Security & privacy
We are happy about your interest for Amoena. The protection of your privacy is for us an important concern. Therefore we undertake everything that is in our power to ensure that your data is with us as secure as possible. Below we want to give you comprehensive information about how we handle your personal data, that we collect online through our websites and online services including but not limited to www.amoena.co.uk b2b.amoena.com/uk & www.amoena.com/uk-en/ and about your rights.
1. Our Data Protection Principles
The protection of personal data has a high priority in our company. We are therefore acting in line with the data protection and data security laws and regulations. Below you can learn what data we collect, how this data is processed and to which entities or third parties we possibly transfer your data.
2. Responsibility for the Protection of Your Personal Data
Subsequently you can find out, which data we process through our websites. Personal data means any information that relates to you personally, such as name, postal address, email-address, user behavior. Controller as defined by Art. 4 para 7 of the General Data Protection Regulation (GDPR) is Amoena Medizin-Orthopädietechnik GmbH (Amoena), Kapellenweg 36, 83064 Raubling, Germany, info.de(at)amoena.com. You can contact our data protection officer per email at datenschutz(at)amoena.com. Please check for further contact details our imprint.
3. Collection, Processing and Use of Personal Data
3.1 While visiting our web presence, without registration or otherwise transmitting information to us, we collect only the personal data that your browser transfers to our server. We collect for that matter the following data that is technically necessary for the provision of our online services and in order to ensure their stability and security (the legal basis is Art. 6 para 1 sentence 1 lit. f GDPR):
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (precise site)
- status of the access/HTTP-status code
- appropriate amount of transferred data
- website from where the request originates
- operating system and its version
- language and version of the browser software.
3.2 In addition we collect through our online services further data that you provide us freely (the legal basis is Art. 6 para 1 sentence 1 lit. b or lit. f GDPR). That is the case:
a) Through our contact form. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR):
- compulsory information: first and last name, email-address
- optional: telephone number
b) Through registration to the Amoena newsletter. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. a GDPR):
- compulsory information: first and last name, email-address, country
- optional: birth date
In order to be able to send you our newsletter in line with data protection law we need an available email-address as well as information, that allows a verification that you are the real owner of the email-address and accordingly that the owner of the email-address agrees with the reception of the newsletter. For this reason we use for the newsletter registration a double-opt-in-procedure. We therefore send you after registration to our newsletter an email asking you to confirm, that you wish to receive the newsletter. Your information will be restricted until you do confirm and deleted automatically after 3 months if you have provided no confirmation. Moreover we save your IP-address and the point in time of your registration, to be able to prove your registration and if necessary to clarify a possible misuse of your personal data.
You can withdraw your consent for the reception of the newsletter at any time. You can declare your withdrawal either through clicking the "Unsubscribe" link in every newsletter or through sending us an email at [firstname.lastname@example.org] or sending us a message at the contact details from our imprint. You may cancel your Amoena online account by notifying us: email@example.com. We are registered with the Information Commissioner's Office under the Data Protection Register and our registration reference is Z5258674.
The technical execution of the newsletter provision is carried out by our partner eMarsys. For this purpose eMarsys receives the above data, that you provide us through the newsletter registration.
c) through registration for Amoena training. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR): • indication of the training, fixed date, first- and last name of the participant, company, email-address of the participant, name of the person who makes the enrolment, state of knowledge (first-time user, re-entry, refreshment)
d) through warranty claims. At this point we collect the following data through the "End Consumer Breast Form Warranty" (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR and Art. 9 para 1 lit. f GDPR): name, postal address, telephone number as well as surgical information.
e) through the registration for the provision of the Amoena Catalogue. At this point we collect the following data (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR): name, postal address.
f) through booking breast form or bra appointments at our Chandlers Ford shop, (the legal basis is Art. 6 para 1 sentence 1 lit. b GDPR): name, email address, telephone number.
4. Retention Period
We save your data for as long as needed or permitted according to the purposes for which it was obtained. Thereafter we delete your data or restrict the processing, in case legal obligations for archiving exist.
Our web presence is not directed to individuals under the age of sixteen (16), therefore we do not knowingly collect personal data from individuals under 16.
6. Transfer to Third Parties
6.1 We do not transfer your personal data to third parties for other as the below named purposes. We transfer your personal data, if and when
- you provide us your explicit consent as required by Art. 6 para 1 sentence 1 lit. a GDPR,
- processing is necessary for the purposes of the legitimate interests pursued by us or by the third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para 1 sentence 1 lit. f GDPR,
- in case processing is necessary for compliance with a legal obligation to which we are subject as determined by Art. 6 para 1 sentence 1 lit. c GDPR, as well as
- this is lawful and necessary for the performance of a contract with you (Art. 6 para 1 sentence 1 lit. b GDPR).
6.2 It might happen that we engage external service providers with the processing of your personal data on our behalf. These have been carefully chosen and commissioned, are bound to our instructions and are being regularly supervised.
6.3 Moreover we may transmit your personal data to third parties, if and when we provide promotions, competitions, contracts or other similar services together with our partners. You will receive further detailed information at the point of collection of your data.
6.4 As far as our service providers or partners are located in a country outside of the European Union or the European Economic Area (EEA) we will inform you in time in the description of the respective offering.
7. Objection against or Withdrawal of the Processing of your Personal Data
7.1 In case you provided us your consent for the data processing, you can withdraw this at any time. The withdrawal does not influence the lawfulness of the data processing until such a withdrawal.
7.2 As far as we legitimise the processing of your personal data on the balancing of interests you are entitled to object to the respective data processing. This is especially the case, if and when the processing is not intended for the purpose of fulfilling a contract with you. This will be indicated respectively in the description of the certain online service. Whilst executing such an objection we will ask you to explain your reasons why you believe that we should not process your personal data in the manner we do. In case of a justified objection we will investigate the factual and legal position and either adapt, stop the data processing or show you our compulsory reasons that enable us to further process your personal data.
7.3 As a matter of course you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can send us your advertising objection to datenschutz(at) amoena.com.
This website uses transient cookies and persistent cookies. Transient cookies are automatically deleted, after you close your browser. To this count especially the session-cookies; these save a so called session-ID, that allows attributing different requests of your browser to a joint session. In this way your computer can be recognised when you come back to our website. Persistent & session cookies will be deleted automatically after a certain pre-defined period of time that may differ as to the nature of the cookie used.
You have in any case the possibility to refuse the recording of non-essential cookies on your computer by visiting the cookies page, there you can configure your cookie options and see the categories of cookies we use. We and our relevant partners use the usage information only internally for the purpose of improvement of the quality of our contents, services and support.
You can also prevent the storage of cookies on your device through a certain setting in your browser software; in this case please be aware of the fact that not all functions of our website might be available to the full extent. Furthermore you may prevent the collection of your data relating to the usage of our website including your IP-address through the Google-cookies and their transfer to Google by downloading and installing the following Browser-Plug-in on your device: http://tools.google.com/dlpage/gaoptout?hl=en.
9. Web analysis through analytics
This website uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses so called „cookies“, being text files that are saved on your device and that allow an analysis of the use of our websites. The information about the use of our website that is generated through the cookie will be regularly transferred to and saved on a server of Google located in the US. This website uses Google Analytics with the extension „_anonymizeIp()“. Thus the IP-addresses are processed in an abbreviated form, so that a relation to a specific person is not longer possible. The IP-address that is transferred by your browser in relation to Google Analytics will not be consolidated with other data from Google. On behalf of the operator of this website Google will use this information, to analyse the usage of this website, to compile reports on the website-activites and to provide further services to the operator of this website in relation with the further usage of the website and the internet.
We use Google Analytics, for the purpose of analysing the use of our online services and of regularly improving it. The generated statistics help us to improve our offerings and to design them more interesting for you. For those exceptional cases in which personal data is transferred to the US, Google has adhered to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.
We also use Matomo Analytics , to analyse the usage of this website, to compile reports on the
website-activites and to provide further services to the operator of
this website in relation with the further usage of the website and the
internet. When you visit our site, we will store: the website from which you
visited us from, the parts of our site you visit, the date and duration
of your visit, your anonymised IP address, information from the device
(device type, operating system, screen resolution, language, country you
are located in, and web browser type) you used during your visit.
10. Social Media
Currently we use the following Social-Media-Plug-ins: Facebook, Twitter and Google+. We thereby use the so called Two-Click-solution. When you visit our online services we at first and generally do not transfer any personal data to the provider of the plug-ins. You recognise the provider of the plug-in through his Logo. We allow you to communicate directly with the provider of the plug-in directly through the button. Only when and if you click on the marked field and activate the plug-in the plug-in provider receives the information that you accessed a certain website of our online services. Besides the personal data that is mentioned above (para. 2) is transferred. In the case of Facebook the IP-adress is anonymised directly after its collection as specified by the respective providers in Germany. Through activating the plug-ins personal personal data is transferred to the respective plug-in provider and stored there (as far as US providers are involved the data is stored in the US). As the plug-in provider collects data especially through cookies, we recommend to delete your cookies by using the security setup of your browser.
We do not have any influence on the collection and processing of personal data through social plug-ins. Also we do not have knowledge about the full extent of the data collection, the purposes of the processing as well as the deletion periods. Also we do not know to what extent data is deleted by the plug-in providers.
The plug-in provider stores your personal data in the form of user profiles and uses this for the advertising and market research purposes and/or for the tailored design of his website. Such an analysis is especially carried out (also for users that are not logged in) for the provision of tailored advertising and to inform other social media users about your activities on our website. You have the right to object the creation of this user profiles. In doing so you have to address the respective plug-in provider. Through this plug-ins we give you the opportunity to interact with the social networks and other users, in order to improve our offerings and make them more interesting for you. The legal basis for the use of plug-ins is is Art. 6 para 1 sentence 1 lit. f GDPR.
The data is transferred regardless of the fact whether you possess an account with a plug-in provider and are logged in. In case you are logged in all data that is collected on our website is assigned to your account. When you activate the plug-in button and i.e. link a website, the plug-in provider also stores this information in your account and shares this information publicly with your social media contacts. We recommend to log out regularly after the use of a social media network especially before activating the plug-in button on our website thus preventing the assignment to your profile at the plug-in provider.
You may obtain further information regarding purpose and extent of the collection and processing of data through the plug-in providers in the following privacy policies. There you may also find out more about your rights and set up opportunities regarding the protection of your privacy.
Addresses of the respective plug-in provider with the Link to their privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information regarding data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has adhered to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework. Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has adhered to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
11.1 While ordering products in our webshop (https://www.amoena.com/uk-en/) it is necessary for the conclusion of the purchase contract with you to collect personal data that is used for the handling of your order. The personal data that is compulsory for the handling of your order is marked as such. Further details can be provided by you freely. We process your data for the purpose of execution of your order. As such we may transfer payment data to our bank. The legal basis for this is Art. 6 para 1 sentence 1 lit. b GDPR.
You may freely set up a customer account for the purpose of storing your data for future orders. The data that you provide us under „My Account“ is revocable stored by us.
We may also further process your data, for the purpose of informing you about further interesting products from our portfolio or to send you emails with technical information. Thus, as webshop customer you may receive our catalogue up to three times a year.
11.2 In terms of commercial and tax law we are obliged to store your address, payment and order data for a period of ten years. However we restrict the processing of your data after three years that is your data remains stored for reasons of compliance with the above named archiving obligations.
11.3 In order to prevent unauthorised access of third parties to your payment data, we use a fully PCI compliant partner ( Secure Trading ) and no Amoena employees have access to your full card details.
12. Data Security
Amoena has in place technical and organisational measures to ensure that your personal data is protected against accidental or unlayful deletion, change or loss and against unlawful transfer or disclosure.
13. Your rights
13.1 In addition to the above named rights you further have the following rights in relation to the processing of your personal data through your use of our online services: - Right of access to the personal data, - Right to rectification and erasure, - Right to restriction of processing, - Right to object a data processing, - Right to data portability.
13.2 Besides you have the right to lodge a complaint with a supervisory authority if you consider that processing of your personal data through us infringes the the GDPR.
Amoena is not responsible for the data protection of other websites to which we link from our online services. 15. Your Contact
Amoena (UK) Ltd.
We use SSL (Secure Socket Layer ) technology to allow you to enter your order and credit card details securely. When you place your order, a padlock will appear on the bottom of the screen and the web address will show https:// at the beginning.
Encryption occurs on your PC and is only decrypted once your order has reached our server. At no stage is the transaction decrypted whilst it travels over the internet.
Amoena UK never passes your details on to anyone else. Cookies are only used on this shopping site to keep track of the contents of your shopping basket once you have selected an item.
Avoiding fraud: We will never ask you to send your card details by email or by post and we will not ask you to speak your card details over the telephone. If we have a query about payment for you order we will send an email asking that you call us or will call you direct.
Credit card security
Amoena UK utilize tokenisation technology to eliminate both the need for us to transmit sensitive card details over The Internet and the need for our customers to repeatedly enter their debit and credit card details.
When you place an order online with us, your card details are securely held with our payment providor Secure Trading who are fully PCI compliant. Amoena UK and its staff never have access to or sight of your card information, only to a token that references it this is used in place of the card number for all refunds or repeat transactions.
If you call us to place your order over the telephone will ask you to use the keypad of your telephone to enter your cards details, you do not need to speak your card details and reveal them to us. When you use your phone to enter your card information we only hear a flat tone we do not hear the tones made by the keypad of you phone. By not asking you to speak your card details, your information stay even more secure from potential evesdropping.