Security & Privacy policy

We are happy about your interest for Amoena. The protection of your privacy is for us an important concern. Therefore we undertake everything that is in our power to ensure that your data is with us as secure as possible. Below we want to give you comprehensive information about how we handle your personal data, that we collect online through our websites and online services.

Amoena Medizin-Orthopädietechnik GmbH (Amoena), Kapellenweg 36, 83064 Raubling, Germany is responsible for the following domains : www.amoena.com/global

1. Our Data Protection Principles

The protection of personal data has a high priority in our company. We are therefore acting in line with the data protection and data security laws and regulations. Below you can learn what data we collect, how this data is processed and to which entities or third parties we possibly transfer your data.

2. Responsibility for the Protection of Your Personal Data

Subsequently you can find out, which data we process through our websites. Personal data means any information that relates to you personally, such as name, postal address, email-address, user behavior.

Controller as defined by Art. 4 para 7 of the General Data Protection Regulation (GDPR) is Amoena Medizin-Orthopädietechnik GmbH (Amoena), Kapellenweg 36, 83064 Raubling, Germany, info.de(at)amoena.com.

You can contact our data protection officer per email at datenschutz(at)amoena.com. Please check for further contact details our imprint.

3. Collection, Processing and Use of Personal Data

3.1 While visiting our web presence, without registration or otherwise transmitting information to us, we collect only the personal data that your browser transfers to our server. We collect for that matter the following data that is technically necessary for the provision of our online services and in order to ensure their stability and security (the legal basis is Art. 6 para 1 sentence 1 lit. f GDPR):

  • IP-address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (precise site)
  • status of the access/HTTP-status code
  • appropriate amount of transferred data
  • website from where the request originates
  • browser
  • operating system and its version
  • language and version of the browser software.

3.2 In addition we collect through our online services further data that you provide us freely (the legal basis is Art. 6 para 1 sentence 1 lit. b or lit. f GDPR). That is the case:

a) Through our contact form. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR):

  • compulsory information: first and last name, email-address
  • optional: telephone number

b) Through registration to the Amoena newsletter. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. a GDPR):

  • compulsory information: first and last name, email-address, country  
  • optional: birth date

In order to be able to send you our newsletter in line with data protection law we need an available email-address as well as information, that allows a verification that you are the real owner of the email-address, and accordingly that the owner of the email-address agrees with the reception of the newsletter. For this reason we use for the newsletter registration a double-opt-in-procedure. We therefore send you after registration to our newsletter, an email asking you to confirm that you wish to receive the newsletter. Your information will be restricted until you do confirm, and deleted automatically after 3 months if you have provided no confirmation. Moreover we save your IP-address and the point in time of your registration to be able to prove your registration, and if necessary to clarify a possible misuse of your personal data.

You can withdraw your consent to receive our newsletters at any time. You can declare your withdrawal either by clicking the "Unsubscribe" link which can be found in every newsletter, or by sending us a message (our contact details can be found in the newsletter imprint).

The technical execution of the newsletter provision is carried out by our email marketing software provider Pure 360, and as such we share data with them. If you complete our online preference centre, you will be sharing the following additional data with us:

compulsory information: your primary area of interest  (e.g. treatment), what type of surgery you had (e.g. mastectomy without reconstruction)

optional: year you were first diagnosed

Our partner FreshRelevance provide website personalisation & triggered emails based on the data shared with Pure 360. 
Information obtained via this website about your account, your orders, and products which interest you is used to manage your account and process your orders. 
Personal data may be used to send triggered emails, such as cart abandonment and purchase confirmation emails.
Personal data may be used to personalise marketing, for example to suggest products that are related to your previous purchases.  
If you agree to this, personal data may also be used to send you special offers and product news by email.
We retain this information whilst you are an active customer or visitor and will therefore keep your data indefinitely to allow us to provide you with the best online experience whilst on the Amoena website.

c) through registration for Amoena training. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR): • indication of the training, fixed date, first- and last name of the participant, company, email-address of the participant, name of the person who makes the enrolment, state of knowledge (first-time user, re-entry, refreshment)

d) through warranty claims. At this point we collect the following data through the "End Consumer Breast Form Warranty" (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR and Art. 9 para 1 lit. f GDPR): name, postal address, telephone number as well as surgical information.

4. Retention Period

We save your data for as long as needed or permitted according to the purposes for which it was obtained. Thereafter we delete your data or restrict the processing, in case legal obligations for archiving exist.

5. Children

Our web presence is not directed to individuals under the age of sixteen (16), therefore we do not knowingly collect personal data from individuals under 16.

6. Transfer to Third Parties

6.1 We do not transfer your personal data to third parties for other as the below named purposes. We transfer your personal data, if and when

  • you provide us your explicit consent as required by Art. 6 para 1 sentence 1 lit. a GDPR,
  • processing is necessary for the purposes of the legitimate interests pursued by us or by the third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para 1 sentence 1 lit. f GDPR,
  • in case processing is necessary for compliance with a legal obligation to which we are subject as determined by Art. 6 para 1 sentence 1 lit. c GDPR, as well as
  • this is lawful and necessary for the performance of a contract with you (Art. 6 para 1 sentence 1 lit. b GDPR).

6.2 It might happen that we engage external service providers with the processing of your personal data on our behalf. These have been carefully chosen and commissioned, are bound to our instructions and are being regularly supervised.

6.3 Moreover we may transmit your personal data to third parties, if and when we provide promotions, competitions, contracts or other similar services together with our partners. You will receive further detailed information at the point of collection of your data.

6.4 As far as our service providers or partners are located in a country outside of the European Union or the European Economic Area (EEA) we will inform you in time in the description of the respective offering.

7. Objection against or Withdrawal of the Processing of your Personal Data

7.1 In case you provided us your consent for the data processing, you can withdraw this at any time. The withdrawal does not influence the lawfulness of the data processing until such a withdrawal.

7.2 As far as we legitimise the processing of your personal data on the balancing of interests you are entitled to object to the respective data processing. This is especially the case, if and when the processing is not intended for the purpose of fulfilling a contract with you. This will be indicated respectively in the description of the certain online service. Whilst executing such an objection we will ask you to explain your reasons why you believe that we should not process your personal data in the manner we do. In case of a justified objection we will investigate the factual and legal position and either adapt, stop the data processing or show you our compulsory reasons that enable us to further process your personal data.

7.3 As a matter of course you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can send us your advertising objection to datenschutz (at) amoena.com.

8. Use of Cookies

We use cookies in our website for the purpose of optimising our websites and marketing activities. Cookies are small files which are sent by websites and stored on your device. They collect information about how the website is being used by those accessing it and allow websites to remember information. Cookies are not able to execute programs on or to transmit viruses to your computer. Amoena is able to automatically follow how the information displayed on its website are being used. That enables us to realise faster, which areas of our online services need to be improved. Also we are able to continuously improve the relevance and accessibility of the contents we provide on our online services.

This website uses transient cookies and persistent cookies. Transient cookies are automatically deleted, after you close your browser. To this count especially the session-cookies; these save a so called session-ID, that allows attributing different requests of your browser to a joint session. In this way your computer can be recognised when you come back to our website. Persistent & session cookies will be deleted automatically after a certain pre-defined period of time that may differ as to the nature of the cookie used.

You have in any case the possibility to refuse the recording of non-essential cookies on your computer by visiting the cookies page, there you can configure your cookie options and see the categories of cookies we use. We and our relevant partners use the usage information only internally for the purpose of improvement of the quality of our contents, services and support.

You can also prevent the storage of cookies on your device through a certain setting in your browser software; in this case please be aware of the fact that not all functions of our website might be available to the full extent. Furthermore you may prevent the collection of your data relating to the usage of our website including your IP-address through the Google-cookies and their transfer to Google by downloading and installing the following Browser-Plug-in on your device: http://tools.google.com/dlpage/gaoptout?hl=en.

9. Web analysis through analytics

This website uses Matomo Analytics , to analyse the usage of this website, to compile reports on the website-activites and to provide further services to the operator of this website in relation with the further usage of the website and the internet. When you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit.

10. Social Media

Currently we use the following Social-Media-Plug-ins: Facebook, Twitter and Google+.

We thereby use the so called Two-Click-solution. When you visit our online services we at first and generally do not transfer any personal data to the provider of the plug-ins. You recognise the provider of the plug-in through his Logo. We allow you to communicate directly with the provider of the plug-in directly through the button. Only when and if you click on the marked field and activate the plug-in the plug-in provider receives the information that you accessed a certain website of our online services. Besides the personal data that is mentioned above (para. 2) is transferred. In the case of Facebook the IP-address is anonymised directly after its collection as specified by the respective providers in Germany. Through activating the plug-ins personal personal data is transferred to the respective plug-in provider and stored there (as far as US providers are involved the data is stored in the US). As the plug-in provider collects data especially through cookies, we recommend to delete your cookies by using the security setup of your browser.

We do not have any influence on the collection and processing of personal data through social plug-ins. Also we do not have knowledge about the full extent of the data collection, the purposes of the processing as well as the deletion periods. Also we do not know to what extent data is deleted by the plug-in providers.

The plug-in provider stores your personal data in the form of user profiles and uses this for the advertising and market research purposes and/or for the tailored design of his website. Such an analysis is especially carried out (also for users that are not logged in) for the provision of tailored advertising and to inform other social media users about your activities on our website. You have the right to object the creation of this user profiles. In doing so you have to address the respective plug-in provider. Through this plug-ins we give you the opportunity to interact with the social networks and other users, in order to improve our offerings and make them more interesting for you. The legal basis for the use of plug-ins is is Art. 6 para 1 sentence 1 lit. f GDPR.

The data is transferred regardless of the fact whether you possess an account with a plug-in provider and are logged in. In case you are logged in all data that is collected on our website is assigned to your account. When you activate the plug-in button and i.e. link a website, the plug-in provider also stores this information in your account and shares this information publicly with your social media contacts. We recommend to log out regularly after the use of a social media network especially before activating the plug-in button on our website thus preventing the assignment to your profile at the plug-in provider.

You may obtain further information regarding purpose and extent of the collection and processing of data through the plug-in providers in the following privacy policies. There you may also find out more about your rights and set up opportunities regarding the protection of your privacy.

Addresses of the respective plug-in provider with the Link to their privacy policies:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information regarding data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has adhered to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has adhered to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

11. Webshop

We do not currently have a global webshop.

12. Data Security

Amoena has in place technical and organisational measures to ensure that your personal data is protected against accidental or unlayful deletion, change or loss and against unlawful transfer or disclosure.

13. Your rights

13.1 In addition to the above named rights you further have the following rights in relation to the processing of your personal data through your use of our online services: - Right of access to the personal data, - Right to rectification and erasure, - Right to restriction of processing, - Right to object a data processing, - Right to data portability.

13.2 Besides you have the right to lodge a complaint with a supervisory authority if you consider that processing of your personal data through us infringes the the GDPR.

14. Links

Amoena is not responsible for the data protection of other websites to which we link from our online services.

15. Your Contact

If you have any questions about the processing of your data or/and this privacy policy you can contact us at datenschutz (at) amoena.com. Further contact details are provided in our imprint.

16. Changes

This privacy policy is currently effective and has the version May 2018. The further development of the internet and of our online services will also entail the ongoing adaption of this privacy policy. We will publish changes in due time on this website. We therefore encourage you to visit this webpage regularly to remain informed about the most current version of the privacy policy.

Amoena Medizin-Orthopädietechnik GmbH (Amoena)