1. Who we are
For more information about:
- the Privacy Shield Principles, please visit the U.S. Department of Commerce’s website at http://www.privacyshield.gov/
- our Privacy Shield privacy standards, consult the following link http://www.cantelmedical.com/privacy-shield-policy/
2. Collection, Processing and Use of Personal Data
We use the information collected on and through our website to process orders, determine buying trends, respond to queries and to provide a more personalised experience on our website. This personal data falls into several categories:
2.1 Information you provide to us
We collect information when you fill in forms to contact us, make a purchase, subscribe to our newsletter (see Section 3 for more details) or otherwise communicate with us. The personal data we collect is necessary to provide the contracted services to you or for our legitimate interests in order to respond to you.
If you choose to enter into a promotion or contest, we may ask for your name, address, and e-mail address, among other pieces of information, so we can distribute promotional offerings, administer the promotion or contest, and notify winners. We may need to forward such information to fulfilment houses or distributors. However, our partners have agreed to keep any personal information provided to them confidential and secure, unless you consent to such information being shared with other product manufacturers.
We utilise your purchase history to shape our recommendations about the merchandise or promotions that might be of interest to you.
2.2 Information we collect directly when you use our website
If you merely use our website for informational purposes and do not use our contact form or subscribe to our newsletter service, we do not collect personal data that directly identifies you (such as your name or address). However, when you use our website, we collect or use certain online identifiers as follows:
(i) Server Log Files
Each time you visit our website, your browser transfers the following data to our server, which is then stored in log files on our server:
- IP address,
- date and time of access,
- amount of transferred data,
- referrer url (the website which directed you onto our website),
- your browser type and
- your operating system.
We need to collect and store this data in order to be able to deliver our website and its content in a suitable way to you as well as to ensure the stability and security of our website. We generally store the log file data for up to thirty days in order to identify technical problems or security incidents (e.g., illegal use of the website, hacker attacks, etc.). If we identify a security incident, we reserve the right to retain the log file data as long as required to pursue our legal claims in connection with it and may also make it available to third parties for that purpose (e.g., investigative authority).
Providing our website and its content to you as well as ensuring the stability and security of our website, including the pursuit of any legal claims, are necessary for our legitimate interests.
What are Cookies?
Cookies are small text files that are stored in your browser during your visit of a website. Cookies can have a variety of purposes from technical assistance to tracking of user’s behaviour and targeting individuals for marketing purposes. Cookies can be stored in your browser for different periods of time, depending on the type of cookie. Most internet browsers automatically accept cookies. However, users have the option to view the cookies in use, delete some or all cookies or completely disable the future storing of cookies. Cookies cannot run a program or transfer viruses or spyware to your computer.
Cookies Used on our Website:
When visiting our website, certain cookies are set and read by our own server when delivering the website / webpage to your browser. These are often called ‘first party cookies’. No third party cookies are used on our website. We use the following types of cookies:
Functional Cookies: We use session or technical cookies. These cookies are only stored in the temporary memory of your computer and are automatically deleted when you close your browser. They provide technical assistance to facilitate your use of our website. Session cookies enable you to switch from one page of the website to another and still be recognized as the same user, e.g., your language setting will remain the same if you switch from one page to another. These are essential cookies and our use is necessary for our legitimate interests to provide the website to you.
Analytic Cookies: We may also monitor customer traffic patterns, site usage, and other web-metrics to help us develop the design and layout of our websites, determine customer preferences, and otherwise review product offerings and trends. These are non-essential cookies and we have a pop up consent notice on our website to obtain your consent to these.
For further information on the individual cookies used, you may visit the opt-out pages of http://youronlinechoices.eu/
Manage and Disable Cookies:
Most browsers provide settings that prevent the automated placing of cookies on your computer. You can typically find this setting option in your browser under “data protection.” The procedure to manage cookies may differ from browser to browser.
Please note that you might not be able to use all of the features of our website if you block cookies in your browser settings.
3. Marketing Communications
If you indicate on a form or otherwise contact us to receive marketing materials from us, we will send that to you in accordance with your request and by the contact details you have given us. You can always ask us to stop sending such communications at any time.
We offer an e-mail newsletter service with information on our products and services. Users will only receive a newsletter if they subscribe to this service and provide the personal data requested by us in connection with the subscription service. To subscribe to the newsletter, you will only need to provide your e-mail address, with an option to also provide your first and last name.
When you subscribe to the newsletter service, you will receive an e-mail which contains a link to confirm your subscription (a double opt-in). When you click on that link, we will store the IP address and other information (e.g., date of subscription and confirmation) for documenting that you have subscribed to the newsletter service.
We use the newsletter service “Gold Vision,” a cloud based newsletter distribution platform, for newsletter distribution. This service is provided by Esteiro Business Solutions Limited, Ryehills Park, Ryehills Road, West Haddon, Northamptonshire, NN6 7BX (“Gold Vision“).
Your e-mail address and, if applicable, the other personal data provided in connection with the subscription, are stored on the servers of Gold Vision in UK. This data is used by Gold Vision on our behalf in order to send the newsletters to you and analyze the newsletter distribution. When you open the newsletter, your browser will retrieve a “web-beacon,” a pixel-sized file contained in the newsletter, from the Gold Vision servers. Thereby, technical information, such as information in relation to your browser, system, IP address and the time of retrieval, is processed. Further, the Gold Vision server also collects data as to whether the recipients could open the newsletter, when they opened it and which links they clicked. We exclusively collect this data for statistical purposes and in order to adapt the content of our newsletter to our customers’ preferences and provide a better service. We do not create user profiles based on this data.
Further, we have entered into a data processing agreement with Gold Vision which imposes the obligation upon Gold Vision to process the personal data of our subscribers only based on our instructions.
The legal basis for the processing of your personal data in relation to the newsletter service is your consent. The legal basis for the use of the newsletter distribution service provider Gold Vision, statistical assessments by us and the logging of the subscription data is Article 6 para. 1 lit. f) GDPR, as we have a legitimate interest in providing a user-friendly and secure newsletter service which serves both our business interests as well as the expectations of our users.
You can withdraw your consent to receive newsletters at any time. Please use the “unsubscribe” link at the end of a newsletter or contact us (see contact details in Section 1 (The Controller) above). Please note that you can also only object to our use of Gold Vision. However, in this case, we will not be able to continue providing you with the newsletter.
Your personal data provided in relation to the newsletter will be deleted if you withdraw your consent, unless we need to store it in order to pursue or defend legal claims. The legal basis for this storage is our legitimate interests to pursue or defend claims.
We will only store your personal data for a longer period if and as long as we are under a respective legal obligation (e.g., statutory law, court order or order of an authority, etc.).
4. Collection and Use of Personal Data by Third Parties
When you visit our website, third parties will be able to collect personal data from you as described in this section. Most of such third party service providers will only collect data on our behalf and not for their own business purposes. If data is collected and used for a third party’s business purposes, then this will only occur on the basis of a contractual arrangement between us and the respective third party in which we will bind the third party to only use the collected data for the purposes described in the contractual arrangement.
4.1 Service Providers
Our website does not contain third party cookies. Gold Vision is the service provider providing the newsletter distribution services specified in Section 3 (Marketing Communications) above.
When you click on links on our website which direct you to the website of another website provider, this website provider will likely also collect certain data from you, probably at least the data described in Section 2 (Server Log Files) above. However, this data is neither collected on our behalf nor otherwise controlled or used by us; therefore, we are neither legally obliged nor able to give you any information on what data will be collected if you click on such a link. Third party websites have their own privacy policies which may be different from ours. We are not liable for any of such third party websites, which you use at your own risk.
5. Transfer of Personal Data / Recipients of Personal Data
As described above in Section 4 (Collection and Use of Personal Data by Third Parties), we allow certain third parties to collect personal data from you. For further details regarding these recipients of personal data, please see the information in Section 4 (Collection and Use of Personal Data by Third Parties).
Personal data may also be shared with our affiliates in accordance with the purposes for which personal data was originally collected or otherwise could be lawfully processed. Our U.S. affiliates participate in, and have self-certified their adherence to, the principles of, the EU – U.S. Privacy Shield Framework.
In general, we will only transfer your personal data to third parties if this is required to perform a contract with you or if we are under a statutory legal obligation or ordered by legally binding order of an authority or court.
Further, we generally reserve the right to use third parties who collect and process personal data on our behalf (e.g., hosting providers or IT service providers). They will only receive the amount of data which is required for the assigned task. Such service providers will usually be contracted as “data processors,” who are only allowed to process data based on our instructions and who will only be contracted if they provide the necessary qualifications set out for a data processor in the GDPR. The legal basis for the use of third parties and the related transfer of personal data may, subject to the circumstances, be performance of a contract or legitimate business interests. As long as we select and use data processors in compliance with the provisions of the GDPR and other applicable data protection law, we deem that we have a legitimate interest for the use of third parties as data processors.
6. Transfer of Personal Data to Third Countries
In some cases, we transfer, or will transfer, your personal data to countries outside the European Union or the European Economic Area.
We may transfer personal data to our U.S. business segments pursuant to the EU – U.S. Privacy Shield (as explained in Section 1 above).
If you require any further information or details of the protections we have in place for transfers of data, do get in touch via the contact details set out below.
7. Your Rights
Voluntary provision of information: With the exception of the necessary information we collect automatically when you use the website as specified above, you are free to provide the personal data you choose to give us. Non-provision of such data may, however, entail the impossibility to proceed with your request.
Access: At any time, you have the right to obtain information concerning your personal data. This includes the right to know whether or not we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you are entitled to request rectification, erasure or restriction of the processing of your personal data.
Right to object: Further, in certain cases, including where processing is based on legitimate interests of the data controller, you also have a right to object to the processing of personal data on grounds relating to your particular situation; in this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can ask for more details about our legitimate interests.
Where personal data is processed for direct marketing purposes, you always have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Portability: You also have the right to data portability (i.e., to have a copy and transfer it to other providers) subject to certain limitations.
Consent: In case we process personal data based on your consent, e.g., for the contact form and newsletter service, you are entitled to withdraw your consent at any time, as explained in Section 3. Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid or illegal the processing based on consent before its withdrawal. If you withdraw your consent in relation to communications addressed to us through the contact form, we may still be required to store your personal data as specified in Section 3. If you withdraw your consent in relation to the newsletter service, you will not receive further newsletters.
If you wish to exercise any of these rights in relation to your personal data, please contact firstname.lastname@example.org. In order for us to fulfil your request, please make sure that we can identify you properly.
You also have the right to lodge a complaint with your competent supervisory authority.
8. Data Retention
We will retain your personal data for as long as you maintain an account or as otherwise necessary to provide you services. We will also retain your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our contracts.
9. Security / Safeguards
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Please be advised, however, that we cannot fully eliminate security risks associated with the retention, storage and transmission of personal data.
The website is not intended for children under the age of 13. We will not knowingly collect personally identifiable information from children under 13 years of age.
Please be advised that the minimum age may vary based on country/region, and on local law. If you become aware that a child has provided us with personal data without parental consent, please contact us at email@example.com.
If we become aware that a child under 13 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the child’s account. Any communications that are identified as being from a child under the age of 13 will not be retained.
12. Contact details and further information
If you have any questions about it, including any requests to exercise your legal rights, please contact us under:
Cantel (UK) Limited,
Shoeburyness, SS3 9BX
or per email firstname.lastname@example.org.