1. Who We Are
For more information about:
- the Privacy Shield Principles, please visit the U.S. Department of Commerce’s website at https://www.privacyshield.gov/
- our Privacy Shield privacy standards, consult the following link http://www.cantelmedical.com/privacy-shield-policy.
2. Collection, Processing and Use of Personal Data
We use the information collected on and through our website to determine usage trends, provide our services, respond to queries and to provide a more personalised experience on our website. This personal data falls into several categories:
2.1 Information You Provide to Us
We collect information when you fill in forms or otherwise contact us, request marketing communications (see Section 3 (Marketing Communications) for more details) or otherwise communicate with us. The personal data we collect is necessary to provide the contracted services to you or for our legitimate interests to respond to you.
If you choose to enter a promotion or contest, we may ask for your name, address and e-mail address, among other pieces of information, so we can distribute promotional offerings, administer the promotion or contest and notify winners. We may need to forward such information to fulfilment houses or distributors. However, our partners have agreed to keep any personal information provided to them confidential and secure, unless you consent to such information being shared with other product manufacturers.
2.2 Information We Collect Directly When You Use Our Website
If you contact us or subscribe to our marketing communications, we may collect personal data to respond to or act on your request. Additionally, we collect or use certain online identifiers, including:
(i) Server Log Files
Each time you visit our website, your browser transfers the following data to our server, which is then stored in log files on our server:
- IP address,
- date and time of access,
- amount of transferred data,
- referrer URL (the website which directed you onto our website),
- your browser type and
- your operating system.
We need to collect and store this data to be able to deliver our website and its content in a suitable way to you as well as to ensure the stability and security of our website. We generally store the log file data for up to twenty-six months to identify technical problems or security incidents (e.g., illegal use of the website, hacker attacks, etc.). If we identify a security incident, we reserve the right to retain the log file data for as long as required to pursue our legal claims in connection with it and may also make it available to third parties for that purpose (e.g., investigative authority).
Providing our website and its content to you as well as ensuring the stability and security of our website, including the pursuit of any legal claims, are necessary for our legitimate interests.
What Are Cookies?
Cookies are small text files that are stored in your browser during your visit of a website. Cookies can have a variety of purposes, from technical assistance to tracking of user’s behaviour and targeting individuals for marketing purposes. Cookies can be stored in your browser for different periods of time, depending on the type of cookie. Most internet browsers automatically accept cookies. However, users have the option to view the cookies in use, delete some or all cookies or completely disable the future storing of cookies. Cookies cannot run a program or transfer viruses or spyware to your computer.
Cookies Used on Our Website:
When visiting our website, certain cookies are set and read by our server when delivering the website to your browser. These are often called “first party cookies.” We use the following types of cookies:
Functional Cookies: We use session or technical cookies. These cookies are only stored in the temporary memory of your computer and are automatically deleted when you close your browser. They provide technical assistance to facilitate your use of our website. Session cookies enable you to switch from one page of the website to another and still be recognized as the same user, e.g., your language setting will remain the same if you switch from one page to another. These are essential cookies and their use is necessary for our legitimate interests to provide the website to you.
Analytic Cookies: We may also monitor customer traffic patterns, site usage and other web metrics to help us develop the design and layout of our websites, determine customer preferences and otherwise review product offerings and trends. These are non-essential cookies, and we have a pop-up consent notice on our website to obtain your consent to these.
For further information on the individual cookies used, you may visit the opt-out pages of http://youronlinechoices.eu.
Manage and Disable Cookies:
Most browsers provide settings that prevent the automated placing of cookies on your computer. You can typically find this setting option in your browser under “data protection.” The procedure to manage cookies may differ from browser to browser.
Please note that you might not be able to use all features on our website if you block cookies in your browser settings.
3. Marketing Communications
If you indicate on a form or otherwise contact us to receive marketing communications from us, we will send such communications to you in accordance with your request and by the contact details you have given us. You can always ask us to stop sending such communications via email or by using the “unsubscribe” link included in each marketing communication.
We offer marketing communications with information on our products and services. Users will only receive marketing communications if they subscribe to this service and provide the personal data requested by us in connection with such communications. To subscribe to the marketing communications, you will need to provide your e-mail address, first and last name, job title and organisation.
We use the marketing service “Gold Vision Connect,” a cloud-based email distribution platform, for marketing communication distribution. This service is provided by Esteiro Business Solutions Limited, Ryehills Park, Ryehills Road, West Haddon, Northamptonshire, NN6 7BX (“Gold Vision“).
Your e-mail address and, if applicable, the other personal data provided in connection with the subscription are stored on the servers of Gold Vision in the UK. This data is used by Gold Vision on our behalf to send marketing communications to you and analyse email distribution. When you open any marketing communication, your browser will retrieve a “web-beacon,” a pixel-sized file contained in the email, from the Gold Vision servers. Thereby, technical information, such as information in relation to your browser, system, IP address and the time of retrieval, is processed. Further, the Gold Vision server also collects data as to whether the recipients opened the email, when they opened it and which links they clicked. We exclusively collect this data for statistical purposes and to adapt the content of our marketing communications to our customers’ preferences and provide a better service. We do not create user profiles based on this data.
Further, we have entered into a data processing agreement with Gold Vision which imposes the obligation upon Gold Vision to process the personal data of our subscribers only based on our instructions.
The legal basis for the processing of your personal data in relation to such marketing communications is your consent. The legal basis for the use of Gold Vision, statistical assessments by us and the logging of the subscription data is our legitimate interest in providing a user-friendly and secure marketing communications service which serves both our business interests as well as the expectations of our users.
You can withdraw your consent to receive marketing communications at any time. Please use the “unsubscribe” link at the end of a marketing communication to unsubscribe from marketing emails or contact us in writing (see contact details in Section 12 (Contact Details and Further Information)), specifying which method of marketing communications you would like to unsubscribe from. Please note that you can also object to our use of Gold Vision. However, in this case, we will not be able to continue providing you with marketing communications.
Your personal data provided in relation to the marketing communications will be deleted if you withdraw your consent unless we need to store it to pursue or defend legal claims. The legal basis for this storage is our legitimate interests to pursue or defend claims. Additionally, we may continue to process such data if permitted based on another pertinent legal basis, including a legal obligation (e.g., statutory law, court order or order of an authority, etc.).
4. Collection and Use of Personal Data by Third Parties
When you visit our website, third parties will be able to collect personal data from you as described in this section. Most third-party service providers will only collect data on our behalf and not for their own business purposes. If data is collected and used for a third party’s business purposes, then this will only occur based on a contractual arrangement between us and the respective third party in which we will bind the third party to only use the collected data for the purposes described in the contractual arrangement.
4.1 Service Providers
Gold Vision is the service provider providing the email marketing communication distribution services specified in Section 3 (Marketing Communications) above.
Additionally, we use MonsterInsights and Google Analytics, which work together to help us better understand traffic patterns on our website. Google Analytics is a service provided by Google, Inc. (“Google Analytics“). MonsterInsights, provided by MonsterInsights, LLC, is a software that assists us in implementing Google Analytics and does not store personal information. For more information regarding how your personal data is processed by Google Analytics, consult the Google Analytics Data Privacy and Security Policy, currently found at https://support.google.com/analytics/answer/6004245?hl=en.
By visiting our website, certain information may be stored on the servers of Google Analytics, including data related to the device/browser, IP address and on-site activities. When you access our website, Google Analytics may use first party cookies to retrieve such information. This data is used by Google Analytics on our behalf to measure and report statistics about user interactions on our website. Google Analytics uses IP addresses to derive the geolocation of a visitor, protect the service and provide security to us. However, we use MonsterInsights to instruct Google Analytics to anonymize any IP addresses collected. We exclusively collect this data for statistical purposes and to adapt the content of our website to our customers’ preferences and provide a better service. We do not create user profiles based on this data. Google Analytics will generally store this data for up to twenty-six months.
Further, we have entered into a data processing agreement with Google Analytics which imposes the obligation upon Google Analytics to process the personal data of our website visitors only based on our instructions.
The legal basis for the processing of your personal data for this purpose is your consent. The legal basis for the use of Google Analytics, statistical assessments by us and the logging of the data noted above is our legitimate interest in providing a user-friendly and secure website which serves both our business interests as well as the expectations of our users.
You can withdraw your consent by clearing or blocking cookies. However, in this case, we may not be able to continue providing you with use of our website.
When you click on links on our website which direct you to the website of another website provider, this website provider will likely also collect certain data from you, probably at least the data described in Section 2 (Server Log Files) above. However, this data is neither collected on our behalf nor otherwise controlled or used by us; therefore, we are neither legally obliged nor able to give you any information on what data will be collected if you click on such a link. Third party websites have their own privacy policies which may be different from ours. We are not liable for any of such third-party websites, which you use at your own risk.
5. Transfer of Personal Data / Recipients of Personal Data
As described above in Section 4 (Collection and Use of Personal Data by Third Parties), we allow certain third parties to collect personal data from you. For further details regarding these recipients of personal data, please see the information in Section 4 (Collection and Use of Personal Data by Third Parties).
Personal data may also be shared with our affiliates in accordance with the purposes for which personal data was originally collected or otherwise could be lawfully processed. Our U.S. affiliates participate in, and have self-certified their adherence to, the principles of the EU – U.S. Privacy Shield Framework.
In general, we will only transfer your personal data to third parties if this is required to perform a contract with you or if we are under a statutory legal obligation or ordered by legally binding order of an authority or court.
Further, we generally reserve the right to use third parties who collect and process personal data on our behalf (e.g., hosting providers or IT service providers). They will only receive the amount of data which is required for the assigned task. Such service providers will usually be contracted as “data processors,” who are only allowed to process data based on our instructions and who will only be contracted if they provide the necessary qualifications set out for a data processor in the GDPR. The legal basis for the use of third parties and the related transfer of personal data may, subject to the circumstances, be performance of a contract or legitimate business interests. Providing we select and use data processors in compliance with the provisions of the GDPR and other applicable data protection law, we deem that we have a legitimate interest for the use of third parties as data processors.
6. Transfer of Personal Data to Third Countries
In some cases, we transfer, or will transfer, your personal data to countries outside the EU or the European Economic Area.
We may transfer personal data to our U.S. affiliates pursuant to the EU – U.S. Privacy Shield Framework (as explained in Section 1 (Who We Are) above).
If you require any further information or details on the protections we have in place for transfers of data, do get in touch via the contact details set out below.
7. Your Rights
Voluntary provision of information: With the exception of the necessary information we collect automatically when you use the website, as specified above, you are free to provide the personal data you choose to give us. Non-provision of such data may, however, entail the impossibility to proceed with your request.
Access: At any time, you have the right to obtain information concerning your personal data. This includes the right to know whether we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you are entitled to request rectification, erasure or restriction of the processing of your personal data.
Right to object: In certain cases, including where processing is based on legitimate interests of the data controller, you also have a right to object to the processing of personal data on grounds relating to your particular situation; in this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can ask for more details about our legitimate interests.
Where personal data is processed for direct marketing purposes, you always have the right to object at any time to the processing of your personal data for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing purposes.
Portability: You also have the right to data portability (i.e., to have a copy of your personal data and transfer it to other providers) subject to certain limitations.
Consent: In case we process personal data based on your consent, e.g., contacting us or opting into our direct email marketing communications, you are entitled to withdraw your consent at any time, as explained in Section 3 (Marketing Communications). Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid or illegal the processing based on consent before its withdrawal. If you withdraw your consent in relation to communications addressed to us through the contact form, we may still be required to store your personal data as specified in Section 3 (Marketing Communications). If you withdraw your consent in relation to direct marketing communications, you will not receive further marketing communications.
If you wish to exercise any of these rights in relation to your personal data, please contact firstname.lastname@example.org. In order for us to fulfil your request, please make sure that we can identify you properly.
You also have the right to lodge a complaint with your competent supervisory authority.
8. Data Retention
9. Security / Safeguards
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to personal data. Please be advised, however, that we cannot fully eliminate security risks associated with the retention, storage and transmission of personal data.
The website is not intended for children under the age of 13. We will not knowingly collect personal data from children under 13 years of age.
Please be advised that the minimum age may vary based on country/region and on local law. If you become aware that a child has provided us with personal data without parental consent, please contact us at email@example.com.
If we become aware that a child under 13 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the child’s account. Any communications that are identified as being from a child under the age of 13 will not be retained.
12. Contact Details and Further Information
Cantel (UK) Limited
SS3 9BX, UK or via email firstname.lastname@example.org.