Thank you for visiting our website and for your interest in our services. We want you to feel comfortable on our website and not have to worry about the confidentiality of your data. We are very committed to data protection and consider transparency in the handling of your data to be very important. We would therefore like to inform you about what data we collect, for what purpose we do this and how you can exercise control over your data at all times.

1. responsible person

The controller within the meaning of the law is responsible for the processing of the data:

HumanOptics Holding AG
Spardorfer Straße 150
91054 Erlangen

2. categories of data, purpose and legal basis of processing

You can of course visit our website without providing any personal data. You can access the privacy policy via the link at the bottom of each page.

a) Operation of the website

We only use your personal data when you visit our website to operate and optimize our website. For this purpose, the IP address, various technical data of the end device (e.g. operating system, browser used, etc.) and data on the use of our website are recorded. We do not store this data beyond the statutory retention periods or the fulfillment of the purpose. The processing of this data is necessary to ensure the operation of the website. If you do not agree to this processing, we will not be able to provide you with our online services. We evaluate this information statistically in order to make the use of our website even more pleasant for all visitors. It is not linked to any personal data already stored by us. The data collected in the course of using the website will be deleted after 14 months at the latest. The storage of data may be extended in individual cases to enforce legal claims, to defend against any legal claims or due to legal obligations.

The processing of personal data for the purpose of operating the website as well as network and information security is based on Art. 6 (1) f) GDPR. The proper operation of the website and the optimized external presentation of our company represent our legitimate interest. According to Art. 13 (2) e), there is no legal or contractual obligation on your part to provide data when using our website. However, it is not possible to operate the website without processing your data.

b) Contact form

When you fill out the contact form, you provide us with personal data. We may collect the following types of data: Title, name, e-mail address, telephone number, company, request, role. We only use this data to respond to your specific query or request and to provide information.

The legal basis for the processing of general inquiries is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

In the case of inquiries about contracts or in the context of contract initiation, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

The legal basis for data protection requests is Art. 6 para. 1 sentence 1 lit. c GDPR.

Sending the form constitutes your consent to the processing of the data.

We will retain your personal data for the period necessary to fulfill the purposes described in this statement or to comply with legal warranty obligations.

c) Quotation form and orders

If you are interested in one of our products and fill out the corresponding offer form, we process the following personal data from you: Company, name of contact person, billing and delivery address, e-mail address, telephone number.

We then process your personal data in our CRM and e-mail systems for the purpose of sending offers.

If you place an order with us, we process your personal data such as company, name, billing and delivery address, e-mail address and telephone number for the purpose of processing the order and shipping the goods.

The legal basis for processing is the initiation of a contract or the fulfillment of a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

Your personal data will be stored in accordance with statutory retention periods.

If you decide to subscribe to our newsletter, we will send it to the e-mail address you have provided. Verification takes place via a double opt-in. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and blocked after you unsubscribe from the newsletter.

Newsletters are sent by CleverReach.CleverReach is a service that can be used to organize and analyse the sending of newsletters.

Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach can be found at: www.cleverreach.com

Data processing in the context of sending the newsletter is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not wish to be analyzed by CleverReach, you must unsubscribe from the newsletter.We provide you with a corresponding link for this purpose in every newsletter message.

We store your personal data for the period necessary to fulfill the purpose described above and beyond within the scope of statutory retention periods.

d) Online certification course for ARTIFICIALIRIS ^CUSTOMFLEX®

You have the opportunity to register for an online certification course forARTIFICIALIRIS ^CUSTOMFLEX® on our website.

We will create an account for you for the purpose of running the course. We collect the following personal data from you for this purpose: Name, e-mail address, address, clinic. In addition, you must assign a password in order to subsequently log in with your specified e-mail address and password.

The legal basis for the processing is the fulfillment of a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, as your registration for the online course constitutes a contract between you and HumanOptics Holding AG. We also store your test result(s) together with your IP address.

Your personal data will be deleted after termination of the contract, provided that there are no statutory retention obligations to the contrary.

From time to time, we will send you information about new features or our customer newsletter to the e-mail address you have provided. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can object to the use of your e-mail address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates.

e) Registration for the information pool

You can register for our HumanOptics information pool on our website. We collect the following personal data from you for this purpose: Name, e-mail address, gender. We only use your personal data for the purpose of registration for the information pool. The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. By registering, you consent to the sending of information to the email address you have provided. You will not be added to our mailing list until you confirm the double opt-in.

You can revoke your consent at any time without giving reasons with effect for the future.

f) Notification under the Whistleblower Protection Act

We have set up an internal reporting office for reporting grievances. If you submit a report, we will process the personal data that you provide us with your report, such as your name and e-mail address, as well as any personal data resulting from the report.

The purpose of the processing is to investigate the reports and thus support the detection and elimination of grievances.

The legal basis for processing is our legal obligation pursuant to Art. 6 para. 1 sentence 1 lit c GDPR in conjunction with Section 13 HinSchG.

The personal data processed by us as a result of the reports will not be passed on to third parties. Exceptions exist in cases where we are legally obliged to do so, for example in criminal proceedings.

The processor involved is Gesellschaft für Datenschutz, which provides the reporting portal.

We will retain your personal data for the period necessary to fulfill the purposes described above.

In addition, we retain the data processed in connection with the notification for three years after completion of the procedure and then delete it, provided that there are no other statutory retention obligations to the contrary.

g) Cookies

We use session cookies on our website. We would like to briefly explain the purpose of these cookies below. Cookies are short snippets of text that we store on your computer. Cookies do not execute any commands on your computer and therefore do not represent a security risk.

Session cookies store certain information while you are browsing our website and are not stored permanently, but are deleted again when you leave our website.

Session cookies are used on the basis of Article 6(1)(f). The operation of the website is in the legitimate interest of the controller.

You can define the handling of cookies in your browser yourself, you can even reject cookies completely or configure your browser so that cookies are deleted regularly. You can find sufficient information on this on the Internet.

h) Live Chat

On our website, we offer you the option of contacting us via live chat. For this purpose, we use the tawk.to tool from tawk.to Inc, 187 East Warm Springs Rd, SB298, Las Vegas, Nevada, 89119, USA, which is integrated into our website via a plug-in.

The data of visitors who access the website from the European Economic Area are processed by the subsidiary tawk.to Ltd, UK.

We have concluded an order processing agreement with tawk.to which contains the standard contractual clauses.

For more information on how tawk.to processes your personal data, please refer to their privacy policy: https://www.tawk.to/privacy-policy/

When you visit a website in which a plug-in is integrated, your browser establishes a direct connection to the tawk.to servers. The content of the plug-in is transmitted by tawk.to directly to your browser and integrated into the page. By integrating the plug-in, tawk.to receives the information that your browser has accessed the corresponding page of our website. This information (including your IP address) is transmitted directly from your browser to the tawk.to server, where it is stored for 90 days and then deleted. The legal basis for processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Tawk.to also uses so-called cookies, small text files that are stored on your computer and that enable an analysis of your use of our website.

These are only used after you have given us your consent. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

If you wish to use the live chat function, the following personal data will be requested and processed in a pre-chat form: Name, e-mail address, practice/clinic. In the course of the chat, the personal data you provide will be processed.

The chat history is deleted after the chat has ended.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The use of the chat function constitutes your consent to the processing of your personal data.

i) Visitor directory

When you enter one of our locations as a visitor, we collect the following personal data from you in a visitor book: name, company, length of stay and name of the person visited. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. It is in our legitimate interest to be able to trace who has been in our buildings and when in the event of any security or other incidents.

This data will not be merged with other data stored by us and will be deleted after 6 months.

j) Trade fair

When you visit our trade fair stand, our sales staff will collect contact information. This is used to initiate a business relationship and on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. b and f GDPR. The trade fair protocols are digitized and stored in our CRM system.

Provided you have given your consent, we will send you the information you have requested by email. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent in this regard at any time with effect for the future.

We store your personal data for as long as necessary to fulfill the above-mentioned purposes.

3. recipient of the data

a) Google Ireland Limited

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

Among other things, the following data is collected from you: IP address, time spent on the website, language, location and the browser you are using. The analysis is carried out using an algorithm (machine learning) that uses the collected data to measure and analyze your user behavior and can recognize it on other devices you use.

By default, your IP address is anonymized by shortening it before it is transmitted to Google.

We have also deactivated the collection of precise location, position and device data.

You can find out more about how Google uses this data here: https://policies.google.com/technologies/partner-sites?hl=de

The transfer of data to the USA takes place on the basis of the Data Privacy Framework.

Google Analytics is only used if you have given your consent. The legal basis is Art. 6 para. 1 sentence 1 lit a GDPR and § 25 TTDSG.

You can revoke this consent at any time by clicking on the “Cookie settings” button under “Cookies” and saving a new selection.

The data collected with Google Analytics is passed on internally to our marketing department and IT department and processed there.

Google recaptcha

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites.The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/and https://www.google.com/recaptcha/intro/android.html.

By using this service, Google also loads so-called web fonts (Google Fonts). For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faqand in Google’s privacy policy: https://www.google.com/policies/privacy/.

We have no influence on this data collection.

b) Other recipients

No further disclosure of your data to third parties will take place unless there is a legal obligation to transmit the data. This processing is carried out on the basis of Article 6 (1) c) GDPR and in connection with the respective order or legal obligation to which we are subject in individual cases. Categories of recipients of the data are public authorities in the event of a legal obligation and processors who process the data collected online on our behalf. Processors involved are hosting providers of the website.

4. our social media presence

LinkedIn

We use a LinkedIn account of the operator LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. To adjust your settings for advertising measures in your LinkedIn profile, please use this link:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

We have entered into a joint controllership agreement with LinkedIn. This agreement specifies which data processing operations we or LinkedIn are responsible for when you visit our LinkedIn site. LinkedIn Ireland assumes primary responsibility under the GDPR for the processing of Insights data. You can view this agreement at the following link:
https://legal.linkedin.com/pages-joint-controller-addendum

You can find LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy

Youtube

We use a YouTube channel operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on which a YouTube video is embedded, your IP address and various technical data from your end device such as operating system, browser used, etc. are stored by YouTube on servers in the USA.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

When you visit our YouTube channel, the operator processes your personal data such as IP address and information about your device. If you are logged in with your Google account, this data can be linked to your account.

We use the statistical data provided by Google about the use of the channel for the purpose of range optimization and improvement of our offer. We can view the following data in particular:

• Number of views of our videos
• Number of subscribers to our channel
• Access source
• End device information
• Demographic data
• Categories of other videos viewed by viewers of our videos

We have no influence on the generation of these statistics.

Further information on data processing and storage duration by and at Google can be found at: https://policies.google.com/privacy?hl=de

We may also process your personal data to respond to inquiries or for other communication via our channel.

The legal basis for the processing is your consent, which you give us by visiting our channel and writing a comment or entering into other communication with us (Art. 6 para. 1 sentence 1 lit. a GDPR).

Vimeo

We use a Vimeo account of the operator Vimeo Inc., 555 West 18th Street New York, New York 10011, USA.

When you visit a page on which a Vimeo video is embedded, your IP address and various technical data from your end device, such as operating system, browser used, etc., are stored by Vimeo on servers in the USA.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can find more information on data processing by Vimeo at: https://vimeo.com/privacy

5. your rights in relation to the processing of your personal data

You have various rights with regard to the processing of personal data, which we would like to inform you about below. Details of your rights can also be found in Articles 15 to 21 GDPR and Sections 32 to 37 of the German Federal Data Protection Act (“BDSG“).

You have the right to receive information about your personal data. You can also request the correction of incorrect data.

In addition, under certain conditions, you have the right to erasure of data, the right to restriction of data processing and the right to data portability. You can object to processing on the basis of Art. 6 (1) (f) GDPR, as well as to any profiling in accordance with Art. 21 GDPR. You can revoke any consent you have given in the context of using the website informally and without giving reasons at any time with effect for the future.

You can assert all the above rights in accordance with Art. 15 to 21 GDPR against the controller informally by e-mail or post.

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data is unlawful. You can find a list of data protection officers and their contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have any questions about data protection, you are welcome to contact our external data protection officer:
David Gabel – Email: david.gabel@your-insider.com

General information on data protection and the processing of personal data in data protection processes can be found at https://www.dsgvo-support.de