Privacy Policy
for Knee-CAT from SmartOrthoSolutions
- Privacy Policy
- Introduction
- 1. What is Knee-Cat?
- 2. Definitions
- 3. Data Controller
- 4. When calling the application
- 5. When registering a User Account
- 6. When using the application
- 7. On contact
- 8. Integration of contents from third parties
- 9. Disclosure of data to third parties
- 10. Your rights as a data subject
- 11. Data security, storage location and involvement of service
- 12. Evaluation of user data for analysis and advertising purposes
- 13. Change of the provisions on privacy
Introduction
The Data Controller takes the protection of your personal data (hereinafter "Data") seriously and complies with the applicable privacy laws.
With this privacy policy, the Data Controller fulfills its information duties under Art. 12 ff. of the General Data Protection Regulation (hereinafter "GDPR"). The purpose is to provide you with an overview of which of your data is stored when and how it is used. Your data will only be collected by the Data Controller to the extent technically necessary. In no case will the collected data be sold or passed on to third parties without authorization for other reasons.
Please read this privacy policy carefully and in conjunction with the General Terms and Conditions of the Data Controller. You can download and print out the current version of the General Terms and Conditions at any time from knee-cat.com/Terms.
1. What is Knee-Cat?
Knee-CAT (hereinafter also the "Application") is an innovative, web-based learning platform used in the education and training of knee surgeons. With Knee-CAT, both junior and experienced surgeons have the opportunity to simulate typical surgical situations as well as various alignment manoeuvres and balancing targets within the context of numerous exercises at different levels of difficulty and to subsequently evaluate the results of the simulated surgery in detail. The aim of Knee-CAT is to strengthen the surgeon's decision-making process, to train him with regard to computer-assisted surgical techniques and to prepare him specifically for future operations (total knee endoprosthesis).
2. Definitions
2.1 Data Controller
Under Art. 4 (7) GDPR, the Data Controller is the person who determines the purposes and means of the processing of personal data. Above all, he determines what is processed, how and for what purpose. He is responsible for the processing and must ensure that the privacy policy is complied with.
2.2 Data Processor
Under Art. 4 (8) GDPR, a Data Processor is a service Supplier who acts for the Data Controller and processes personal data on behalf of the Data Controller.
2.3 Personal data
Under Art. 4 (1) GDPR, personal data are any information that can be directly or indirectly attributed to an identifiable natural person ("data subject").
2.4 Processing
Under Art. 4 (2) of the GDPR, processing means all possible types of data processing. This includes, in particular, the collection, recording, classification, organization, arrangement, storage, adaptation, change, extraction, interrogation, use, disclosure, transmission, dissemination, linking, restriction, erasure or destruction of personal data.
2.5 Data subject
Under Art. 4 (1) GDPR, the data subject is the natural person to whom the data processed by the Data Controller can be directly or indirectly attributed.
2.6 Recipient
Under Art. 4 (9) GDPR, the recipient is the party to whom personal data is disclosed, irrespective of whether it is a third party or not.
2.7. Third party
Under Art. 4 (10) GDPR, a third party is any person other than the data subject, the Data Controller, the Data Processor and the persons authorised to process the personal data under the direct responsibility of the Data Controller or the Data Processor.
2.8 Special categories of personal data
Special categories of personal data include, under Art. 9 (1) GDPR, in particular the health data of the data subject.
2.9 Consent
Under Article 4 (11) of the GDPR, consent is any freely given, specific, informed and unambiguous indication of the wishes of the data subject, in the form of a statement or other unambiguous affirmative act (such as the active ticking of a box provided for that purpose), by which the data subject signifies his agreement to the processing of personal data relating to him.
3. Data Controller
If the data processing is not carried out for a third party (e.g. a company) within the scope of a contractual relationship within the meaning of Art. 28 DSGVO (“Data Processing Agreement”), SmartOrthoSolutions GmbH, Eichelberg 19, 93138 Lappersdorf, Germany, represented by the management (hereinafter referred to as the "responsible party") is responsible for the data processing within the scope of the application as provider and operator within the meaning of Art. 4 (7) DSGVO. If SmartOrthoSolutions GmbH acts as a processor within the meaning of Art. 4 (8) DSGVO, the responsibility for data processing lies with the respective client.
If you have any questions or technical problems with the application, you can at any time contact us by email at support@knee-cat.com.
This also applies if a concept used in the context of this privacy policy is unclear to you or if you have questions about these Terms or the services offered by the Data Controller.
4. When calling the application
4.1 Log files
Knee-CAT is a purely web-based application. As soon as you call the application, the browser you use automatically sends specific data to the application's server and stores it there for a limited period of time in a so-called log file.
4.1.1 Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| IP address, date and time of access, content of access (specific page), access status, amount of data transferred, website from which access is made (so-called referrer URL), browser type and version, operating system. | System security and stability | Legitimate interest | Hosting provider | 14 days |
4.1.2 Data processed
Your IP address, the date and time of access, the content of the access (specific website), the access status (e.g. https), the amount of data transferred, information on the website from which the access is made (so-called referrer URL) as well as information on the browser you are using and the operating system of the terminal device you are using (e.g. Chrome, Safari) will be processed.
4.1.3 Purpose
Log files are required to ensure sufficient system security and stability of the application.
4.1.4 Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter f) GDPR. The "legitimate interest" required for this derives from the Data Controller's desire to provide you with a secure and trouble-free user experience.
4.1.5 Recipient
The recipient of your personal data in connection with log files is the hosting provider on whose secure servers the application is hosted.
4.1.6 Storage period
The log files are automatically deleted after 14 days.
4.2 Cookies
Cookies are used within the scope of the application. These are small text files that are automatically saved by the browser you use and stored on your terminal (e.g. desktop PC, smartphone or tablet) as a small text file. Cookies do not contain viruses, Trojans or other malware that can cause damage to the terminal you are using.
4.2.1 Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| History and form data | System stability | Legitimate interest | - | Immediately or after a specific period of time. |
4.2.2 Data processed
History and form data will be processed.
4.2.3 Purpose
The cookies used make it possible to recognise that you have already visited individual pages of the application or ensure that you do not have to make specific entries and settings again that you have already made in the context of the application.
4.2.4 Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter f) GDPR. The "legitimate interest" required for this follows from the Data Controller's desire to provide you with a secure and trouble-free user experience.
4.2.5 Storage period
The storage period depends on the type of cookie used in each case. These are either deleted immediately when you exit the platform or automatically after a fixed period of time that cannot be determined by the Data Controller.
5. When registering a User Account
The use of the application requires the prior registration of a User-specific account (hereinafter "User Account") by the User. With the successful completion of the registration process by the User, a use contract is concluded between the User and the Data Controller in accordance with the General Terms and Conditions of the Data Controller. The current version of the General Terms and Conditions can be viewed, downloaded and printed out at any time from knee-cat.com/Terms.
5.1 Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| Email address, first name, last name, professional status, Institution/company, level of experience with computer-assisted surgery | Use of the application | Consent | - | Termination of the User contract, at the latest with the revocation of your consent. Exception: Legal storage duties |
5.2 Processed data
Your email address, full name, professional status (e.g. student, medical technician, doctor), the name of the institution or company you work for, and information on your personal level of experience with computer-assisted surgery will be processed.
5.3 Purpose
The data you enter during registration is required to create your User Account and to set the level of difficulty of the exercises and simulations offered, otherwise it is not possible to use the application.
5.4 Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter a) GDPR. You give your consent by confirming that you have read and accept the General Terms and Conditions and this Privacy Policy by ticking the checkbox provided before completing the registration process.
5.5 Storage period
The data processed within the scope of the registration process will be stored until the termination of the User contract with you, at the longest, however, until the revocation of your consent, provided that the deletion does not conflict with any statutory retention duties (e.g. from the Commercial Code).
5.6 Information on the right of withdrawal
You are already informed at this point that you can revoke your consent once given at any time with effect for the future with respect to the Data Controller. Further information on exercising this data subject right can be found in section 11 of this privacy policy.
6. When using the application
The application is a learning platform that is used in the context of the education and training of knee surgeons. The aim of the application is to strengthen the surgeon's decision-making process, to train him in computer-assisted surgical techniques and to prepare him specifically for future operations (total knee arthroplasty).
6.1 Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| Statistical evaluations and analyses. | Determining your training success and achieving the goal of the application. | Contract processing | Trainer (optional) | Termination of the use contract. Exception: Legal storage duties |
6.2 Processed data
Statistical evaluations and analyses are created that reflect your personal training status and can be shared with a trainer if desired.
6.3 Purpose
The aim of the application is to train you in the use of computer-assisted surgical systems and to prepare you optimally for future operations and various everyday scenarios. In order for you or your trainer to measure your personal progress, a comprehensive evaluation and analysis of your performance during the application is required.
6.4 Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter b) GDPR, as it is absolutely necessary for the provision of the services agreed with you in the use contract.
6.5 Recipient
You have the option to share your performance data with a coach in the context of the application. Sharing your performance data with a coach may also be required by the licensee.
6.6 Storage period
The data processed in the context of the use of the application will be stored until the termination of the use contract with you, provided that the deletion does not conflict with any statutory retention duties (e.g. from the Commercial Code).
7. On contact
You have the option of contacting the Data Controller by email or contact form within the application.
7.1 Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| Master data, contact details, content of the request | Contact | Consent | - | Until the final answer to your request or the revocation of your consent. Exception: Legal retention requirements. |
7.2 Processed data
Your master data (e.g. name), your contact data (e.g. email address) and the content of your inquiry will be processed.
7.3 Purpose
The Data Controller would like to give you a rapid and sure answer to your request.
7.4 Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter a) GDPR. By sending your request, you give your consent.
7.5 Storage period
The data of your inquiry will be stored until the final answer, at the longest, however, until the revocation of your consent, provided that the deletion does not conflict with any legal storage duties (e.g. from the Commercial Code).
7.6 Information on the right of withdrawal
You are already informed at this point that you can revoke your consent once given at any time with effect for the future with respect to the Data Controller. Further information on exercising this data subject right can be found in section 11 of this privacy policy.
8. Integration of contents from third parties
Within the scope of the application, content from third-party providers, such as videos or graphics, may be integrated. The integration of this content requires that the providers of it (hereinafter "third-party providers") can see your IP address, otherwise the content cannot be displayed in the context of the browser you are using.
The Data Controller strives to only use content from third-party providers that use your IP address exclusively for the delivery of the content. However, the Data Controller has no influence on the fact that third-party providers process your IP address for other purposes, such as statistical analysis. Should the Data Controller become aware of such a process, you will be informed of this within the context of this privacy policy.
You have the option of preventing the processing of your data by downloading a browser add-in and installing it in the browser you are using, which blocks Java scripts. In addition, you can also deactivate the use of Java scripts in the settings of the browser you are using.
9. Disclosure of data to third parties
The Data Controller will only pass on your data to third parties if
- you have given your express consent to this in accordance with Art. 6 (1) letter a) GDPR;
- the transmission is necessary under Art. 6 (1) letter b) GDPR for the initiation of a contract or the processing of an existing contractual relationship with you;
- the Data Controller is legally required to disclose the data under Art. 6 (1) letter c) GDPR;
- the disclosure is necessary in accordance with Art. 6 (1) letter f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
10. Your rights as a data subject
As a "data subject" within the meaning of Article 4 (1) of the GDPR, you are entitled to specific indispensable rights (data subject rights). Accordingly, you have the right
- in accordance with Art. 15 GDPR, to request information on which of your data the Data Controller has stored;
- in accordance with Art. 16 GDPR, to demand without delay the rectification or completion of the data which the Data Controller has stored about you;
- in accordance with Art. 17 GDPR, to demand the deletion of the data that the Data Controller has stored about you, unless a case of Art. 17 (3) GDPR precludes this;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of data which the Data Controller has stored about you, if the conditions of Art. 18 (1) letters a-d) GDPR are met for this;
- in accordance with Art. 20 GDPR, to request the transfer of the data that the Data Controller has stored from you in a structured, common and machine-readable format (e.g. as PDF) without any obstacles;
- to object to the processing of your data under Art. 21 GDPR, if the processing by the Data Controller is carried out on the legal basis of Art. 6 (1) (f) GDPR ("legitimate interest") and your objection arises from a specific situation or is directed against direct marketing. In the latter case, you can also object to the processing without giving any reasons;
- to revoke your consent to data processing at any time under Art. 7 (3) GDPR;
- lodge a complaint with the competent supervisory authority under Article 77 of the GDPR.
You can send your requests, objections or revocations at any time by email to support@knee-cat.com or by mail to SmartOrthoSolutions GmbH, Eichelberg 19, Lappersdorf, Bavaria. Please understand that the Data Controller must first convince itself of your identity through a suitable procedure.
11. Data security, storage location and involvement of service
To ensure the best possible protection of your data, Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption is used within the application. This encryption ensures that your transmitted data cannot be read, diverted or modified by unauthorised third parties during transmission.
The storage and processing of your data takes place exclusively in appropriately security-certified data centres within the European Union within the scope of the GDPR. The Data Controller expressly reserves the right to use external service providers for the storage and processing of your data, but they will only act on behalf of and under the instructions of the Data Controller (Data Processors). The service providers used are required by the Data Controller to take appropriate technical and organisational measures (TOMS) under the current status in order to ensure privacy-compliant processing of your data.
Under no circumstances will your data be passed on or sold to third parties by the Data Controller or by the external service providers used without a legal basis.
12. Evaluation of user data for analysis and advertising purposes
The data generated within the scope of the application (e.g. training duration, training success) is processed by the controller for analysis and advertising purposes. The aim is in particular to highlight and present the advantages of using the application compared to alternative options.
12.1. Brief overview
| Processed Data | Purpose | Legal basis | Recipient | Storage period |
|---|---|---|---|---|
| Usage data (e.g. training duration, training success) | Evaluation for analysis and advertising purposes | Consent | - | Until consent is revoked. Exception: Legal storage obligations. |
12.2. Processed data
Your usage data (e.g. training duration, training success) is processed. This data is collected and processed in pseudonymized or anonymized form.
12.3. Purpose
The Controller wants to present the benefits of the Application to third parties (including for advertising purposes) and to adapt the Application to the needs of the Users in the best possible way.
12.4. Legal basis
The Data Controller bases the lawfulness of this data processing on Art. 6 (1) letter a) GDPR. You give your consent by confirming that you have read and accept the General Terms and Conditions and this Privacy Policy by ticking the checkbox provided before completing the registration process.
12.5. Storage period
Your personal data in connection with the evaluation of usage data for analysis and advertising purposes shall remain stored at the longest until your consent is revoked, provided that no statutory retention obligations (e.g., from the Commercial Code) prevent deletion. If your usage data is processed in anonymized form, an unlimited storage period applies.
12.6. Information on the right of withdrawal
You are already informed at this point that you can revoke your consent once given at any time with effect for the future with respect to the Data Controller. Further information on exercising this data subject right can be found in section 11 of this privacy policy.
13. Change of the provisions on privacy
The Data Controller reserves the right to amend this privacy policy with effect for the future in order to respond appropriately to changes in the law, changes in case law or changes in economic circumstances.
You will be informed in good time of any change to this privacy policy intended by the Data Controller and the specific change will be made available as a full text.
Your rights as a "data subject" within the meaning of the GDPR (data subject rights) will never be limited by any change to this Privacy Policy.
The current version of the currently valid privacy regulations can be downloaded and printed out at any time knee-cat.com/Terms.