This policy (‘Policy’ or ‘Notice’) states the policies and practices of Elcam Medical group companies (‘Company’, also we, us, our, etc), with respect to personal data. It also serves as notice to data subjects as required by EU data protection law, including advising data subjects regarding their data protection rights.
Data may be collected when visiting our websites including at www.elcam-medical.com , www.elcam3d.com, www.infusesafety.com,(‘websites’ or ‘sites’), or our social media pages, or in the course of your interest in our products and support, Please read the following carefully to understand our views and practices regarding such personal data and how we will treat it.
Company sometimes acts as a Data Processor or a Data Controller, and is committed to treating personal information with all due care, responsibility and accountability, all in accordance with the EU’s General Data Protection Regulation (‘GDPR’) and other applicable laws and best practices.
Information privacy is a continual and evolving responsibility, and so from time to time we will update this Notice as we undertake new personal data practices or adopt new policies.
Company personal data processing on our websites and other marketing sources
We may collect some personal data, such as IP addresses and contact details, to help us provide personalized support, website services, and marketing. We may share this with some third-party providers who use that data only to support us.
Our websites collect certain information automatically and store it in log files. The information may include Internet Protocol (‘IP’) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our site, including a history of the pages you view. We use this information to help us design our websites to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyse trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Where individuals communicate with us directly, including as representatives of customers, and where we know them to be EU persons, we may use such data to communicate with such individuals, including for the purposes of keeping such individuals aware of our news, or of changes to our services; and to deliver content or features. We collect contact and related data about potential customers via our websites, at events, through social media (such as Facebook and LinkedIn), when it is given for that purpose to our professional, and through other such sources. This data is used to market our products and keep our followers up to date on Elcam Medical. We store this data with third party providers of marketing data processing, including in the USA and elsewhere. Data subjects may ask for such data to be accessed, moved, rectified or erased by contacting the Data Protection Officer at email@example.com.
Company personal data processing as part of its commercial services
We may process personal data on behalf of our customers, and do so in fulfillment of our contract with them. To the extent that we process data as a Controller, we do so based on the consent of the data subject; or based on the fulfillment of contract; or based on a legitimate interest.
Company sells a broad variety of Products. In the course of selling these products, customers-Controllers instruct Company to provide goods and services either to the Controller, or to the Controllers customers. In so doing, the Controllers may provide Company various data, which may include Personal Data, to enable sale, delivery, service and support to its customers. Company processes customers’ data only in accordance with the instructions of customers, and in fulfillment of the Controllers’ contracts with Company. Data Subjects may contact the Controller of their data, with questions or requests concerning their Personal Data. Where Company is the Controller of data, it will process data only on a lawful basis, generally based on the consent of the data subject; or based on the fulfillment of contract; or based on a legitimate interest of providing information and services and support with respect to Company’s goods.
Data held for compliance
We may hold personal data for our own compliance and accountability needs.
Personal data provided to Company may be used for our own compliance and accountability, including, to ensure we meet with applicable laws; and to detect, investigate and avoid activities that may violate our policies, or be unethical or illegal; in connection with legal claims; where relevant for possible audits.
We will erase data once it is no longer serving its purposes.
Personal data processed by the Company will be erased when it no longer serves its purposes, or is not longer needed for legal, compliance, audit and other such needs. Data processed on behalf of our customers (the Controllers, see section 2 above) will be erased on their instructions
Sharing Personal Data with Third Parties
We may share personal data with third parties that provide processing services to us, for those limited purposes, or as required by law.
We will not share personal data with any third party except in limited circumstances, in which those third parties support our services to our customers, employees, and website users. Where commercially relevant, we may pass on such data to distributors of our goods. We may share personal information with third parties in connection with legal or regulatory proceedings or investigation, enforcement or protection of our rights, a sale of our business or other corporate due diligence, in compliance with legal process, or in any other case where we believe in good faith that disclosure is required by law or by generally accepted best business practice. We will make reasonable efforts to obtain from such third parties assurance that they will treat all personal information in accordance with GDPR and all applicable law, and that such third parties performing services on our behalf are required to, and will in fact, use that information only for the purposes agreed with us or required by law. When we share data with third parties, we remain liable for the treatment of such data with respect to GDPR. We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may transfer personal data from the EU to the US, Israel and elsewhere.
Company has its headquarters in Israel, a country recognized by the EU Commission as having protection adequate under EU data protection laws. Personal information collected or received by us in and from the EU, may be processed in Israel, or the United States, or in other countries in which the Company has an entity, where there is need for such processing. The United States has no adequacy ruling from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we transfer personal data to the US only: to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We may also do so with consent. We may also transfer data to Privacy Shield certified third parties. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistently with your relationship with the Controller or with us, and the practices described in this Notice. We also minimize the risk to your rights and freedoms by not collecting or storing sensitive information about you.
Data Security and Integrity
We take data security seriously.
We deploy industry standard, or better, measures to ensure the security, confidentiality, integrity and availability of personal data we process. We maintain physical, technical and administrative safeguards, and test and update these periodically. We endeavor to restrict access to personal data on a ‘need to know’ basis for the provision of services to you. No such measures are perfect or impenetrable. In the event of a security breach, we will take all reasonable action to minimize any harm, and will of course meet the requirements of GDPR, including with regard to notifications. Although we will do our best to protect personal data, we cannot guarantee the security of data transmitted to our site or to group companies, and transmission is at the data subject’s own risk.
We may amend this policy from time to time, and will publish changes directly to our site. Your continued use of our site means you agree to the terms of this notice.
This data protection policy may be updated or modified from time to time, with or without notice to data subjects, users etc. Changes may be made to accommodate new laws and regulations, technologies, or industry practices, or for other purposes. New versions of this notice will supersede and replace prior versions. To the extent that such changes materially adversely affect our treatment of personal data, we will endeavor to provide notice to data subjects via our site. You agree that any dispute in connection with this notice and its terms, will be governed exclusively by the laws of the Israel except its conflict of laws provisions.
Data subject rights
You have rights of access, portability, rectification and erasure. You may contact us to help exercise those rights.
Where we are the data Controller, you have, under GDPR, various rights with respect to the way we process that data. We will help data subjects exercise their rights in respect to the data. This includes various information rights, the right to correct (rectify) the record of your personal data maintained by us if it is inaccurate; you may be entitled to request that we erase that data or cease processing it, subject to certain exceptions; you may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. When technically feasible, at your request we will provide your personal data to you or transmit it directly to another controller. Reasonable access to your personal data will be provided at no cost to our customers, and others upon request made to us at firstname.lastname@example.org. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. We will not be able to provide access to data where such access would lead to divulging proprietary information, or may impinge the rights of employees or others, or where it is held in an unstructured form such that extracting the data would not be practical or proportional, such as in emails.
Contacting us on data protection matters
Summary: you may contact us or our data protection officer, as may be required. Any access requests may be lodged with us or with our Data Protection Officer at email@example.com.
Elcam Medical is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us.
Last update: August 2019