size. For example, the individualisation of the Explorer shaft. A case dossier contains the following data: Internal customer ID, photo, video or other pictorial documentation of the affected arm, occasional photo, video or other pictorial documentation including an image of the healthy arm, occasional manual measurements of both arms, general extraction of measurements based on the pictorial documentation provided,
(B2B digital sales channel)
Opening an order dossier with a numerical ID to record configuration parameters for the product and creating an order-specific case dossier for the purpose of customisation and/or determining the appropriate product size. For example, the individualisation of the Explorer shaft. A case dossier contains the following data: Internal customer ID, scan or other pictorial documentation of the affected arm, occasional photo, video or other pictorial documentation including an image of the healthy arm, occasional manual measurements of both arms, general extraction of measurements based on the pictorial documentation provided,
Data processing thus enables the company's customers to obtain a customised product and/or the appropriate size of a specific product, whereby the above-mentioned health data is required, which is transmitted to the company by the customers,
(B2C and B2B2C marketing channel)
Opening a marketing-specific case dossier for the purpose of preparing and selecting suitable image material. For example, photo or video files that serve as customer feedback or are provided to the company by the customer for marketing purposes (based on a written declaration of consent).
Insofar as the aforementioned personal data of special categories (in particular health data) is collected and processed, this is done primarily on the basis of your prior, express and informed consent in accordance with Swiss Data Protection Law respectively respectively Art. 9 para. 2 lit. a in conjunction with Art. 6 para. 1 sentence 1 lit. a GDPR.
In addition, health data relevant to billing may be transmitted to social insurance providers (e.g. statutory health insurance funds) for the purpose of billing for the services provided in accordance with Swiss Data Protection Law respectively respectively Art. 9 para. 2 lit. h, para. 3 GDPR in conjunction with §§ 294, 302 SGB V or to billing service providers on the basis of order processing in accordance with Art. 28 GDPR.
You can withdraw your consent at any time by sending a message to the contact details below. This may result in us no longer being able to offer you individual services.
3. Data processing for the purposes of shipment
We forward your data to the shipping company within the scope required for the delivery of the ordered goods according to Swiss Data Protection Law respectively Art. 6 (1) (b) GDPR.
Data transfer to a shipping service provider for the purpose of shipping notification
Provided that you have given us your express consent, during or after your order we will pass on your e-mail address and telephone number to the shipping service provider selected by you in accordance with Art. 6 (1) lit. a) DSGVO so that they can contact you for the purpose of shipping notification or coordination prior to shipping. This consent can be revoked at any time by sending a message to the contact details described in this privacy policy or directly to the shipping service provider at the contact address below. After revocation of consent, we will delete the data you provided for this purpose, unless you have expressly consented to the further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.
- DPD Deutschland GmbH, Wailandtstraße 163741 Aschaffenburg, Germany
United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 141460 Neuss, Germany
- General Logistics Systems Deutschland GmbH & Co. OHG, GLS Deutschland-Straße 1 - 7DE-36286 Neuenstein, Germany
- DHL Paket GmbH, Sträßchensweg 1053113 Bonn, Germany
4. Data processing for the purposes of payment
As part of the payment process in our online shop, we work together with these partners: technical service provider, credit institution, payment service provider.
4.1. Data processing for the purposes of transaction processing
Depending on the selected payment method, we forward the data necessary for processing the payment transaction to our technical service providers, who act for us on the basis of processing on our behalf or to the authorised credit institutions or to the selected payment service provider insofar as this is necessary for the payment process. This serves the fulfilment of the contract according to Swiss Data Protection Law respectively Art. 6 (1) (b) GDPR. In certain cases, payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via technical solution within the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.
4.2. Data processing for the purposes of fraud prevention and optimisation of our payment processes
We may forward other data to our service providers, which they use for the purpose of fraud prevention and to optimise our payment processes (e.g. invoicing, processing of contested payments, accounting support) together with the data necessary to process the payment as our processors.
This serves to safeguard our legitimate interests in fraud prevention or an efficient payment management in accordance with Art. 6 (1) (f) GDPR that are overriding in the process of balancing of interests.
5. Data processing fort he purpose of configuration of products
When purchasing without a customer account (online or via Email) or as a private person, as well as when purchasing via a customer account and in the case of specialists, we collect various data that we need to create a profile of the prosthesis user. The data on configured prostheses/orthoses and/or custom-made products are kept for 10 years in accordance with regulatory requirements. The legal basis for data processing is in accordance with the Swiss Data Protection Act (DSG) or Art. 6 (1) (f) GDPR and for the purpose of implementing the contract.
General data: Gender, country, arm side affected, type of forearm deficit, year of birth.
For module configuration: Affected arm side, provision of a scan or measurement photo of both arms for the purpose of extracting parameters for configuring the product size (e.g. arm length), date of measurement, desired activities for which the product is to be used for the purpose of validating whether the selected product is suitable for the desired activity.
For the configuration of a socket (= custom-made) in case of specialists: Affected arm side, provision of a scan or measurement photo of both arms for the purpose of extracting parameters for the configuration of the custom-made product (e.g. arm circumferences, arm lengths), date of measurement, desired activities for which the product is to be used for the purpose of validating whether the selected product is suitable for the desired activity.
For the configuration of a socket (= custom-made) in the case of private individuals: In addition to the above data, we also require a written prescription. According to Art. 2 (3) Medical Device Regulation, a custom-made device must be issued by a person who is authorized to issue prescriptions on the basis of his professional qualifications according to national legislation. The written prescription should contain the minimum information according to MDCG 2021-3 (this includes e.g. the name of the prosthesis user).
6. Marketing via E-mail
6.1. E-mail newsletter with subscription and newsletter tracking
If you subscribe to our newsletter, we will regularly send you our email newsletter based on your consent according to Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR, using the data required or disclosed by you separately for this purpose.
You can unsubscribe from the newsletter at any time. This can either be done by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e mail address from the list of recipients, unless you have expressly consented to the further use of your data according to Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this purpose, we also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").
For this evaluation, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular
• the page from which the page was requested (so-called referrer URL),
• the date and time of the request,
• the description of the type of web browser used,
• the IP address of the requesting computer,
• the e-mail address,
• the date and time of registration and confirmation
and the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.
If you do not wish to receive newsletter tracking, it is possible to unsubscribe from the newsletter at any time - as described above.
The information will be stored as long as you have subscribed to the newsletter.
6.2. Newsletter mailing
The newsletter is sent to you by our service provider, who processes the data on our behalf and to whom we provide your email address. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
The newsletter and the newsletter tracking outlined above may also be sent by our service providers as part of the processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
7. Cookies and further technologies
7.1. General information
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser during your next visit (persistent cookies).
Protection of privacy for terminal devices
Data protection for terminal devices When using our online services, we use technologies that are absolutely necessary to provide the telemedia service you expressly requested. In this respect, the storage of information on your terminal device or access to information already stored on your terminal device does not require consent.
For functions that are not absolutely necessary, the storage of information in your terminal device or access to information that is already stored in your terminal device requires your consent. Please note that if you do not give your consent, parts of the website may not be available for unrestricted use. Any consent you may have given
will remain valid until you adjust or reset the respective settings in your terminal device.
In addition, we use technologies to fulfil the legal obligations, which we are subject to (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
On our website we may use other technologies, which are not listed individually in this privacy policy. Further information on these technologies and the respective legal basis can be found on the platform of our consent management service Usercentrics.
Any downstream data processing through cookies and other technologies
We use such technologies that are strictly necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies are used to collect and process IP addresses, time of visit, device and browser information as well as information on your use of our website (e.g. information on your preferences). This serves to safeguard our legitimate interests in an optimised presentation of our offer that are overriding in the process of balancing of interests.
You can access the plattform by clicking on the fingerprint button in the bottom right or left corner of the page.
You can find the cookies settings for your browser by clicking on the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
If you have consented to the use of the technologies in accordance with Art. 6 (1) (a) GDPR, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can also click on the fingerprint button in the lower right or left corner of the page. If cookies are not accepted, the functionality of our website may be limited.
How can I configure the cookie settings of my browser?
Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for each browser under the following links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
What types of cookies are being used?
Analytical / performance cookies: These cookies enable collecting anonymised data about user behaviour on our website. We analyse them e.g. to improve the
functionality of our website and recommend you products that will be interesting to you.
Essential cookies: These cookies are necessary to enable you to use our website. This includes e.g. cookies that enable you to log into the customer area or add items to your shopping cart.
7.2. Use of Usercentrics Consent Management Platform for obtaining and managing consent
On our website we use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about the cookies and the technologies we use on our website and to obtain, manage and document your consent to the processing of your personal data by these technologies. This is required under Swiss Data Protection Law respectively Art. 6 (1) (c) GDPR to fulfil our legal obligation under Swiss Data Protection Law respectively Art. 7 (1) GDPR to be able to prove your consent to the processing of your personal data, to which we are subject. The consent management service Usercentrics is provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, Usercentrics' web server stores a so-called server log file, which also contains your anonymised IP address, the date and time of your visit, device and browser information as well as information on your consent behaviour. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR or we reserve the right to use your data in a manner that goes beyond this, which is legally permitted and about which we inform you in this privacy policy.
8. Use of cookies and other technologies
If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the relevant purpose has been fulfilled and we have ended the use of the respective technology. You can withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section "cookies and further technologies". Further information including the legal basis for data processing can be found within the respective technologies. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
9. Social Media
Our online presence on Facebook (by Meta), Youtube, Instagram (by Meta), LinkedIn
If you have given your consent to the respective social media provider in accordance with Swiss Data Protection Law respectively Art. 6 (1) (a) GDPR, when you visit our online presence on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media provider, as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the provider's privacy policies linked below. Should you still require assistance in this regard, please contact us.
Facebook (by Meta) is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing in the context of a visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.
Instagram (by Meta) is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is typically transferred to and stored on a server at Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing in the context of a visit to an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with art. 26 DSGVO. Further information (information on Insights data) can be found here.
YouTube is provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter "Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision for the United States by the European
Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information LinkedIn automatically collects about your use of our online presence on LinkedIn is generally sent to a server at LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
10. Contact options and your rights
Your rights:
Being the data subject, you have the following rights according to:
• art. 15 GDPR, the right to obtain information about your personal data which we process, within the scope described therein;
• art. 16 GDPR, the right to immediately demand rectification of incorrect or completion of your personal data stored by us;
• art. 17 GDPR, the right to request erasure of your personal data stored with us, unless further processing is required to exercise the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest or for establishing, exercising or defending legal claims;
• art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as the accuracy of the data is contested by you; the processing is unlawful, but you refuse their erasure; we no longer need the data, but you need it to establish, exercise or defend legal claims, or you have lodged an objection to the processing in accordance with art. 21 GDPR;
• art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
• art. 77 GDPR, the right to complain to a supervisory authority . As a rule, you can contact the supervisory authority at your habitual place of residence or workplace or at our company headquarters.
Right to object:
If we process personal data as described above to protect our legitimate interests that are overriding in the process of balancing of interests, you may object to such data processing with future effect. If your data are processed for direct marketing
purposes, you may exercise this right at any time as described above. If your data are processed for other purposes, you have the right to object only on grounds relating to your particular situation.
After you have exercised your right to object, we will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
This does not apply to the processing of personal data for direct marketing purposes. In such a case we will no longer process your personal data for such purposes.
Contact options:
If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.
