Data Privacy Statement for Clients, Suppliers and Other Business Contacts

Mint Medical GmbH collects, processes and stores personal data of its customers and suppliers to a limited extent. The data processing processes concerned are the following:

• Maintaining and addressing business correspondence, including the initiation of business relationships, the implementation of the necessary pre-contractual measures. For this purpose, we use professional contact information such as name, academic degree, professional function, professional e-mail address, telephone number and professional postal address of our contact persons (employees of our customers, including administrative staff, radiologists, doctors, IT staff) in connection with the time stamps of the communication. The basis for this is generally Art. 6 para. 1 lit. f of the GDPR, taking into account that the need for protection of professional contact data is to be classified as low compared to the interest of Mint Medical GmbH in maintaining normal business communication. If contact persons use private contact data for communication, we use this on the basis of consent implied by the provision of this contact data in accordance with Art. 6 para. 1 lit. a. If the communication concerns business relationships, Art. 6 para. 1 lit. b and c may also apply, as business correspondence is subject to additional retention obligations. The provision of test installations of our software requires the collection of contact data and usage data to a comparable extent as a full license. All email traffic is archived in encrypted form by our parent company, Brainlab AG, for a period of 15 years; however, any access to the email archive is strictly regulated and subject to case-by-case approval by the corporate legal department. For individual cases in which the right of a data subject to have his or her data deleted from the encrypted archive outweighs the legitimate interest in maintaining a complete e-mail archive, procedures exist for deleting individual messages. 

• As part of the technical support, many of our customers, interested parties, business partners and users (also of test installations) also optionally receive the Mint Medical GmbH newsletter, which provides information about new technical functionalities of the product, among other things; in this context, the data processing serves the purpose of personalization and sending the newsletter. Your name, contact details and, if applicable, your professional affiliation are collected for this purpose. If you give us your consent via an electronic opt-in procedure, so-called server log data (such as the IP address from which the request is made, information about the browser used) will also be collected; this is unavoidable for technical reasons when using Internet-based services. The e-mail newsletter may contain embedded elements (such as images) that have to be reloaded from an Internet server; server log data is also generated in this case, but it is not personalized to the recipient of the e-mail, i.e. personal tracking is not possible. However, it is not necessary to subscribe to the newsletter in order to use our services. The newsletter is sent on the basis of your consent under Art. 6 para. 1 lit. a, which can be revoked at any time. Users of mint Lesion(TM), whose contact details we have received in connection with the sale of our goods and services, may also receive the newsletter on the basis of our legitimate interest, Art. 6 para. 1 lit. f.

• If you contact us (by post, e-mail or contact form on our website), we will use your contact details to process and respond to your inquiry; for this purpose, we will forward your inquiry internally to the relevant departments. The legal basis for this is your consent, which is implied by the provision of your contact details. If you give us your consent, we will also use the contact data provided to contact you for sales purposes by e-mail, telephone, post or fax after we have responded to your inquiry. You can of course revoke this consent at any time.

• Personal data may also be processed by us for sales purposes; this involves names and professional contact details. We collect this data either directly from you or from public sources, e.g. your employer's website. We may use this data to contact you for sales purposes by telephone or post or, if you have given your consent, by e-mail or fax. The legal basis for this is Mint Medical GmbH's legitimate interest in selling its products; in the case of professional and publicly accessible contact data, we believe that this interest outweighs the need to protect the data. Nevertheless, you can of course object to the use of your data for these purposes at any time.

If you wish your data to be deleted or corrected or wish to view the stored data, we must store the communication data arising in this context (such as the e-mail address used and the time of transmission) for the duration of the processing of your request. If you object to the use of your data for sales purposes, we will make a corresponding note in our database and restrict the processing of your data, unless you request that we delete it completely. If we have deleted your data completely, however, we cannot rule out the possibility that it will be collected again at a later date as part of sales activities.

This data will not be used for purposes other than those mentioned. Your data will also not be passed on to third parties and will only be stored password-protected and encrypted on data processing systems in the EU. Within our company, access to the personal data provided by you is only granted to those groups of people who need it to fulfill the above-mentioned purposes. Your data will only be stored for as long as a legal basis exists - your consent pursuant to Art. 6 para. 1 lit. a, a significant legitimate interest pursuant to Art. 6 para. 1 lit. f or a legal obligation pursuant to Art. 6 para. 1 lit. c of the GDPR - and then deleted.

You have the right to receive information free of charge at any time as to whether and what data we store about you and for what purpose the processing is carried out (Art. 15 GDPR). You have the right to have the stored data corrected (Art. 16 GDPR). You also have the right to receive the data stored about you in a structured, commonly used and machine-readable format (Art. 20 GDPR). If the processing of your data is based on consent, you have the right to withdraw this consent at any time with effect for the future. In the case of processing based on legitimate interest, you have the right to object to the processing (Art. 21 GDPR). In accordance with Art. 17 GDPR, you have the right to request that we erase your personal data. We are obliged to comply with this request immediately if one of the following reasons applies:

• The purposes for which the data was processed have ceased to apply.
• The legal basis for the processing - e.g. an existing contractual relationship, a contractual relationship in the process of being established, or consent on your part - has ceased to exist, and there is no other legal basis pursuant to Art. 6 (1) GDPR.
• The personal data has been processed unlawfully.
• The deletion of the personal data is necessary to comply with a legal obligation under Union, federal or state law.

You also have the right to request the restriction of processing (Art. 18 GDPR) if you dispute the accuracy of the personal data, if the processing is unlawful but you do not wish it to be erased, or if the purpose of processing no longer applies but you need the data to assert legal claims.

The contact person for these processes is the controller named below.

If you believe that your data is not being processed in accordance with the GDPR, you have the right to lodge a complaint with the supervisory authority (Art. 77 GDPR). Please contact the competent supervisory authority.