Last updated April 2022
Data Controller and Data Protection Officer
Responsible entity for the processing of personal data when visiting our website, i.e., the Data Controller is - unless informed otherwise at the time your personal data is collected - the Cordis entity in your county. Please refer to this list for information on the relevant Cordis entity and contact details https://cordis.com/emea/contac....
In case you have any data protection queries and wish to contact the Data Protection Officer, please refer to [DPO@cordis.com].
Personal Data, Processing Purpose and Justification
Personal data means information about your person to be processed in an automated manner. Personal data includes but is not limited to information containing a direct link to your person, like name, contact information. We collect such information in the context of operating our website only in case you voluntarily provide it, e.g., when using a contact form or registering for an information service. There is other information, not containing a direct link to your person, like IP-addresses, browser settings, etc. that may eventually be connected to other personal information and that is by law considered personal data. We collect such information, where required to provide the website functionalities.
We process personal data, where strictly required, for legitimate purposes. Our processing purposes are providing website functionalities to our website users, enabling contact to Cordis and providing information on Cordis.
The justification varies depending on the purpose of the processing and may be in particular our legitimate business interests in presenting our company, goods and services (Art. 6 (1) (f) GDPR), the necessity to perform contractual duties and to exercise contractual rights (Art. 6 (1) (b) GDPR), compliance with legal obligations (Art. 6 (1) (c) GDPR) or your consent (Art. 6 (1) (c) GDPR).
Handling of contact data
If you contact the website operator using the contact options offered, your details will be stored so that they can be used to process and respond to your enquiry. If necessary, we will forward your enquiry to the appropriate company of the Cordis group according to your request. If you have a contractual relationship with us or are interested in our services, the legal basis of the processing is (Art. 6 (1) (b) GDPR. Otherwise, the legal basis of the processing is our legitimate interest in providing contact options within the scope of our business operations (Art. 6 (1) (f) GDPR).
Ordinary contact in the course of business (e.g., trade fair)
In the case of a spontaneous business contact exchange at, among other things, trade fairs, events, business lunches or other official activities, e.g. by exchanging business cards, we process your contact data (name, address, e-mail or telephone number), data on your company (address, business area, job description, title), data on your request (content, time of request, means of communication) in order to contact you and process your request. The legal basis is Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR
If you have given us your consent, we will process the e-mail address you have provided in order to contact you for marketing purposes and to send you further information about our products and our company. Legal basis is Art. 6 (1) (a) GDPR. You can object to e-mail marketing at any time and revoke your consent at any time with effect for the future. You will find an option to declare your objection or revocation in every e-mail. You can also declare the objection and revocation via the contact data given in Section 1 (see also Section 8 – Your Rights).
We will transfer personal data to third parties where necessary for the provision of our service or otherwise allowed or required by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.
In other cases, we transfer personal data to other recipients only if a there is a legal justification, or you have expressed your consent. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
If necessary, for our purposes, we may also transfer your data to data recipients and service providers in third countries including countries outside the EEA. In such case we ensure having in place measures to ensure an adequate level of data protection within the meaning of Art. 44 et. seq. GDPR
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g., if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
As a data subject of the data processing, you have the right to confirmation as to whether personal data are processed by Cordis and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the event of processing based on Art. 6(1) (e) or (f) of the GDPR or processing for direct marketing purposes, you may object to the processing (Art. 21 of the GDPR), in which case, except in the case of direct marketing, you must provide a specific ground.
If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1) (a) or Art. 9 (2) (a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR). If you have any questions or complaints about data protection at Cordis, we recommend that you first contact our data protection officer (see contact details in Art. 1 above).
No automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.