Privacy policy

We have been helping people maintain or regain their mobility since 1919. For us, digitalising the treatment process means protecting your freedom of movement in the digital world as well. For this reason, it’s important for us to tell you what personal data we collect, how we use these data and what your options are.

The success of Ottobock depends not only on the global networking of information flows between the Ottobock companies, employees, customers and patients, but above all on the trustful, secure handling of personal data.

Responsible

Ottobock SE & Co. KGaA

Max-Naeder-Straße 15, 37115 Duderstadt, Germany

Data Protection Officer

Data Protection Officer of the Legal Entity: Bjoern Holland

Ottobock has also appointed a Global Data Privacy Officer: Bjoern Holland

You may reach the Global Data Privacy Office confidentially via [contact form].

Use of our website

Secure provision of the website

In case you visit our website, the web server temporarily collects the following information to display the website and stores such information in so-called server log files:

Processed categories of data:

  • Browser type and version,

  • operating system used,

  • Referrer URL,

  • browser string

  • Hostname of the accessing computer,

  • Time of the server request and

  • IP address.

Purposes:

Ottobock's interest is the secure and functional operation of the website. The logged data is used in particular for the purposes of data security, to defend against attempts of attack on our web servers. We reserve the right to carry out statistical evaluation of anonymous data records.

Legal basis:

The processing of this data is based on our legitimate interest: We have a legitimate interest in ensuring data security and trouble-free operation.

Storage periods or criteria for determination:

The data will be deleted after 180 days at the latest.

Contact form or contact

Since not all questions may be served immediately and conclusively by the explanations on our website, we would like to provide you with the opportunity to address your concerns directly to Ottobock experts. For this purpose, we offer various contact channels on our website.

In case you contact us, we process the following categories of data, for example:

  • Contact information

    • First name, last name,

    • Address (private, practice or business address, customer number),

    • Email address and

    • Phone

  • Topic-specific information

    • Medical field,

    • Your relationship to Ottobock (e.g. interested party, user, medical supply store, etc.)

  • Content of your inquiry

    • Inquiry specific information

Mandatory data in contact forms, that are absolutely necessary to answer your request, are marked with an asterisk*.

Purposes:

Ensuring that your inquiry is processed quickly in accordance with Ottobock's quality standards. This includes record, allocation and processing of the inquiry by the relevant company departments.

Legal basis:

The processing of the data is based on our legitimate interest: We have a legitimate interest in processing this data for the purpose of processing your request.

If you use the contact form to convey an interest in purchasing our products and services, this is a contract-relevant inquiry based on your steps taken prior to entering into a contract with us.

If you provide special categories of personal data in the context of your query, e.g. health data, the processing is based on care or treatment in the healthcare sector.

Storage periods or criteria for determination:

In case you send us a contact request, we will store this data for the duration of processing your request. Further storage may be necessary, depending on separate storage obligations with regard to your query.

Promotional Material / Newsletter

If you are interested in news in the field of medical devices or in our products and services - in particular innovations and interesting campaigns and actions driven by Ottobock, you may agree to receive advertising and in particular to receive our newsletter.

To send you the most suitable information in the requested promotional materials, we process the following categories of data, for example

  • Newsletter technology,

    • Meta Data (e.g. Device-ID, IP-Address)

    • Usage Data (e.g. access time, interests)

  • Contact information

    • Name

    • email address

    • Professional position (job title)/ company affiliation (company name)

    • Postal address, or telephone contact

  • Interest-specific information

    • Selection of the product section you would like to receive information on (e.g . Prosthetics, Orthotics and Human Mobility)

    • Your relationship with Ottobock (interested party, user, medical supply store, etc.)

    • Raffles

    • Surveys

    • Invitations to exhibitions

    • Clinical studies/ evaluations/ testing probation

    • Comment

Data and Information in such order forms, that are absolutely necessary are marked with an asterisk*.

Purposes:

Ensuring the proper provision of promotional material and to establish contact with you. We use this data to check the accuracy of your email address and to ensure that the promotional material is correctly tailored with the information that is appropriate for you.

Legal basis:

The data will be processed exclusively on the basis of your consent: The processing is therefore based on your consent.

Where health data is processed, the processing is based on your consent for processing special categories of personal data.

If we process your data in order to comply with legal obligations, such data processing is based on such legal obligation to which we are subject to.

Withdrawal of your consent:

You have the right to revoke your consent at any time. You may exercise this right of revocation via informal email notification to info@ottobock.com. You may revoke the receipt of newsletters directly via the corresponding "unsubscribe"-function in the newsletter. Please note that this does not affect the permissible data processing that took place up to the point of withdrawal

Storage periods or criteria for determination:

As soon as the data is no longer required for the purposes we pursue or you have withdrawn your consent and there is no other legal basis, the data will be deleted. If the latter is the case, we will delete the data where the other legal basis has ceased to apply.

Live-Chat

If you use the chat functions on our pages, information is transmitted to the customer service department when the chat is initialized.

In case you use the Live-Chat offered on the website, we process the following data:

  • Connection information

    • Browser version,

    • operating system,

    • IP address,

  • Chat-specificinformation

    • Selection of the help topic

    • Information about the availability of the chat service

    • Availability of chat partners

  • Chat content

Apart from aforementioned data, no further personal data is collected, unless you provide this information voluntarily inside the chat.

Purposes:

Opportunity for direct exchange with our business partners and customers.

Legal basis:

The data will be processed exclusively on the basis of your consent. The processing is therefore based on your consent.

Where health data is processed, the processing is based on your consent for processing special categories of personal data.

Withdrawal of your consent:

You have the right to withdraw your consent at any time. You may exercise your right to withdraw by sending an informal email to info@ottobock.com. Please note that this does not affect the permissible data processing that took place until the withdrawal.

Storage periods or criteria for determination:

We store the communication for the duration of processing or until your consent is withdrawn. If further storage is required, depends on separate storage obligations with regard to our commune chat.

Job-Portal

You may use our Job-Portal purely for informational purposes. Additionally, you may register on our Job-Portal to apply for vacant positions in the Ottobock Group and to take advantage of extended services.

Automated decision-making does not take place.

If you use our Job-Portal, we process the following data:

  • master data e.g. first und last name,

  • address and contact data as well as

  • education, qualification and CV-data and, in special cases

  • information on special data categories such as an existing severe disability.

Purposes:

We process the personal data you provide us with to bring forward your application. Thus, we process your personal data as part of the recruiting platform in order to find suitable candidates for open positions. To use our Job-Portal, you have to create a candidate profile. This allows you to apply for specific positions and to enable notifications on suitable open positions that match your search criteria ("Job Alert").

Where you agreed, that we may also consider your application for other jobs of the Ottobock group, we may ask you for your permission to remain in contact with us for a longer period of time (Talent Pool).

The provision of your personal data is neither statutory nor contractually required. If however, you wish to apply for a specific job via our Job-Portal, the provision of your personal data is necessary so that Ottobock may decide on your application – and if applicable, on your employment. The use of the functionalities mentioned above or below (Job Alert, Talent Pool) is voluntary, but the provision of your data is required.

Legal basis:

In the context of your specific application, we process your data in order to make a decision on the conclusion of an employment contract. The legal basis for this is your request to take steps prior to entering into a contract. We process any information on your existing severe disability on the basis of exercising specific rights in the field of employment law.

If you create a candidate profile in the Job-Portal for setting up a job alert, or we invite you to the Talent Pool, or for cases where we share your application with other Ottobock Group companies, or where you voluntarily provide us with additional personal data, we process your data in this context on the basis of your prior consent. You may withdraw your consent at any time with effect for the future. You may reach the Global Data Privacy Office confidentially via contact form or control your settings in the candidate profile by yourself.

Who receives your application data?

Within Ottobock, access to your personal Data is granted on a need-to-know basis and in order to make decisions on the conclusion of an employment contract or to process your e-recruiting candidate-profile (e. g. HR, works council, department heads).

When creating your candidate profile, you may activate the visibility of your profile for recruiters and department heads of Ottobock Group companies in your country or for recruiters and department heads of all Ottobock Group companies. You may also activate or restrict the visibility of your candidate profile in your account later. If you agree to your profile being made available to recruiters from other Ottobock companies, this may also allow companies outside the EU (so-called third countries) to access the data in your profile. In these cases, Ottobock ensures that these companies maintain an appropriate level of data protection. Further information on this and information on the appropriate safeguards may be requested from the Data Protection Officer.

How long do we store your application data?

In general, you may change and delete your data yourself within your candidate profile in the Job-Portal at any time. However, we reserve the right to retain data on a specific application as of rejection for a maximum of 6 months following receipt of such rejection in the interests of preserving evidence. If you do not log in for a period of 6 months after completing your last application, your data / candidate profile will be automatically deleted.

If you provided us with your permission for the talent pool, your data/ candidate profile will be deleted after one year.

Where we process your data on the basis of consent, your data will be deleted independently after withdrawal of your consent.

Active Sourcing

For recruiting purposes, we also actively search social networks, forums or other freely available sources on the internet for interesting candidate profiles.

We usually contact the candidates via the direct message function in the relevant network. We offer such candidates the opportunity to join a personal consultation in which we present Ottobock as an employer as well as relevant open positions. In the following, candidates may decide whether they would like to apply for one of the positions via the Job-Portal or a job-link provided by us. Alternatively, candidates may also stay in touch with us regarding career opportunities via this communication channel, independently of a specific application. For this purpose of future touch base, we will ask for the candidate’s prior consent.

Automated decision-making does not take place.

The following data is processed in the course of Active Sourcing:

In the context of this active candidate search, we only process data that is obviously made public by these persons themselves (name data, profile data, contact data if applicable).

Purpose:

Recruiting

On which legal bases do we process your personal data?

The search for interesting candidate-profiles and the initial contact is carried out on the basis of the user agreement with the social network or on the basis of our legitimate interests in recruiting new talents for Ottobock.

Who receives your data?

Within Ottobock, access to your personal Data is granted on a need-to-know basis and in order to support the decision-making on the offering of an employment contract or to process your e-recruiting candidate-profile (e. g. HR, works council, representative for severely disabled employees, hiring manager).

How long do we store your data?

Where candidates do not respond to our invitation to apply for a vacant position or to stay in touch with us, the candidate’s personal data will be deleted by us following 4 months at the latest.

When and how we share information with third parties

Integration of Social Media Plugins

Our web pages include social media networks buttons with which you may inform other people about the digital presence and offering of Ottobock.

We have integrated the following social networks via a plug-in:

  • Facebook ("Like button").

Processed categories of data:

If you agree to the use of social media plug-ins, the following data will be processed:

  • IP address,

  • Browser information,

  • operating system,

  • Call to previous website (referrer URL),

  • Current URL,

  • Screen resolution and

  • Installed browser plug-ins (e.g. Adobe Flash Player).

Purposes:

To provide a comprehensive internet presence and logical linking of internet sites.

Legal basis:

The activation of the plug-in or the link is based your explicit consent.

Information on the use of cookies and other technologies

To ensure that our websites works securely and properly and to offer you relevant products and services, we use cookies and other technologies on our websites. [Here], you find further information and you may change or withdraw your consent settings at any time.

Hyperlinks to third party websites

On our websites we use hyperlinks to third parties sites. Only by clicking on the hyperlink, you will be directed to that external website. The processing of your data on these websites is the responsibility of such website provider.

Your rights

You have the right,

a) to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to access information about this.

b) to demand the rectification or completion of inaccurate or incomplete data;

c) to withdraw a given consent at any time with effect for the future;

d) in certain cases to request the erasure of data;

e) under certain conditions, to request the restriction of processing;

f) under certain conditions to data portability, i.e. you may receive your data, which you have provided us with, in a structured, common and machine-readable format or have it transferred to another controller;

g) to complain to a supervisory authority.

Right to object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you. This also applies to profiling based on these provisions. We will then no longer process the personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for such purposes.

To whom we share information

To processors – companies that Ottobock commissions with the processing of data within the legally stipulated framework. In this case Ottobock remains responsible for the protection of your data. Our processors are carefully selected, are bound by our instructions and are regularly checked by us. We only commission processors who offer sufficient guarantees that suitable technical and organizational measures are taken in such a way, that processing is carried out in accordance with the requirements of the applicable data protection law and guaranteeing the protection of your rights.

To private entities that provide services for you on their own responsibility or in connection with an Ottobock contract. This is the case, if you commission services from private agencies, if you agree to such integrated services or if we integrate private agencies due to legal permission. If, in the course of processing, we nevertheless disclose your data to third parties, transfer it to them or otherwise grant them access to that data, this will also be done exclusively on the basis of one of the legal bases mentioned.

To government agencies to which we transfer certain data due to legal obligations.

Transfer of personal data to countries outside the EU and EEA

We may transfer your data to entities whose registered office is located outside the European Union or the European Economic Area. In doing so, we will ensure prior to the transfer, that apart from exceptional cases permitted by law, either an adequate level of data protection exists at the recipient's end (e.g. through an adequacy decision by the European Commission, through appropriate safeguards such as the agreement of so-called EU standard contractual clauses of the European Commission with the recipient) or your expressed consent has been obtained. Information on suitable safeguards may be obtained from the Global Data Privacy Officer.

Changes to this privacy policy

We will revise this privacy notice whenever changes are made to this website or other reasons that require it. You will always find the current version on this website.

State of declaration: 26.03.2021

Ottobock India - Privacy Policy

Data Privacy Policy - Ottobock India

Effective from: 1st Jan 2021

1. PURPOSE

1.1. This Data Privacy Policy (“Policy”) is developed and put forth by Otto Bock Health Care India Limited (“Company”) to maintain the privacy and protect the Personal or Sensitive Data of Patients, Employees, or any other Third Party of the Company and to ensure compliance with Data Protection laws and regulations applicable to the Company.

1.2. Compliance with privacy regulation and the protection of Personal and Sensitive Data of Patients, Employees and other Third Parties utmost priority for the Company, especially as a globally operating company. In many circumstances, Ottobock Group is seen as a single corporate by its customers, patients and in general public and therefore, it is in the commune interest of the Company to significantly contribute to the corporate success by implementing this Policy and to underline the Company’s claim on “Quality for Life” for high-quality and technologically outstanding products and services in the field of medical technology.

1.3. By the means of this Policy, the Company establishes a standardized level of data privacy in India and according to its Global Data Privacy Policy worldwide.

2. SCOPE

2.1. This Policy applies to all Patients, Employees and other Third Parties who may receive personal information, have access to personal information collected or processed, or who provide information to the Company, regardless of the geographic location.

2.2. All employees of the Company are expected to abide the regulations of this Policy when they are processing Personal and Sensitive Data, or are involved in the process of maintaining or disposing of Personal and Sensitive Data.

2.3. All Third Parties working with or for the Company, and who have or may have access to Personal and Sensitive Data, will be expected to have read, understand and comply with this Policy.

3. DEFINITIONS

3.1. “Employee” means a current employee of the Company or former employees, as well for the purpose of this Policy also trainees and interns.

3.2. “Patient” means any person receiving services from the Company.

3.3. “Personal Data” means any information that relates to an Individual, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. This shall include information such as Name, Address, Date of Birth etc.

3.4. “Processing” shall mean any operation or set of operations which is performed on Personal and Sensitive Personal Data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.5. “Sensitive Personal Data” means data such as financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious or political belief or affiliation and critical data.

Provided that, any information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive or Personal Data for the purpose of this Policy.

3.6. “Third Party” shall mean an individual or a legal entity, public authority, agency or body who, under the direct authority of the Company, is authorised to process Personal or Sensitive Data.

4. COLLECTION OF PERSONAL AND SENSITIVE DATA

4.1. Throughout the course of the relationship with its Patients, Employees and Third Parties the Company needs to process Personal and Sensitive Data.

  • a. The type of information that may be required from its Patients includes but is not limited to the following:

    • Basic Information such as name, contact details, address, gender, date of birth, marital status, children, parents details, PAN Card, Aadhaar Card, insurance details, citizenships, visa, work permit details;

    • Information about the Patients medical condition and its health and sickness records, which includes information related to physical measurements, amputation and all other physical and medical condition

  • b. The type of information that may be required from its Employees includes but is not limited to the following:

    • Basic Information such as name, contact details, address, gender, date of birth, marital status, children, parents details, PAN Card, Aadhaar Card, insurance details, citizenships, visa, work permit details;

    • Information about the Employees medical condition and its health and sickness records;

    • Recruitment, engagement or training records including CV’s, applications, references, qualifications, education records, test results;

    • The terms and conditions of employment contracts with previous employers;

    • Performance reviews and disciplinary records with the previous employer;

    • Information relating to the Employees membership with professional associations or trade unions;

    • Leave records (including annual leave, sick leave, casual leave and maternity leave);

    • Financial Information relating to compensation, bonus, pension and benefits, salary, travel expenses, tax rates, bank account and provident fund account details.

  • c. The type of information that may be required from its Third Parties includes but is not limited to the following:

    • Basic Information such as name, contact details, registered address, date of incorporation, PAN Card, Adhaar Card, GST Number, insurance details.

5. PURPOSES OF PROCESSING OF PERSONAL AND SENSITIVE DATA

5.1. This Policy shall apply to all types of Personal or Sensitive Data processed within the Company, regardless of where the data is collected. Personal and Sensitive Data shall be processed within the Company for the following purposes in particular:

  • a. To manage and enable health protection and therapy as well as clinical science and research.

  • b. Compliance with legal requirements such as health and safety rules and other legal obligations;

  • c. To manage employee data such as payroll administration, medical or other insurance, payment of salary or invoices, taxation requirements under payment of salaries/ invoices, performance assessment and training;

  • d. To initiate, implement and process business and customer agreements, and to carry out advertising and market-research activities aimed at informing customers and interested Third Parties about products and services offered by the Company;

  • e. To initiate and implement agreements with the Company’s service providers as part of the provision of services for the Company;

  • f. To enable appropriate handling with Third Parties, in particular investors, partner or visitors and to comply with a binding legal obligation.

5.2. Personal and Sensitive Data shall be processed in-line with the current and future business purposes of the Company, which include the provision of products and services in the field of medical technology, digital services for patients and business customers including physical and locomotor technical services, not limited to just orthopaedics and includes technical and orthopaedic advisory services.

6. TRANSPARENCY OF PROCESSING OF PERSONAL AND SENSITIVE DATA

6.1 Patients and Employees shall be informed on how their personal data is processed in line with applicable laws and regulations. For this, the Company shall inform on the identity of the Company and respective contact details, the purposes and legal basis of processing activities as well as data deletion periods, the recipient Third Party and scope and purposes of data transfer (if applicable), the rights in relation to the processing of data. This information shall be given in a clear and easily understandable manner.

7. CONDITIONS OF ADMISSIBILITY FOR THE PROCESSING OF PERSONAL AND SENSITIVE DATA

7.1. Personal and Sensitive Data shall be only processed, if the conditions of admissibility have been satisfied in accordance with the following conditions

  • a. It is legally permissible to process the Personal and Sensitive Data in the way intended.

  • b. The Patient or Employee had consented to the processing of data.

  • c. It is necessary to process the data in this way in order for the Company to fulfil its obligations under an agreement with the Patient, Employee or Third Party, including its contractual duties to inform and/or secondary duties, or in order for the Company to implement pre- or post-contractual measures for initiating or processing an agreement that has been requested.

  • d. The data must be processed to fulfil a legal obligation of the Company.

  • e. It is necessary to process the data to complete a task that is in the interest of the general public or that forms part of the exercise of public authority.

  • f. It is necessary to process the data in order to realize the legitimate interest of the Company.

8. LIMITED ACCESS TO PERSONAL AND SENSITIVE DATA

8.1 Only those Employees who “need-to-know” or require access to function in their role should have access to Personal and Sensitive Data.

8.2. The Company will not disclose Personal and Sensitive Data to any person outside the Company except for the agreed purposes or with the consent of the respective Patient or Employee, or with a legitimate interest or legal reason for doing so.

8.3. Every Employee of the Company, who deals with or comes into contact with Personal or Sensitive Data, shall have the responsibility to comply with the applicable law concerning data privacy and with the rules and regulations set out in this Policy and/or the Global Data Privacy Policy of the Group.

8.4. The Employee shall be diligent and extend caution while dealing with Personal and Sensitive Data of others, in the course of performance of his/her duties.

8.5. Every Employee shall immediately, on becoming aware report and notify any vulnerabilities and privacy-related breach/security breaches, including potential risk.

9. DISCLOSURE AND TRANSFER OF PERSONAL AND SENSITIVE DATA

9.1. The Company may, from time to time, disclose and/or transfer Personal and Sensitive Data to Third Parties. However, such data transfer is only justified on the basis that there is a “need-to-know” and it is reasonable and legitimate to allow the Company to operate effectively and competitively.

9.2. Personal and Sensitive Data is only transferred to another country in case of the transfer to another Group Country for extraordinary reasons and in particular only in as far as a reasonable level of data protection is assured in the recipient country.

9.3. When using external data processors or transferring Personal and Sensitive Data to Third Parties, the Company shall enter into agreements with appropriate contractual clauses for the protection of Personal and Sensitive Data and confidentiality including requirements to process the data only in accordance with instructions given by the Company. Further Third Parties shall be obliged to take appropriate technical and organisational measures to ensure that there is no unauthorised or unlawful processing or accidental loss or destruction or damage to the data.

10. DATA ACCURACY

10.1. Personal and Sensitive Data shall be correct and, where necessary, kept up-to-date (“data accuracy”).

10.2. In light of the purpose for which the data is being processed, appropriate measures shall be taken to ensure that any incorrect or incomplete information is erased, blocked or, if necessary corrected

11. RETENTION AND DELETION OF PERSONAL AND SENSITIVE DATA

11.1. All Personal and Sensitive Data of Patients or Employees may be retained for periods as prescribed under law or as per the Company’s policy. The Personal and Sensitive Data may be retained for a longer period if there is a subsisting reason that obliges the Company to do so, or the Personal and Sensitive Data is necessary for the Company to fulfil contractual or legal obligations.

11.2. Once the Company no longer required the Personal and Sensitive Data, it is destroyed appropriately and securely or anonymized in accordance with the law.

12. SECURITY MEASURES

12.1. The Company shall take appropriate technical and organizational measures such as IT systems and platform to process Personal and Sensitive Data safely and securely. These measures shall be evaluated regularly regarding their effectiveness.

12.2. Such measures shall include:

  • a. Confidentiality measures (admittance control, denial-of-use control, data access control, separation control, encryption control);

  • b. Integrity measures (data input control, data transmission control, contractor control);

  • c. Availability measures (back up procedures and business continuity management) and

  • d. Measures for continuous monitoring, assessment and evaluation.

13. GENERAL TERMS AND CONDITIONS:

13.1. The Company shall define a document internal procedures in case of any privacy-related incidents and breaches. Any complaints related to data privacy shall be reviewed regularly to ensure that all complaints are resolved in timely manners and resolutions are documented and communicated to the respective individuals.

13.2. Patients or Third Parties with inquiries or complaints about the processing of their Personal and Sensitive Data shall bring the matter to the attention of the Company in writing.

13.3. Employees with inquiries or complaints about the processing of their Personal and Sensitive Data shall discuss the matter with their immediate supervisor or shall bring the matter to the attention of the Company in writing.

13.4. This Policy shall be examined and reviewed by the Company at regular intervals, but at least once a year, to find out about its compliance with applicable legislation, and shall make any necessary adjustments

13.5. Any significant amendments to this Policy that become e.g. necessary as a result of adjustments made to bring in line with legal requirements shall be agreed within the Board of Directors.

14. Data Protection Officer

India Data Protection Officer - Sakar Shrivastava

Contact: sakar.shrivastava@indiaottobock.com











Contact Us

T +91 22 2552 6701

E information@indiaottobock.com