A. Privacy Policy in accordance with GDPR


I. Name and address of controller

The controller within the meaning of the General data Protection Regulation (GDPR) and other national data protection laws of the member states and other data protection regulations is:

SCHWIND eye-tech-solutions GmbH 
Mainparkstrasse 6-10 
D-63801 Kleinostheim
Telefon: +49 (0) 6027 508 0
Email: info@eye-tech.net
Website: https://www.eye-tech-solutions.com/

II. Name and address of data protection officer

The data protection officer of the controller is:

You can contact the data protection officer of the controller at:
Data protection officer 
SCHWIND eye-tech-solutions GmbH 
Mainparkstrasse 6-10
D-63801 Kleinostheim   
Email: datenschutzbeauftragter@eye-tech.net 
Telephone: +49 (0) 6027 508 249 

III. General information on data processing

1. Scope of the processing of the personal data

We generally only process the personal data of our users insofar as necessary for the provision of a functioning website as well as our contents and services. The personal data of our users is routinely only processed with the user’s consent. Situations where it is genuinely impossible to obtain consent prior to processing the data and such processing is permitted by law form an exception to this rule. 

2. Legal basis for the processing of personal data

In the event of us obtaining consent from the data subject for the processing of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. Art. 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a contract to which the data subject is a contracting party. This also applies to processing activities required for the performance of pre-contractual measures. Art. 6 (1) lit. c GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a legal obligation to which our company is subject. Art. 6 (1) lit. d GDPR serves as the legal basis in the event of vital interests of the data subject or another natural person making it necessary to process personal data.

If data needs to be processed to maintain a legitimate interest of our company or third party and this interest is not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing. 

3. Data erasure and storage period

The personal data of the data subject is erased or blocked as soon as the purpose for its storage ceases to exist. The data may be stored for longer periods if stipulated by European or national legislation in EU regulations and directives, laws or other regulations to which the controller is subject. The data is also blocked or erased upon expiry of a storage period stipulated in one of the above standards, unless the storage of the data remains necessary for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system. 
The following data is collected in this case:

  1. Information on the browser type and version
  2. The user’s operating system
  3. Referrer URL
  4. Host name of the accessing computer
  5. User’s IP address
  6. Date and time of access

The data is also stored in the log files of our system. This does not apply to the user’s IP address or other data that makes it possible to allocate the data to one specific user. This data is not stored together with other personal user data.

2. Legal basis for data processing 

Art. 6 (1) lit.f GDPR is the legal basis for the temporary storage of data. 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to make it possible to transmit the website to the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose. 

These purposes also constitute our legitimate interest in processing of the data in accordance with Art. 6 (1) lit. f GDPR.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for the provision of the website, this is the case once each session has ended. 

5. Option to object or erasure

The collection of the data is crucial for the provision of the website and the storage of the data in log files for the operation of the website. The user therefore does not have any option to object. 

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the browser and/or by the browser on the user’s computer. A cookie may be stored on the user’s computer when the user accesses a website. This cookie contains a distinctive character sequence that makes it possible to clearly identify the browser when the website is accessed again. 

You can largely decide which technologies we may employ. Some of them are technically necessary to ensure that our website functions properly. Others will only be used by us with your consent. Click here to read all the necessary information:

You can change the settings at any time there, e.g. withdraw your consent with future effect.

VI. Newsletter

1. Description and scope of data processing

You can subscribe to a free of charge newsletter on our website. When you subscribe to the newsletter, the data from the input mask is transferred to us:

  • salutation
  • title
  • forename
  • surname
  • email address
  • country
  • language
  • distributor/user specification

The following additional data is collected during the subscription process:

  1. Date and time of subscription

Your consent for the processing of the data is obtained and reference made to this Privacy Policy during the subscription process.

The data is not transferred to third parties in connection with the processing of the data for the sending of newsletters. The data is used exclusively for sending the newsletters.

2. Legal basis for data processing

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data upon the user subscribing to the newsletter if the user has given consent.

3. Purpose of data processing

The user’s email address is collected in order to send the newsletter. 

The other personal data is collected during the subscription process in order to prevent misuse of the services or email address used.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. The user’s email address is therefore stored for as long as the user subscribes to the newsletter. 

The other personal data collected during the subscription process is generally erased after seven days.

5. Option to object or erasure

The affected user can unsubscribe from the newsletter at any time. An unsubscribe link is included in every newsletter. 

This also makes it possible to withdraw consent to the storage of the personal data collected during the subscription process.

VII. Registering for the SCHWIND portal

1. Description and scope of data processing

Users can register on our website. To do so, they need to provide personal data. The data is entered in an input mask, transferred to us and stored during this process. The data is not transferred to third parties. The following data is collected during the registration process:

  1. Email address
  2. Salutation (gender)
  3. Title (voluntary information)
  4. Forename
  5. Surname
  6. Job description
  7. Primary email address
  8. Alternative email address (voluntary information)
  9. Business phone number (voluntary information)
  10. Mobile number (voluntary information)
  11. Name of company/clinic/surgery
  12. Country
  13. City
  14. Post code (voluntary information)
  15. Federal state/county (voluntary information)
  16. Street/address (voluntary information)
  17. Company website (voluntary information)
  18. Company phone number (voluntary information)
  19. Laser serial number (voluntary information)

The following data is also collected when registering:

  1. Date and time of registration

Consent to the processing of this data is obtained from the user during the registration process.

2. Legal basis for data processing 

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.

3. Purpose of data processing

The user has to register for accessing certain contents and services on our website. The contents of the SCHWIND portal are aimed exclusively at our SCHWIND users and sales partners.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration is withdrawn or amended on our website.

5. Option to object or erasure

As a user, you can cancel your registration at any time. You can request for your personal data stored to be modified at any time. 

You can manage your data yourself within the portal in the "My Account" area. If you wish to delete your account, please inform us by e-mail.

VIII. Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form that can be used for making contact via this electronic medium. If a user uses this option, the data entered in the input mask is transferred to, and stored by, us. This data comprises:

  1. Salutation
  2. Title
  3. Forename
  4. Surname
  5. Clinic/ company
  6. Telephone
  7. Email
  8. Country
  9. Message

The following data is also collected when sending the message:

  1. Date and time of message

Your consent for the processing of the data is obtained and reference made to this Privacy Policy when sending the message.

Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted in the email is stored. 

The data is not transferred to third parties in this case. The data is used exclusively for processing the conversation.

2. Legal basis for data processing 

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.

Art. 6 (1) lit. f GDPR is the legal basis for the processing of the data which is transferred during email transmission. If contact is made via email in order to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

3. Purpose of data processing

The personal data entered in the input mask is processed exclusively for processing the contact. If contact is made via email, this also constitutes the required legitimate interest in processing the data.
The other personal data processed during the message sending process serves to prevent misuse of the contact form and ensure the security of our IT systems.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. For the personal data from the input mask of the contact form and the personal data sent via email, this is the case when the respective conversation with the user has been concluded. The conversation has been concluded when the circumstances show that the matter in question has been clarified in full and final. 

The additional personal data collected during the message sending process is erased no later than after seven days.

5. Option to object or erasure

The user may withdraw their consent to the processing of the personal data at any time. If the user contacts us via email, the user may object to the storage of their personal data at any time. In this case, the conversation cannot be continued.

Please inform us in writing, by post or e-mail if you wish to object to the storage of your personal data.

All personal data stored during the contacting process is deleted in this case.

IX. Web analysis

Click here to read all the necessary information on web analysis: 

Jump to V. Use of cookies

You can modify the settings at any time there, e.g. you can withdraw your consent with future effect and/or object to the use of the web analysis tool by deactivating it.

X. Rights of the data subject

If your personal data is being processed, you are the data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right to information

You can request confirmation from the controller if your personal data is being processed by us. 

If such processing is taking place, you can request the following information from the controller:

  1. purposes of the processing of the personal data;
  2. categories of the personal data that is being processed;
  3. recipients and/or categories of recipients to whom your personal data has been, or will be, disclosed;
  4. planned storage period of your personal data or, if specific information cannot be provided regarding this question, criteria for determining the storage period;
  5. existence of the right to rectification or erasure of your personal data, the right to restriction of processing by the controller or the right to objection against the processing; 
  6. existence of the right to complain to a supervisory authority;
  7. all available information about the origin of the data if the personal data has not been collected from the data subject;
  8. existence of automatic decision making, including profiling in accordance with Art. 22 (1) and (4) GDPR, and, at least in these cases, pertinent information about the logic involved as well as the reach and intended effects of such processing on the data subject.

You have the right to request information if your personal data is transferred to a third country or international organisation. In this context, you may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

This right to information may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

2. Right to rectification

You have the right to rectification and/or completion against the controller if your personal data that is being processed is incorrect or incomplete. The controller must rectify the data immediately.

This right to rectification may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

3. Right to restriction of processing

You may request for the processing of your personal data to be restricted in the following circumstances:

  1. if you dispute the accuracy of your personal data for a period that enables the controller to check the accuracy of the personal data;
  2. if the processing is illegal and you reject the erasure of the personal data and instead request for the use of your personal data to be restricted;
  3. if the controller no longer requires the personal data for the purpose of its processing, but you need it for asserting, enforcing or defending legal claims, or
  4. if you object against the processing in accordance with Art. 21 (1) GDPR and it has not yet been established if the legitimate interests of the controller outweigh your legitimate interests.

If the processing of your personal data has been restricted, this data may, with the exception of its storage, only be processed with your consent or for the assertion, enforcement or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interests of the European Union or one of its member states.

If the restriction of the processing has been restricted according to the above conditions, you will be informed by the controller before rescinding the restriction.

Your right to restriction of processing may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

4. Right to erasure

a) Erasure obligation

You may request for the controller to erase your personal data immediately. In this case, the controller must erase this data immediately if one of the following reasons applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing is based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing. 
  3. You object to the processing in accordance with Art. 21 (1) GDPR and there are no other overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR. 
  4. Your personal data was processed illegally. 
  5. Your personal data has to be erased in order to fulfil a legal obligation under EU law or the law of one of its member states to which the controller is subject. 
  6. Your personal data was collected in connection with services offered by the information provider in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has published your personal data and is obliged to erase it in accordance with Art. 17 (1) GDPR, the controller shall, whilst taking into consideration the available technology and implementation costs, take reasonable measures, including technical measures, to inform all persons responsible for the processing of the personal data of the fact that you, the data subject, have requested the erasure of all links to, or all copies or duplicates of, this personal data. 

c) Exceptions

The right to erasure does not exist if the processing is required

  1. for exercising the right to free speech and information;
  2. for fulfilling a legal obligation which requires the processing in accordance with the laws of the EU or one of its members states to which the controller is subject or for exercising public powers that have been transferred to the controller;
  3. for public health interests in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;
  4. for archiving purposes that are of public interest, scientific or historic research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right stated in paragraph a) is likely to make the fulfilment of the purposes of this processing impossible or would seriously impair it, or
  5. for the assertion, enforcement or defence of legal claims.

5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the latter must inform all recipients to which your personal data has been disclosed of the rectification or erasure of this data or restriction of its processing, unless this proves to be impossible or would incur unreasonable expenses.

You have the right against the controller to be informed about these recipients.

6. Right to data portability

You have the right to be given your personal data that you provided to the controller in a structured, standard and machine-readable format. You further have the right to transfer this data to another controller without the controller who was entrusted with the personal data attempting to stop you, if

  1. the processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or a contract in accordance with Art. 6 (1) lit. b GDPR, and
  2. the data is collected using automatic processes.

When executing this right, you further have the right to effect that your personal data is transferred directly from one controller to another, insofar as this is technically possible. This must not impair the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data required for the fulfilment of a task that is in the interest of the public or a task that is performed in execution of public powers that have been transferred to the controller.

7. Right to object

You have the right to object at any time against the processing of your personal data in accordance with Art. 6 (1) lit. e or f GDPR for reasons arising from your particular situation. This also applies to any profiling based on these provisions. 

The controller shall no loner process your personal data, unless the controller can provide evidence of mandatory, protectable reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, enforcement or defence of legal claims.

If your personal data is processed for direct advertising purposes, you have the right to object to the processing of your personal data for the purpose of such advertising at any time. This also applies to any profiling linked to such direct advertising.

If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.

You may exercise your right to object using automated processes which use technical specifications in connection with the use of services of the information provider, regardless of Directive 2002/58/EC.

You further have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR for reasons arising from your specific situation.

Your right to object may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

8. Right to withdraw consent in accordance with data protection law

You have the right to withdraw your consent in accordance with data protection law at any time. The withdrawal of your consent shall not affect the legitimacy of the processing based on the consent given until the time of withdrawal.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision solely based on automated processing, including profiling, which has a legal effect against you or has other similar severe consequences for you. This does not apply if the decision 

  1. is required for the conclusion or fulfilment of a contract between you and the controller,
  2. is legitimate based on legal provisions of the EU or its member states to which the controller is subject and these legal provisions contain reasonable measures for maintaining your rights and freedoms as well as your legitimate interests, or
  3. is made with your explicit consent.

However, such decisions must not be based on specific categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR apply and reasonable measures for the protection of rights and freedoms as well as your legitimate interests have been implemented.

With regard to the cases mentioned in paragraphs (1) and (3), the controller shall implement reasonable measures to maintain the rights and freedoms as well as your legitimate interests, which includes, at a minimum, the right to effect intervention by a person of the controller, the right to state your own opinion, and the right to appeal against the decision.

10. Right to complain to a supervisor authority

Notwithstanding any other legal remedy under administrative law or before a court, you have the right to complain to a supervisory authority, particularly in the member states of your domicile, place of work or place of alleged violation if you are of the opinion that the processing of your personal data violates the GDPR. 

The supervisory authority where you submit your complaint will inform the complainant about the status and results of the complaint, including the option of legal remedy before a court in accordance with Art. 78 GDPR.

Last update of the privacy policy: August 2020