Information on the Processing of Personal Data by Lungpacer Medical Inc.
Lungpacer Medical Inc. (“Lungpacer” or “we”) processes your personal data only to the extent permissible under statutory provisions, in particular, the EU General Data Protection Regulation (“GDPR“) and country specific data protection regulations. The purpose of this notice is to inform you about the nature, scope and purposes of your personal data collected and processed by Lungpacer. This information is intended for any natural person (in particular, patients, health professionals, representatives or contact persons of vendors, other (potential) business partners or (potential) customers) to whom we have (or will have) a contract or business relationship or any other communication relationship. This data processing information does not apply to patients and health professionals who participate in a clinical trial conducted by Lungpacer. Clinical trial related data processing activities are covered by separate data processing notifications.
I. Responsibilities and contact details
The data controller, i.e. the company responsible for processing your personal data is:
Lungpacer Medical Inc., Canada
601 W. Cordova Street, Suite 130
Vancouver, BC V6B 1G1
Our data protection officer is available by email at: firstname.lastname@example.org
Our EU data protection representative according to Art. 27 GDPR is:
GDPR-Rep.eu, Maetzler Rechtsanwalts GmbH & Co KG, Vienna, Austria, web page available at: https://gdpr-rep.eu/q/13797583.
II. Processing of your personal data
1. Data processing on our Website
a. General information
During your visit to our website, we will collect data about your computer and your visits including the IP address of the computer you are using, your geographical location, the type of web browser and operating system being used, the domain name of the internet service provider, the web page you are coming from, the Lungpacer web pages visited and the date and duration of the visit. The data will also be stored in log files in our system.
We require this information for technical purposes to guarantee the stability and safety of our website. In this context, the data is analyzed only for statistical purposes and in an anonymized form.Alternatively, the data may be analyzed for statistical purposes in a pseudonymised form. In this latter case, we will ask for your consent to do so. Under the GDPR, the legal basis for this data processing is Art. 6 (1) lit. a GDPR. Furthermore, with your consent, we localize your geographical location in order to display the respective website adapted to your country.
We will only keep cookies for as long as necessary to achieve the relevant purposes set out in this Data Processing Notification, notably for marketing and statistical purposes.
Generally-speaking, we use 1st and 3rd-party session and persistent cookies. The cookies set by us are called “1st-party cookies” and the cookies set by our third-party partners and service providers are called “3rd-party cookies”. Session cookies are temporary cookies that remain on your device until you close your web browser. Many session cookies are essential to make our website work correctly, as they typically enable you to move around and use specific features of our website.
Persistent cookies remain on your device after you close your browser or until you manually delete it (for the former, how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings).
Persistent cookies help us recognize you as an existing user of our website, so it’s easier and convenient to return to our website or interact with our services without signing in again. In addition, persistent cookies also help us recognize you when you view a resource belonging to our website from another website or app (such as an advertisement) and help us record information about your web browsing habits during the lifetime of the persistent cookie.
Examples of cookies we may use:
- Essential Cookies: These cookies are strictly necessary for our website to function properly and ensure our services are accessible to you (e.g., log-in functionality, load balancing, navigation, filling in forms). The website cannot function properly without these cookies.
- Preference Cookies: Preference cookies enable our website to provide enhanced features or settings based on your previous visits and selections, such as language preferences, remembering log-in details.
- Statistic Cookies: Statistic cookies enable us to understand how visitors interact with our website by collecting and reporting information anonymously.
- Marketing Cookies: Marketing cookies are used to track visitors across our website. The intention is to display advertisements that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You have the option to configure your devices to accept all cookies, to notify you when a cookie is issued or to never accept cookies. However, the latter option may result in some personalized services not being provided and, as a result, you may not be able to take full advantage of all the features offered by our website. If you do not wish to receive cookies in general or only to refuse certain cookies, you can change your browser settings accordingly.
Instructions to this effect are provided for example here:
- For Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- For Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- For Safari: https://support.apple.com/en-gb/HT201265
- For Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en
You can also visit the below link for an overview of how to block or delete cookies on the most common browsers: http://www.allaboutcookies.org
c. Social Network Icons
On our website, we are using icons of Facebook, Twitter and LinkedIn which are web links to the respective websites. We are not processing any personal data in this context. When you visit our profile on Facebook, Twitter and LinkedIn, the data processing notification of the respective social media service apply.
d. Email contact information
Our website contains information that enables you to contact us (including our email address). If you click on this email address, the e-mail client on your computer (if installed) will open. If you contact us via email, we will ask for your consent to use the personal data transmitted by you to contact you and answering your request (opt-in verification). The personal data is stored in our e-mail system. You have the possibility to withdraw your consent at any time (opt-out). We will not share your personal data with third parties. Under the GDPR, the legal basis for this data processing is Art. 6 (1) lit. a GDPR (your consent) or (where your request concerns a contractual relationship with us) Art. 6 (1) lit. b GDPR.
e. Online application form
On our website, we may use an online application form where you can enter your name, email address, phone number and your message to us. We will ask for your consent to use the personal data entered in our online application form in order to process your specific request (opt-in verification). You have the possibility to withdraw your consent at any time (opt-out). We will not share your personal data with third parties. Under the GDPR, the legal basis for this data processing is Art. 6 (1) lit. a GDPR (your consent) or (where your request concerns a contractual relationship with us) Art. 6 (1) lit. b GDPR.
f. Login for closed user groups (Healthcare Professionals)
We may provide portals for Healthcare Professionals on our website to share information about clinical trials or commercial educational material for their use with patients. Access to these portals for closed user groups is only available to Healthcare Professionals who are participating in a clinical trial, or who purchased the product. The portals are password protected. With their consent, Healthcare Professionals can register via e-mail providing their name, e-mail-address, professional information and contact details and we will create a user profile. When a Healthcare Professional uses a user group, we will process the login data (email-address and password). Under the GDPR, the legal basis for this data processing is Art. 6 (1) lit. a GDPR (consent).
2. Other data processing activities by Lungpacer
We process your contact details as well as other personal data required for the performance of a contract with you. This includes pre-contractual communication upon your request. Under the GDPR, the legal basis for this data processing is Art. 6 (1) lit. b GDPR.
We may also process your personal data to send you our communication (e.g., business information; communication regarding contracts or other business-related materials for clinical or commercial activities; our correspondence with you). In case of marketing-related emails, you will have the right to opt-out of this communication. For more information, please see below section “Your Rights”.
In particular, we may also collect and use your personal data for the following purposes:
- Commercial communications related to the conduct of clinical studies and commercialization of our products (applicable legal basis under the GDPR: legitimate interest (Art. 6 (1) lit. f GDPR);
- internal administrative purposes (e.g., for accounting purposes) (applicable legal basis under the GDPR: legal obligations (Art. 6 (1) lit. c GDPR);
- ensure IT security and IT operations at our enterprise (applicable legal basis under the GDPR: legitimate interest (Art. 6 (1) lit. f GDPR);
- prevent criminal offences and conduct compliance investigations in individual cases (applicable legal basis under the GDPR: legitimate interest (Art. 6 (1) lit. f GDPR);
- engage service providers (e.g., external IT service providers) who support our business processes (applicable legal basis under the GDPR: legitimate interest (Art. 6 (1) lit. f GDPR) or (in connection with contract management) performance of a contract (Art. 6 (1) lit. b GDPR);
- business communication purposes, such as vendor management and advertising (applicable legal basis under the GDPR: legitimate interest (Art. 6 (1) lit. f GDPR); and,
- for any other purpose we may disclose to you from time to time (applicable legal basis under the GDPR as communicated).
Where we base data processing on our legitimate interest, we have carefully weighed our business interests with the interests and fundamental rights and freedoms of affected data subjects, and we have come to the conclusion that they do not override our legitimate interest.
If you choose not to provide us with your personal data, we are unable to perform the contractual relationship initiated with you and/or cannot fulfill the above described communication purposes.
III. Disclosure of your personal data
Your personal data may be stored in our website server, email/electronic file servers, or Customer Relationship Management (CRM) system and may be transmitted to and processed by specialized third party service providers inside and outside the European Union (EU) / European Economic Area (EEA) to the extent required for the purposes outlined above. The service providers perform specific services for us such as, e.g., data storage, IT services, and email services.
The service providers will process data only on our behalf and only on the basis of our strict instructions laid down in the respective data processing agreement. Every third-party service provider has been chosen carefully and will be monitored regularly by Lungpacer.
Where data is processed on our behalf in countries outside the EU/EEA, such countries may not have data protection laws and regulations comparable to the ones applicable in the EU. To the extent that no statutory level of security comparable to the European data protection laws exists in such countries, we will adopt appropriate measures to ensure that your personal data will be adequately protected in these countries. In particular, we may choose service providers which are certified under Standard Contractual Clauses published by the European Commission. You may contact our data protection officer for further information, and, in particular, request access to the contracts concluded.
IV. Confidentiality and deletion of your personal data
1. Confidentiality and security
Each of our employees as well as all staff members of third-party service providers who have access to personal data are obliged to treat your data as confidential. We take steps designed to ensure that only those employees or staff members who need access to your personal data to fulfil their employment duties will have access to it.
We have implemented physical, organizational, contractual and technological security measures to protect your personal data and other data from loss or theft, unauthorized access, disclosure, copying, use, or disclosure and modification. While we maintain a multitude of security measures to prevent unauthorized access to or disclosure of your personal data, no security measures are absolute or wholly guaranteed. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of the data you have provided to us has been compromised), please contact us immediately using the contact details in the section “Contact us” below. We will make reasonable attempts to notify you if we determine there were unauthorized acts by third parties that violate the law or this policy, or other security breaches, or where otherwise required by law.
2. Deletion of personal data collected in log files on our website
We delete log files collected during your visit of our website after a period of 8 weeks, unless it is necessary to store the data for a longer period of time for the purposes indicated above. In this case, we delete your personal data once it is no longer required for the purposes indicated above, and statutory retention periods (if applicable) have expired. Session cookies are usually deleted once your internet session is closed.
3. Deletion of personal data collected in connection with other data processing activities
We will delete your personal data after termination of our contract with you, or our contact relationship with you, if the storage is no longer necessary for the fulfilment of our (post-) contractual obligations or the legitimate interests cited in this data protection notice, and if there are no statutory retention obligations. In case statutory retention obligations apply, we will restrict the processing of your data for the duration of such retention obligations.
V. Your Rights
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to access to your personal data, to require rectification and correction, and under GDPR, besides the rights of access and rectification/correction, you have the right to require the deletion of your personal data or the restriction of the processing, and to receive your personal data in a structured, commonly used and machine-readable format (data portability).
Under the statutory requirement, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your personal data. Furthermore, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your personal data.
If you wish to exercise your rights, or if you have any questions or concerns about your personal data or our privacy practices, please direct your request to email@example.com.
If you no longer want to receive marketing-related emails from Lungpacer, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the
bottom of any email you receive from us, or, if you created an online account when you registered to receive Lungpacer’s emails, you may log-in to your account and make changes to your communication preferences. You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below.
We will endeavor to respond to your opt-out request promptly but ask that you please allow a reasonable time to process your request. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.
VI. Amendments to this data protection notification
We reserve the right to amend this data protection notification as we continue to develop and update our website and our work process, or as a result of changed statutory or regulatory provisions or the development of our business. You can access the current version of this data protection information at any time on our website at www.lungpacer.com.
VII. Contact us
If you have any questions or concerns about your personal data, our privacy practices, or this notice, you can always contact our data protection officer at firstname.lastname@example.org
Last Update: 01 September 2020
* * *