Privacyverklaring

Privacyverklaring

Information pursuant to Art. 13 General Data Protection Regulation
The Inspire Medical Systems, Inc. (hereinafter "we") is controller of the personal data of our customers, website users and other persons in contractual relationship with us, (hereinafter "you").

Pursuant to Article 13 of the Regulation (EU) 2016/679 (General Data Protection Regulation) ("GDPR "), we are obliged to inform you as follows when collecting your personal data:
 

General Information pursuant to Art. 13 GDPR

Contact data of the controller
Inspire Medical Systems, Inc.
5500 Wayzata Boulevard, Suite 1600                                                      
Golden Valley, MN 55416
United States of America

phone: + 1 763-205-7970
email: [email protected]

Contact data of the controller’s data protection officer
Inspire Medical Systems, Inc.
5500 Wayzata Boulevard, Suite 1600                                                      
Golden Valley, MN 55416
United States of America

phone: +1 763-290-0900
email: [email protected]

Contact data of the controller’s representative in the European Union
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland


Data categories, purposes and legal basis for processing your personal data as well as transfer of your personal data:

  • If you use the websites of Inspire Medical Systems, Inc.
  • If you are in a speaker’s agreement concerning our proctor and/or preceptor services
  • If you hold a sponsoring contract with us.
  • If you are in another contractual relationship with us.

 

Transfer of data to entities outside the European Union
Our head office is located in the United States of America. Whenever we enter into contracts that affect personal data of European citizens or even data subjects just temporarily located in the European Union, e.g. by signing agreements with European Union service providers or customers of our services which are located in the European Union, we make sure to establish an appropriate level of data protection within the meaning of Art. 46 ff. GDPR. Therefore, personal data will only be transmitted if the conditions for such transmission under the GDPR are fulfilled (e.g. signing of EU standard contractual clauses with the service provider(s) or customer(s) under Art. 46 (2) c) GDPR). A copy of such EU standard contractual clauses can be requested at any time for your reference at our data protection officer, whose contact information are indicated above.

However, sometimes, we can’t provide for such suitable guarantees within the meaning of Art. 46 GDPR to establish an appropriate level of data protection. In these cases, the legal basis for the transfer is your express consent, Art. 49 (1) a) GDPR. Such situations might lead to the risk that your rights cannot be fully protected in the United States of America. For example, access by authorities might not be prevented to the same extent as it would be within the European Union. It is also possible that government agencies in the United States of America will not fully comply with their obligations to provide information. You will be expressly informed in the respective consent form whether the data transfer to the United States of America shall be based on your consent.

Duration of data storage
We store your personal data as long as this is necessary for the execution of the contract and, in addition, as long as we are legally obliged to do so. For example, we are required by law to keep records for tax purposes (e.g. pursuant § 147 Abgabenordnung) and for accounting purposes (e.g. pursuant § 257 Handelsgesetzbuch). The retention periods are six to ten years. Insofar as we are legally obliged to store the personal data, it is stored in a limited form for your protection. If the personal data are no longer required for the fulfilment of contractual or legal obligations, the personal data will be deleted in accordance with our deletion concept.

Your rights
You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), to be forgotten (Art. 17 GDPR), to restriction of processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR).

In addition, you have the right to object under Art. 21 GDPR in the context of processing based on Art. 6 (1) f) GDPR.

If you have given us your consent to process personal data for specific purposes, this consent is the legal basis for processing your personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can be made without form and should be addressed to:

Inspire Medical Systems, Inc.
DPO
5500 Wayzata Boulevard, Suite 1600                                                      
Golden Valley, MN 55416
United States of America
or per email to [email protected]

You have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data is contrary to the GDPR. This right shall be without prejudice to any other administrative or judicial remedy.

Provision of personal data
In contractual relationships we collect your personal data only for the purposes described above, i.e. insofar as this is necessary for the proper execution of the contract. You are not obliged to provide personal data. However, if you do not provide any personal data, the contract cannot be fulfilled.

If you give us your consent, we use your personal data solely for the purpose covered by the consent; this purpose is described in detail in the consent text. Consent is voluntary, which means you can give it or not.

If the processing of your personal data is based on legal requirements, there is a provision obligation based on these legal requirements. In order to comply with these legal requirements, we need the necessary information from you, which may contain personal data. If you do not provide us with the necessary information, we will not be able to establish or continue the desired business relationship with you.

If we process your personal data on the basis of our legitimate interests, you may be obliged to make them available on the basis of general obligations of providing assistance. In any case, before processing your personal data, we consider whether the processing is necessary and whether your interests in nonprocessing predominate. In the case of processing based on Article 6 (1) f) GDPR, you have a right to object pursuant to Art. 21 GDPR.

Information on the right to object pursuant to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) f) GDPR (data processing necessary for the purposes of legitimate interests). Further information on our data processing and on which legal regulation we base them in each case can be found in our specific data protection information further down in accordance with Art. 13, 14 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made free of charge and form and should be addressed to

Inspire Medical Systems, Inc.
DPO
5500 Wayzata Boulevard, Suite 1600                                                      
Golden Valley, MN 55416
United States of America
or per email to [email protected]

 

Specific information pursuant to Art. 13 GDPR

If you use the websites of Inspire Medical Systems, Inc

When you use our website just for informational purposes
If you do not register with us or otherwise provide us with information, we process only the personal data that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page) and the access status/HTTP status code. This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website.

We only store such personal data over the term you are visiting our website. As soon as you are leaving our website, we delete the personal data.

The legal basis for such processing is Art. 6 (1) f) GDPR.

When you register on our website for receiving our newsletter
Some services, such as our newsletter service, require you to submit personal data via our website. Personal data that we collect upon registration include your full name and your e-mail address. We process the personal data you provide us only for the purpose of our newsletter service. The provision of this personal data is voluntary on the basis of your consent that you are free to give or not to give during the registration. However, if you do not wish to submit this information, we cannot provide you with our newsletter.

We store your personal data for as long as you wish to receive our newsletter. As soon as you unsubscribe, the purpose for data storage no longer applies and we delete your personal data subsequently, subject to legal retention periods which apply.

The legal basis for such processing is Art. 6 (1) a) GDPR.

When you contact us via our contact form
When you contact us via a contact form, the personal data you provide us with (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.

We will delete the personal data once they are is no longer required to be stored for contact purposes, or restrict processing if there are legal storage obligations.

The legal basis for such processing is Art. 6 (1) b) GDPR.

Cookies
Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the site that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.

General Types of Cookies (Background)
Cookies may appear in the form of session-cookies which store a socalled session ID (your website visit until you close your browser as one “session”). The session ID can be used to assign various requests from your browser to the session. This enables your computer to be recognized when you navigate through our website and its subpages which facilitates for example filling out forms or enables us to remind your preferred language settings. Session-cookies are deleted when you close your browser.

Another type of cookies are persistent-cookies which are automatically deleted after a specified period, which may vary depending on the cookie. You can also delete persistent-cookies at any time in the security settings of your browser.

First party-cookies are owned and placed by ourselves, whereas third party-cookies are owned and placed by a third party. Third party-cookies are typically placed by that third party for advertising purposes. In the case of third party-cookies, data is transmitted and collected via other websites so that third parties have access to it.

We use the following types of cookies:
Functional cookies: These cookies enable our website to remember the decisions you have made (e.g. your language or the region in which you live, your consent, text that you typed in our contact form) in order to offer you a more personalized online experience.

Functional cookies which we use on our website:

  • inspiresleep-sticky-counter
    This cookie helps us to ensure that our website visitors have informed themselves well on our website prior to receive further information by calling one of our medical centers. The cookie counts the amounts of clicks on one of our website subpages that you did. As soon as it counts four clicks you will find a little bottom on the right side of our website with the symbol of a mailbox and a telephone to receive further information. Data that the inspiresleep-sticky-counter stores contains only numbers and timestamps. The cookie is a first party persistent cookie (explanation see above under “General Types of Cookies (Background)”).
    This cookie will be deleted after 24 hours.
     
  • Cookie consent Cookie
    This cookie reminds us if you accepted the use of cookies on our website or not. Data that the cookie consent cookie stores contains only numbers and timestamps. The cookie is a first party persistent-cookie (explanation see above under “General Types of Cookies (Background)”).
    This cookie will be deleted after 12 months.
     
  • php session ID
    This cookie is used to save your preferred settings during your website visit (your session) so that they can be made available immediately when you navigate through the various subpages. These can be, among other things, the language settings or another preference. It also serves to facilitate filling out our contact form. Data that the php session ID cookie stores contains the individual session ID.
    The cookie is a first party session-cookie (explanation see above under “General Types of Cookies (Background)”).
    This cookie will be deleted when the browser is closed.

Legal basis for our use of all three cookies set out above is your consent, Art.6 (1) lit. a) GDPR. At the beginning of your visit of our website, we will inform you about all cookies used by us. By further staying on our website or clicking the OK button in the cookie-banner you declare your consent to us.

  • Cloudflare Cookies
    This cookie is used to confirm that the website visitor comes from a known and trusted device, even if you are visiting our webpage from a potentially unsafe network (such as an internet cafe). With the Cloudflare service, we make our websites faster and safer. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.
    The cookie is a socalled third party persistent-cookie (explanation see above under “General Types of Cookies (Background)”).
    This cookie will be deleted after 12 months.

Legal basis for our use of the Cloudflare cookie is Art.6 (1) lit. f) GDPR. We have a legitimate interest in ensuring the IT security of our website to identify criminal activities and to speed up loading times in order to remain competitive. In the same time we carefully take into account your interests in not processing your personal data. You have the right to object under Art. 21 GDPR in the context of processing based on Art. 6 (1) f) GDPR.

Tracking Cookies
These cookies help us to understand how you interact with our website by providing data about which websites or search terms navigated you to our website, how long you typically stay on our website or how many subpages you visit on average. We use this information to improve the content of our website and to compile statistics for internal market research purposes about the individual use of our website.

  • We use Google Analytics’ on our website as a third party tracking cookie.
    We use the web analysis service Google Analytics. The contact data of the provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
    Google Analytics places a tracking cookie on your computer. The information (including your IP address as personal data) generated by the tracking cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. Google places the cookies (1) _dc_gtm_UA-19063362-5 and _gat for a duration of just 1 minute, (2) the cookie _ga for a duration of 2 years and (3) the cookie _gid for a duration of 24 hours. However, as this website uses Google Analytics with the extension "anonymizeIp()", prior to transmitting the information, your IP address as personal data will be shortened by Google within the European Union/European Economic Area. Only in exceptional cases, the full IP address will be transmitted to a Google server and shortened only within the territory of the United States.

    Google uses the generated information on our behalf to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage. We therefore use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google is EU-US Privacy Shield certified and therefore provides adequate safeguards to protect your personal data (https://www.privacyshield.gov/EU-US-Framework).

    As mentioned above, this website uses Google Analytics with the extension "anonymizeIp()". This means that IP addresses are shortened for further processing and that it is not possible to identify you as a person. As far as the data collected includes personal data about you, that personal data is immediately deleted. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data.

    Legal basis for our use of Google Analytics is your express consent for which we ask you at the beginning of your website visit; Art.6 (1) lit. a) GDPR.

    For more information on how Google Analytics uses personal and general user data, please refer to Google's privacy policy:
    https://support.google.com/analytics/answer/6004245?hl=en

    You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.

We have concluded a commissioned data processing agreement with Google to comply with the requirements of the German data protection authorities for the use of Google Analytics.

We use Google Analytics via the Google Tag Manager which is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool just triggers other tags of Google, such as of Google Analytics.


Recipients if you use our website

  • Website-provider
  • Other IT service providers
  • For the tracking cookie “Google Analytics”: Google Inc.
  • For the cookie “Cloudflare”: Cloudfare, Inc. and affiliates


If you are in a speaker’s agreement with us concerning your proctor and/or preceptor services

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

We process your personal data (such as your surname, first name, employer, function, fields of work/science, practical experience, address, email address and your bank account details) for the execution of our contracts with you. If we are engaging you for proctor and/or preceptor services that you will provide to our customers, we will only process your personal data for the fulfilment of such contracts.

Recipients

  • Hospitals
  • Doctors
  • Patients
  • IT service providers


If you hold a sponsoring contract with us

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

We process your personal data which we need for the execution of our sponsoring contracts with you. As part of our sponsoring activities, we support certain businesses, amongst others trade fairs, clinic events, certain patient information groups. If we choose to sponsor your business, we process personal data that we require for the execution of the sponsoring contract. This includes amongst others surname and first name of your single point of contact, address, e-mail address and your bank account details.

Recipients

  • Operators of trade fairs, clinic events
  • Patient information groups
  • IT service providers


If you are in another contractual relationship with us.

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

We process your personal data which we need for the execution of our contracts with you. If we intend to make you an offer about our Inspire Medical Services, we process personal data of you that we require for the execution of the contract. This includes amongst others surname and first name of your single point of contact, address, e-mail address and your bank account.

Recipients

  • IT service providers


On the basis of our legitimate interest, Art. 6 (1) f) GDPR

We have a legitimate interest in ensuring that our association, which aims to promote science and pass on new findings and research results in the fields of sleep apnea, continues to operate at a high scientific level. A processing of personal data is partly based on the following legit-imate interests:

Receivers

  • To assert and defend legal claims.

  • Data is exchanged within associated companies for internal organizational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.

  • For the prevention and investigation of criminal offences.

  • To guarantee our network and information security (IT security).


Heeft u vragen over Inspiratietherapie?

Volgt u Inspire Sleep via onze sociale media kanalen.