fbpx

Privacy Policy

Privacy Policies

Please find the Privacy notice for customers
Please find the Privacy notice for applicants 
Please find the Privacy notice for social media
Please find the Privacy notice for video surveillance

 

Nox Medical Website Privacy Policy

Nox Medical ehf (hereinafter “we”, “us” or “Nox Medical”) is committed to the protection of your personal data. Your personal data will be processed exclusively in accordance with the applicable data protection legislation, in particular the provisions of the European Data Protection Regulation (hereinafter: “GDPR”).  In the light of this legislation, we would like to provide you with some information on the processing and protection of your personal data, as required by the GDPR. The term “personal data” covers any piece of information that refers to an identified or identifiable natural person (“data subject”). By visiting the Nox Medical website, you may become a data subject within the meaning of the GDPR. Furthermore, “personal data” or “processing” correspond to the definitions according to Article 4 GDPR. If you would like to take a look at the GDPR yourself, you can find it here.

This Privacy Policy applies to the Nox Medical Website, its subpages and may also apply to other websites of Nox Medical that incorporate this Privacy Policy by reference. In particular, this Privacy Policy does not apply to third party websites that are linked to from the Nox Medical Website. This Privacy Policy does not apply to presences of Nox Medical on third party platforms, including but not limited to social networks (e.g., Facebook, Twitter or YouTube). Presences on those platforms are subject to the privacy policies of the respective platform operator(s) and, if applicable, the privacy policies provided therein as a full text version or link by Nox Medical.

If you have any questions on the processing of your personal data or wish to exercise your rights as a data subject, please contact us using the contact details below.

1       Information about the Controller of the data processing

The joint controllers of the processing of your data within the meaning of Article 4 No. 7 GDPR is:

Nox Medical ehf
Katrínartún 2
105 Reykjavík
Iceland
Tel: +(354) 570 7170
E-Mail: info@noxmedical.com
Nox Health Group
5000 Research Parkway, Suite 500
Suwanee, GA 30024
USA
Tel: 855-617-6691
Fax: 678 669 2274
E-Mail: privacy@noxhealth.com

If you have any questions on the processing of your data or wish to exercise your rights as a data subject (see section “Your rights as a data subject”), please contact us using the contact details above.
You can also contact our data protection officer directly at dataprotection.nox@v-formation.gmbh or our postal address with the addition “Data protection officer / DPO”.

2       Processing of personal data

In the following, we would like to give you an overview of the data processing that typically takes place when you vsit our webpage.  In addition, there may always be situations in which data processing takes place that are not mentioned here. In these cases, we will provide you with separate data protection information (e.g., privacy policy on our website) that relates to the respective situation, insofar as this is required by law.

2.1       Data automatically collected while browsing this website

When you access our websites, the following information is usually automatically transferred by your browser to our server:

  • Internet address (IP address) of the accessing computer at the time of access
  • Data and time of access
  • Accessed web pages or files
  • Transmitted data volume
  • Message whether the retrieval was successful or why it failed, if applicable (error code)
  • Operating system and browser software of retrieving computer, both including version
  • Screen resolution and color depth of the retrieving computer
  • Browser and language settings
  • Browser plugins (JavaScript, Flash Player, Java, Silverlight, Adobe Acrobat Reader, etc.)
  • Previously visited website (referrer URL)
  • Search term with which the Website was found (e.g., via Google)

We will process this data based on our legitimate interests according to Article 6 (1) (f) GDPR, namely:

  • for making our website available,
  • for maintaining the technical stability and security of our website, including the detection and removal of service interruptions (e.g., by blocking a denial-of-service-attack that is caused by a certain IP address),
  • for statistical analysis of the use of our website for the purpose of its customization and improvement, and
  • for examination in the event of well-founded reasons to suspect an unlawful use (e.g., in the event of a suspected libel and slander in an online publication made available by us or fraud in connection with the registration for our services).

The aforementioned data is collected automatically when you access our website. You have the right to object to the processing of your data on the basis of our legitimate interests according to Article 6 para. 1 sentence 1 letter f GDPR at any time. Please note that our website cannot be used if you object to the processing of this data. Should you object to the processing of this data, either manually or by means of settings in your browser, our website may not be usable in whole or in part.

We do not use this data for the purpose of drawing conclusions regarding your identity as a visitor to our website, except when there are well-founded reasons to suspect an unlawful use. The collected data will be deleted at regular intervals or fully anonymized by deleting at least certain parts of the IP address.

2.2      Cookies

On our websites we use cookies and similar technologies which assign an identification code to your computer. Cookies are small text files (with an identification code) that are stored on the visitor’s computer when a website is accessed. Being text-only files, cookies cannot contain viruses or other malware.

Cookies help to make websites more comfortable, efficient and secure. We use both, transient and persistent cookies:

  • Transient cookies will be automatically deleted when you close the browser. These are, in particular, session cookies. They store a so-called session ID that can be used to attribute various inquiries made by your browser to just one session. This allows us to recognize your computer when you return to our website. Session cookies are deleted when you log off or close the browser. For instance, a session cookie can be used to keep you logged into your account until you log out.
  • Persistent cookies will be stored beyond a browser session, but automatically deleted upon the expiration of a predefined term which may vary depending on the type of cookies. In addition, you may delete the cookies in the system security setting of your browser at any time.

Generally, we do not use cookies to draw conclusions regarding your identity, but only to identify your computer for the purposes described above. In certain cases, the user may also be identified if it enters its contact data on our website while a session cookie is placed (e.g., when registering for an account).

We process the data related to technically necessary cookies on the basis of our legitimate interests according to Article 6 (1) (f) GDPR, namely to ensure the technical operation and security of our website, for the purpose of ensuring the functionality of our website. Consent is not required for the use of technically necessary cookies, and you cannot withdraw your consent for the use of such cookies in our cookie consent tool (“cookie banner”).

We only process data in connection with analytical and marketing cookies if you have given us your consent to set such cookies in the context of our cookie banner. The legal basis in this respect is Article 6 (1) (a) GDPR. This data is used for the statistical evaluation of the use of the website with the aim of demand-oriented design and improvement (analytical cookies) and the integration and provision of certain functions.

You have the right to withdraw your consent to the processing of your data at any time and object to the processing of your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR at any time with effect for the future. You can do so, for example, by adjusting your browser settings. Most browser allow users to receive a warning before a cookie is stored, allow users to completely refuse the acceptance of cookies and/or to delete existing cookies subsequently. However, the usability of the website may be limited due to these settings. If you wish to withdraw your consent or object to the processing of your data on the basis of our legitimate interests in connection with cookies, you can either decline the placing of such cookies in our cookie banner or disable the acceptance of cookies in your browser settings.

2.3      Newsletter

On our website we offer interested users the possibility to subscribe to our newsletter. If you opt in, you will receive regular information from us via email. We use an external provider for this purpose, which may use web beacons in the emails sent. Web beacons are small, invisible graphics that can be embedded in emails to track open rates and clicks on links in the emails. The processing of personal data for the purpose of sending the newsletter is based on your consent (Article 6 (1) (a) GDPR). We collect and store your e-mail address as well as your name and other data if you have provided them voluntarily. This data is used exclusively for the purpose of sending the newsletter and, if applicable, for evaluation via named web beacons by means of the service provider used and is never provided to additional third parties. At any time, you have the option to unsubscribe from the newsletter by using the unsubscribe link in each newsletter e-mail or by contacting us using the contact options provided.

2.4      The Contact form and other forms of inquiries

If you contact us via our contact form or by email, we will process the data you provide for processing your inquiry. You need to provide personal data to enable us to process and respond to your inquiry (data marked with “*”), otherwise we cannot respond or may not be able to fully reply to your inquiry.

The legal basis for this data processing is Article 6 (1) (b) GDPR, if the processing of the corresponding data is required for performing a contract or for taking other steps prior to entering into a contract. Moreover, we process your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR, namely to be able to process your request or inquiry properly.

You have the right to withdraw your consent to the processing of your data at any time and object to the processing of your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR at any time with effect for the future.

Your data will be deleted when your inquiry has been fully responded to and if there are no conflicting statutory retention periods that forbid its deletion, such as retention periods under trade or tax law.

2.5      Data processing in the context of job applications

Within the following section we inform you about the processing of your personal data as a part of our application process.

We list open positions on an external career website. If you are interested in our current job advertisements and click the respective link (“Open rolls”) on our website, you will be automatically redirected to this external website. For further information regarding data protection of the service used by us, please see the data protection notice on the respective website of the provider.

Please note that we exclusively consider applications that are submitted via our career website. All applications that reach us by other means will not be processed further. However, personal data will be processed to notify the respective applicant of the use of our career website. Application data that have been submitted by other means then our career website will be deleted after the corresponding notification has been sent. For the conclusion of an employment contract with us, the provision of meaningful application documents is required. We process the following categories of data within our application process to evaluate the suitability for the respective position:

  • General personal data (e.g., name, date of Birth, residency)
  • Contact information (e.g., postal and/or e-mail address, telephone number)
  • Qualification data (educational level/degrees, appraisals, certificates, qualifications)
  • If applicable, further information which you have submitted

We will process the data mentioned above and pass on your data to the employees involved in the application process. Fully automated decision-making does not take place.

The legal basis for the processing of your personal data within the application process is Article 6 (1) (b) GDPR, as the processing of your data is necessary for the implementation of pre-contractual measures, namely the decision on the establishment of an employment relationship. In addition, your data may be processed on the basis of our legitimate interests according to Article 6 (1) (f) GDPR, namely to ensure the proper execution of our application process and the establishment, exercise or defense or legal claims.

You have the right to withdraw your consent to the processing of your data at any time and object to the processing of your data on the basis of our legitimate interests according to Article 6 (1) (f) GDPR at any time with effect for the future.

3       Recipients of personal data

We will only disclose your personal data to external parties, if this is necessary to fulfill the above-mentioned purposes, we are legally obligated to do so, or if you have granted your consent to do so. External recipients may include but are not limited to service providers that we use, for instance in the area of technical infrastructure and for the maintenance of our website and with whom we have concluded agreements in accordance with Article 28 GDPR. These service providers will be carefully selected and process your data exclusively for the purposes indicated by us and in accordance with our instructions. External recipients of your personal data can be in particular:

  • Affiliated companies;
  • Service providers that we use to fulfill the above-mentioned purposes;
  • Business partners (e.g., freelancers);
  • Courts, arbitration tribunals, authorities or legal advisors, if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

4       Third country data transfers

In the event data is transferred to third parties whose registered office, place of residence, or place of data processing is not within a member state of the European Union or the European Economic Area (hereinafter referred to as “third countries”), we will ensure prior transfer of your data that, except for the statutorily permitted exceptions, an adequate level of data protection exists in the third country concerned. In these cases, we will then provide you with separate information on data protection – related to the respective third country transfer – insofar as this is required by law. An adequate level of data protection can be guaranteed, for example, by the conclusion of EU standard contractual clauses or the existence of so-called binding corporate rules (BCR). Please contact us via the contact options provided to you as part of this privacy policy to obtain a copy of the specific guarantees for the transfer of your data to third countries.

5       Storage Period

We will store your personal data only as long as it is required for meeting the purposes mentioned above, unless you have effectively objected to the processing of your data on the basis of our legitimate interests or effectively withdrawn any given consent. In the event of an objection or withdrawal of consent, we will delete your personal data, unless their continued processing is permitted in accordance with the applicable statutory provisions, or even compellingly required (e.g., due to retention periods under trade or tax law). Insofar as statutory retention obligations exist, we will store the data affected by this for the duration of the corresponding retention period.

6       Your rights as a data subject

As a data subject, you have the following rights within the statutory limits:

Right to information (Article 15 GDPR)

You have a right to obtain information about the personal data concerning you that is processed by us.

Right to rectification (Article 16 GDPR)

You have the right to request that we immediately correct inaccurate data and complete incomplete data, provided that the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the erasure of your personal data, provided that the legal requirements are met and in particular if (1) your data is no longer necessary for the purposes stated in this privacy notice, (2) you have withdrawn your consent and there is no other legal basis for the processing, (3) your data has been processed unlawfully or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to request that we restrict the processing of personal data concerning you, in particular if you dispute the accuracy of the data or if the processing of your data is unlawful and you request restriction instead of erasure.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or on the basis of your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have your data transferred to another controller, provided that the legal requirements for this are met.

Right to object (Article 21 GDPR)

You have the right to object to the processing of your data at any time on grounds relating to your particular situation, insofar as the legal basis for our processing of your data is the maintenance of our legitimate interests or the legitimate interests of a third party pursuant to Article 6 (1) (f) GDPR. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

Right of withdrawal (Article 7 para. 3 GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future. This does not affect the lawfulness of the processing until the time of the withdrawal.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. You may exercise this right with a supervisory authority in the member state of your ordinary residence, place of work or place of the alleged infringement or with the supervisory authority responsible for us. The supervisory authority responsible for us is the Icelandic data protection authority – Persónuvernd, Rauðarárstígur 10, 105 Reykjavík, Iceland.

To exercise your rights as a data subject, please contact us using the contact details under “Information about the Controller of the data processing”.

This privacy policy may be subject to change. The current version of this privacy policy applies.

For instructions on how to turn off cookies please find them here.