Privacy Policy

DATA PROTECTION STATEMENT: CORZA MEDICAL


Data Protection Statement (Valid from: Sept. 1, 2021)

INTRODUCTION

Regardless of whether you are a customer, prospective customer, applicant or visitor to our website: We, Corza Medical (hereinafter: "CORZA", "we") take the protection of your personal data very seriously. But, what does this mean in concrete terms?

Below we provide you with an insight into what personal data we collect from you and in what form we process it. Furthermore, you will receive an overview of the rights you are entitled to according to the applicable data protection law. In addition, should you have any questions, we will provide you with an appropriate point of contact.

WHO ARE WE?

Corza Medical is  based  in  Westwood, MA  and  manufacture a broad range of products that deliver trusted performance to surgeons around the world. CORZA employs more than 1,800 people across The United States, The United Kingdom, The European Union and China.  

This Data Protection Statement applies to all Corza entities located within the European Union, Switzerland and Great Britain, including Corza Medical BV (Belgium), Corza Medical S.A.S (France), Corza Medical GmbH (Germany), FSSB Chirurgische Nadeln GmbH (Germany), BSF GmbH (GmbH), Pearsalls Ltd (Great Britain), Corza Medical Srl (Italy), Corza Medical sp. z o.o. (Poland), Corza Medical, S.L. (Spain), Corza Medical GmbH (Switzerland) and Corza Medical Distribution GmbH (Austria).

If you have questions concerning data protection, it is best to contact our Swiss headquarters:

Corza Medical GmbH
Dreikönigstrasse 31a
8002 Zürich, Switzerland
E-mail: Privacy_CH@corza.com

We take all measures required by applicable data protection laws to ensure the protection of your personal data.

If you have any questions regarding this data protection statement, please contact our Data Protection Officer (DPO).

Data Protection Officer:
2B Advice GmbH
Joseph Schumpeter Allee 25
53227 Bonn, Germany
corza@2b-advice.com

SCOPE OF THE DATA PROTECTION DECLARATION

With the processing of personal data the legislator means activities such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Personal data is all the information that relates to an identified or identifiable natural person.

This data protection statement concerns the personal data of customers, interested parties, applicants or visitors.

This data protection statement applies to the following websites: sharpoint.com, surgicalspecialties.com, trustitchsuture.com, unique-tech-inc.com, caliberophtalmics.com, fssb.de and corza.com.

WHICH PERSONAL DATA DO WE PROCESS?

We may collect, use, store and transfer different kinds of personal data about you. This can be broken down into the following categories:

  • Identity Data includes your name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
  • Technical Data includes the internet protocol (IP) address of your device, details of the cookies on your device, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, reviews, feedback and survey responses.  
  • Usage Data includes information about how you use our Site, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing communications from us and our third-parties and your communication preferences.


SENSITIVE DATA

Special Category Data includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership and information about your health, genetic or biometric data. With this regard, we only collect and process special category data related to trade union membership.

PERSONAL DATA OF MINORS

The Website is not intended to be used by children under 16 years old and we do not knowingly collect any information from children under 16 years old through the Website. If you are under 16 years old, you may not use our Website.


USE OF COOKIES

WHAT ARE COOKIES?

Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to improve CORZA’s overall customer experience and tailor your customer experience to meet your special interests and needs.  Performance and functionality Cookies will only be activated upon providing your consent.  Moreover, you can typically choose to set your browser to remove Cookies and to reject Cookies. If you choose to remove Cookies or reject Cookies, please be aware that this could affect certain features or services of our site.
Webanalytics. We use Google Analytics as a web analysis service to analyse the user behaviour on the website and in the customer portals. For this analysis, the use-related information generated by the cookie (including the shortened IP address of the user) is transmitted to our servers and stored for use-analysis purposes. We use the usage analysis to optimize our own websites, customer portals, customer approach and other advertising measures as well as for market research purposes. The IP address of the user is immediately shortened during this process, so that the identification of the user via the IP address is no longer possible.

Any user who does not agree to the storage and analysis of his anonymized user data when visiting our website can object to this storage and use at any time. An anonymous use of the customer portals is not possible.

Your visit to this website is currently recorded by Google Analytics You can stop the processing by revoking the settings in the website banner or by deleting the cookies in your browser.

WHAT DO WE PROCESS YOUR PERSONAL DATA FOR - AND ON WHAT LEGAL BASIS?

CORZA processes your personal data in accordance with applicable laws and the legal basis for the processing of your personal data is either a contract, your consent, a legal obligation or CORZA’s legitimate interest in accordance with the GDPR article 6, § 1, point a, b, c and f.

PERFORMANCE OF THE CONTRACT

We process your data in order to fulfil our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the respective product and the submitted request and can also be used to analyse your needs and to check which products and services are suitable for you.

PERFORMANCE OF THE CONTRACTUAL RELATIONSHIP

For the execution of the contractual relationship we need your name, your address, your telephone number or your e-mail address so that we can contact you.

OFFERING GOODS AND SERVICES

We also need your personal data to be able to check whether and which products and services we can and may offer you.

Details on the respective purposes of data processing can be found in the contractual documents and our General Terms and Conditions of Business.

CARRYING OUT THE APPLICATION PROCESS

We process your data that you have sent us as part of your application to check whether your professional qualifications are suitable for the advertised position. We only use your information for the application process and transfer it to your personnel file when a contract is concluded. If no agreement is reached, your information will be deleted or destroyed. We will not use your application information for any other purpose than to conduct the application process.

BALANCING INTERESTS: WE IMPROVE OUR SERVICES AND OFFER YOU SUITABLE PRODUCTS

FOR STRENGTHENING AND OPTIMIZING CUSTOMER RELATIONS

As part of our efforts to continually improve our relationship with you, we occasionally ask you to participate in our customer surveys. The results of the surveys serve to adapt our products and services even better to your needs.

DATA PROCESSING AND ANALYSIS FOR MARKETING PURPOSES

Your needs are important to us and we try to provide you with information about products and services that exactly suit you. For this purpose, we use the findings of our joint business relationship and market research. Our main goal is to adapt our product proposals to your needs. In this context, we guarantee that we always process the data in accordance with applicable data protection law. Important: You can object to the use of your personal data for this purpose at any time.

What exactly do we analyse and process?

  • Results of our marketing activities to measure the efficiency and relevance of our campaigns;
  • Information from your visits to our website;
  • We analyse the possible needs of our products and services.

MEASURES TO SERVE YOUR PROTECTION

CORZA has taken measures in the areas of construction, personnel, organization and technology that ensure the security of objects and data, as well as uninterrupted operations.

The technical and organizational data-protection measures deal with the following:

  • Organizational control, physical access control, system access control, data access control, transfer control, order control, availability control and the separation requirement
  • Type of data exchange, provision of data, nature and circumstances of processing, data storage as well as the kind of and environment for data transmission
  • Measures to permanently secure the confidentiality, integrity, availability and capacity of the systems and services and the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident. A procedure for periodically reviewing, assessing and evaluating the effectiveness of these measures.

    As a general principle, the technical and organizational measures of CORZA are affected by technological progress and continuing development.  CORZA will take all measures necessary to increase security.

ON THE BASIS OF YOUR CONSENT

If you have consented to the processing of your personal data for one or more specific purposes, we may process your data. You can withdraw this consent at any time for the future without incurring any costs other than the transmission costs according to the basic tariffs (costs of your Internet connection). However, the withdrawal of consent does not affect the legality of the processing up to the withdrawal.

If you wish to assert this right, please contact:

E-mail: Privacy_CH@corza.com

DUE TO LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST

As a company, we are subject to a wide variety of legal requirements (e.g. from tax legislation). In order to comply with our legal obligations, we process your personal data.

WHERE WE TRANSMIT DATA AND WHY

USE OF DATA WITHIN CORZA

Within CORZA only those entities that need your personal information in order to fulfil our contractual or legal obligation or to protect our legitimate interest will have access to them.

USE OF DATA OUTSIDE CORZA

We may disclose your personal information to third parties: with your consent; where we have an overriding legitimate interest (on balance with your interests) to do so; or where we have a legal or regulatory obligation to do so. We may also receive personal information about you from some of them as our third-party sources.

For the following recipients, for example, there is a legal obligation to pass on your personal data:

  • Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
  • Judicial and law enforcement authorities, e.g. police, courts, public prosecutors;
  • Lawyers or notaries, e.g. in legal disputes;
  • Chartered Accountant/ Auditors.

    In order to fulfil our contractual obligations, we cooperate with other companies. These include:
  • Transport service providers and freight forwarders;
  • Organisers and training service providers, if you have registered through us for certain trade fairs or events;
  • Banks and financial service providers to handle all financial matters.

    Our own service providers

    In order to make our operations more efficient, we use the services of external service providers who may receive personal data from you for the purposes described, including IT service providers, printing and telecommunications service providers, debt collection, consulting or sales companies.
    Important: We pay close attention to your personal data!

    In order to ensure that the service providers comply with the same data protection standards as in our company, we have concluded appropriate contracts for order processing. These contracts regulate, among other things:

  • that third parties only have access to the data they need to carry out the tasks assigned to them;
  • that the service providers only grant access to your data to employees who have explicitly committed themselves to comply with data protection regulations;
  • that the service providers comply with technical and organisational measures that guarantee data security and data protection;
  • what happens to the data when the business relationship between the service provider and us is terminated

    For service providers based outside the European Economic Area (EEA), we take special security measures (e.g. by using special contractual clauses) to ensure that the data is treated with the same level of caution that is exercised in the EEA. We regularly check all our service providers for compliance with our specifications.

    Very important: Under no circumstances do we sell your personal data to third parties!

    If you would like more information about the sharing of your personal information, including the list of recipients, please contact our privacy team at Privacy_CH@corza.com.

USE OF DATA WITHIN THE CORZA GROUP

The companies of the CORZA Group that individually or jointly will process your Personal Data for one or more purposes shall be the following:

Country

Name of entity

Address

Belgium

Corza Health entity BE

Boulevard du Souverain 36, Boz 15, 1170 Brussels

France

Corza Medical S.A.S.

39 Rue de la Gare de Reuilly  75012 Paris

Germany

Corza Medical GmbH

Speditionsstraße 21, 40221 Düsseldorf

Germany

FSSB Chirurgische Nadeln GmbH

Allmendweg 2, 79798 Jestetten

Germany

BSF GmbH

Am Teichrasen 2, DE-07381 Pößneck

Great Britain

Pearsalls Ltd

Tancred Street, Taunton, TA1 1RY

Italy

Corza Medical Srl

c/o Studio Picolli, Difino & Associati, Corso Italia, 8 -20122 Milano M

Poland

Corza Medical sp. z o.o.

ul. Towarowa 28, 00-839 Warszawa

Spain

CorzaMedical, S.L.

Suero de Quinones, 34 -28002 Madrid

Switzerland

Corza MedicalGmbH

Dreikönigstrasse 31A, 8002 Zürich

Austria

Corza Medical Distribution GmbH

Steingasse 6a, 4020 Linz, Austria

The aforementioned companies may each act individually as controller according to the definition provided in article 4 paragraph 7) of the GDPR, that is: "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of such processing of personal data", or, in some specific cases, to act as joint controllers, meaning "two or more controllers jointly determine the purposes and means of  processing", as provided by article 26 of the GDPR. Accordingly, for the purpose of this privacy policy, each company of the CORZA Group will be defined individually as "Controller" or, jointly with other Group companies as "Joint Controllers".

ARE YOU OBLIGED TO PROVIDE US WITH PERSONAL DATA?

In the context of the business relationship between you and CORZA, we require from you the following categories of personal data:

  • all necessary data for the establishment and implementation of a business relationship;
  • data required for the fulfilment of contractual obligations;
  • data that we are legally obliged to collect.

Without these data it is not possible for us to enter into or execute contracts with you.

DELETION PERIODS

In accordance with the applicable data protection regulations, we do not store your personal data longer than we need for the purposes of the respective processing, including for the purposes of satisfying any legal, accounting, or reporting requirements. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted by us, unless its temporary storage is still necessary.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

YOUR RIGHTS

Within the scope of processing your personal data, you also have certain rights. More detailed information can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21).

RIGHT TO INFORMATION AND CORRECTION

You have the right to obtain information from us on which of your personal data we process. If this information is not (no longer) correct, you can ask us to correct the data, or, if it is incomplete, to complete it. If we have passed on your data to third parties, we will inform the relevant third parties in the event of a corresponding legal situation.

RIGHT TO DELETION

You can request the immediate deletion of your personal data under the following circumstances:

  • When your personal information is no longer needed for the purposes for which it was collected;
  • If you have revoked your consent and there is no other legal basis for data processing;
  • If you object to the processing and there are no overriding legitimate reasons for data processing;
  • If your data is processed unlawfully;
  • If your personal data must be deleted in order to comply with legal obligations.

Please note that before deleting your data we must check whether there is not a legitimate reason for processing your personal data.

RIGHT TO RESTRICTION OF PROCESSING ("RIGHT TO BLOCK")

You may request us to restrict the processing of your personal data for one of the following reasons:

  • If you dispute the accuracy of the data until we have had the opportunity to verify the accuracy of the data;
  • If the data is processed unlawfully, but instead of being deleted, you merely request the restriction of the use of personal data;
  • If we no longer need the personal data for the purposes of processing, but you still need them to assert, exercise or defend in the course of legal claims;
  • If you have filed an objection against the processing and it is not yet clear whether your legitimate interests outweigh ours.

RIGHT TO OBJECT

RIGHT OF OBJECTION IN INDIVIDUAL CASES

If the processing is carried out in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons arising from your particular situation. In the event of an objection, we will not process your personal data further, unless we can prove compelling reasons for processing your data, which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection shall not preclude the legality of the processing carried out up to the time of the objection.

OBJECT AGAINST THE USE OF DATA FOR ADVERTISING PURPOSES

In cases where your personal information is used for advertising purposes, you can object to this form of processing at any time. We will no longer process your personal information for these purposes.

The objection can be made form-free.

RIGHT TO DATA PORTABILITY

Upon requests, you have the right to receive personal data that you have given us for processing in a transferable and machine-readable format.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (ART. 77 GDPR)

We try to process your requests and claims as quickly as possible in order to protect your rights appropriately. Depending on the frequency of enquiries, however, it may take up to 30 days before we can provide you with further information about your request. If it should take longer, we will inform you promptly of the reasons for the delay and discuss the further process with you.

In some cases we may not or cannot give you any information. If legally permissible, we will inform you of the reason for refusing to disclose the information.

If you wish to exercise one or more of the rights listed above, please use the following e-mail address of our Data Protection Team:

E-mail: Privacy_CH@corza.com

You may also file a complaint with your local data protection agency/supervisory authority:

United Kingdom
Information Commissioner's Office
Address: Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF
Website: https://ico.org.uk/
Telephone: 0303 123 1113
Fax: 01625 524510

Italy
Garante per la protezione dei dati personali
Address: Piazza Venezia n. 11 - 00187 Roma
Website: www.gpdp.it - www.garanteprivacy.it
Telephone: (+39) 06.69677.1
Fax: (+39) 06.69677.3785
E-mail: garante@gpdp.it

France
CNIL (Commission Nationale de l'Informatique et des Libertés)
Address: 3 Place de Fontenoy TSA 80715
75334 PARIS CEDEX 07, France
Website:
Telephone: +33 (0)1.53.73.22.22
Fax: +33 (0)1.53.73.22.00
E-mail: servicedpo@cnil.fr

Belgium
Autorite Protection Donnees de Belgique
Address: Rue de la Presse 35
1000 Brussels Belgium
Website: https://www.dataprotectionauthority.be/
Telephone: +32 2 274 48 00
Fax: +32 2 274 48 35
E-mail: contact@apd-gba.be

Spain

Agencia Española de Protección de Datos (“AEPD”)
Address: C/Jorge Juan, 6, 28001 Madrid, Spain
Website: www.aepd.es
Telephone: +34 901 100 099/ +34 91 266 35 17
Fax: +34 91455 5699
E-mail: prensa@agpd.es

Germany (Nordrhein-Westfalen)
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Address: 40102 Düsseldorf Deutschland
Website: https://www.ldi.nrw.de/
Telephone: +49 211 38424 0
Fax: +49 211 38424 10
E-mail: poststelle@ldi.nrw.de

Germany (Baden-Württemberg)

Der Landesbeauftragte für den Datenschutz und Informationsfreiheit Baden-Württemberg
Address: Lautenschlagerstraße 20
70173 Stuttgart
Website: https://www.baden-wuerttemberg.datenschutz.de/
Telephone: 0711/61 55 41 – 0
Fax:  0711/61 55 41 – 15
E-mail: poststelle@lfdi.bwl.de

Germany (Thüringen)

TLfDI
Address: Häßlerstraße 8
99096 Erfurt
Website: https://www.tlfdi.de/
Telephone: +49 361 57 311 2900
Fax: +49 361 57 311 2904
E-mail: poststelle@datenschutz.thueringen.de

Poland

GIODO – Biuro Generalnego Inspektora Ochrony Danych Osobowych (The Bureau of the Inspector General for the Protection of Personal Data of Poland)
Address: ul. Stawki 2
00-193 Warszawa Poland
Website: https://giodo.gov.pl/
Telephone: +48 22 53 10 440
Fax: +48 22 53 10 441
E-mail:kancelaria@giodo.gov.pl

Switzerland
EDÖB – Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Address: Feldeggweg 1
3003 Bern Schweiz
Website: https://www.edoeb.admin.ch
Telephone: +41 58 462 43 95
Fax: +41 58 465 99 96
E-mail: contact20@edoeb.admin.ch

Austria

Österreichische Datenschutzbehörde
Address: Wickenburggasse 8
1080 Wien Österreich
Website: https://www.dsb.gv.at/
Telephone: +43 1 52 152 0
E-mail: dsb@dsb.gv.at

VERSION

This Data Protection Statement is valid as of Sept. 1, 2021. Registered customers will be informed about changes in the Data Protection Statement. Earlier versions of the Data Protection Statement are available on the website or from our Data Protection Officer.