Ypsomed Canada inc. data protection declaration

The protection of your personal data is very important to us. Please read this data protection declaration carefully to find out more about when personal data is collected when using our Internet website and how we store and process these data.

This data protection declaration applies to the Internet pages www.ypsomed.com/en-CA/ and www.ypsomed-diabetescare.com/en-CA/ and to the data collected via these pages, and also if you use our services and offers via these pages. From these Internet pages, you can, among others, access the Internet pages of other companies of the Ypsomed Group and our online shops. The data protection declarations available on these Internet pages apply.

Responsible body

The responsible body in the sense of the EU General Data Protection Regulation (GDPR) and other data protection regulations is

Ypsomed Canada inc.
1 Holiday Avenue
Suite 647
Pointe Claire, QC
H9R 5N3
Canada

Telephone: 514 695 - 5959
E-mail: info@ypsomed.ca

 

Managing Director: Mark Alexander Mailloux

You can contact our data protection officer by mail at the address provided or directly by e-mail at privacy@ypsomed.ca.

Personal data is all information that allows identification of your person. For example, this includes the name, address, telephone number, e-mail or IP address.

Handling of personal data

Personal Data

Personal data is all information that allows identification of your person. This includes your contact data such as name, address, telephone number, e-mail, but also your IP address.

When accessing our Internet pages, registering in online portals and using our web services (orders, web surveys, registration for events, etc.), we collect personal data about you. We process personal data in accordance with data protection regulations and only to the extent necessary to provide the services or content you have requested.

Safety

We ensure the necessary technical and organisational security measures and adequately protect your personal data from unauthorised access and misuse.

During transmission, we protect your data using an encryption method (e.g. SSL) via HTTPS. In addition, we secure our servers using firewalls and virus protection, create regular back-ups and work with role and authorisation concepts.

Our employees are obliged to observe the applicable data protection regulations when handling personal data.

Automatically collected data

Server log files

Description, scope and purpose of data processing
Our Internet pages log all enquiries and accesses of visitors to our Internet pages automatically and save these data as so-called server log files.

Server log files are used to track your activities on our Internet pages and to locate any errors in the functions of the site. The following data are logged automatically: 

  • Website accessed
  • Time of access
  • Volume of transmitted data in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used
  • User data, when logging into a user account
  • Error reports
  • Error sources (which module created the error)

We use the collected data anonymously for statistical evaluations and to improve our Internet pages. However, we do reserve the right to check the server log files retrospectively if concrete indications point to illegal use. For security reasons, you therefore have no option of rejecting the collection of this data.

Access to the server log files is restricted to a few system administrators of Ypsomed and our service provider e3N (e3N GmbH & Co. KG, Göttelmannstrasse 13A, D-55130 Mainz).

Legal basis for data processing:
The legal basis for the temporary storage of data and server log files is our legitimate interest in maintaining the functionality of the Internet page, Art. 6 para. 1 lit. f GDPR.

Duration of storage:
The log files of the web and mail servers are irrevocably deleted after 7 days.

Cookies

Some of our Internet pages use cookies. This standard technology hides small text files that are temporarily or permanently stored on your hard drive. Cookies are used to better match the offer on our website to your interests or provide improvements in general on the basis of statistical evaluations.

You can deactivate the storage of cookies in your browser settings in whole or in part if you want to prevent your visit to our Internet website from being tracked. Ask your browser provider how you can delete and block cookies or search for a help function in your browser. However, we wish to point out that you may not be able to use all functions of our Internet website after deactivation.

Description and scope of data processing
If you allow the use of cookies through your browser settings, the following cookies may be used on our Internet pages:

Name Type Source Intended use Duration of storage
PHPSESSID Technical ypsomed-diabetescare.com

This cookie serves as an identification feature for the duration of your visit to our Internet pages

Session
FE_USER_AUTH Technical ypsomed-diabetescare.com

This stores the registration information when you access an area of our website that is protected by a login.

5 hours
cookieconsent_status Technical ypsomed-diabetescare.com

This stores the status of your consent for setting cookies on the current domain.

Session
_ga Analytic Google

It assigns a randomly generated number to the user's device. This is used to detect when our website is accessed again via this device.

2 years
_utma Analytic Google It analyses how often a user accesses our website via this device. 2 years
_utmb Analytic Google It places a time stamp as soon as a user accesses the website. 30 minutes
_utmc Analytic Google It places a time stamp as soon as a user leaves the website. Session
_utmt Analytic Google It decreases the "request rate" 10 minutes
_utmz Analytic Google It analyses where you come from to our website (link from campaign, website, etc.) 6 months

Analytical Cookies
For cookies, which enable an analysis of your behaviour or the viewing of individualised content and offers, we obtain your consent when you call up our website. This consent forms our legal basis for the use of analytical cookies.

Further information on analytical cookies can be found in Section Google Analytics with anonymisation function as well as Newsletter and media distribution list.

Purpose and legal basis for data processing:
We cannot offer some functions of the website without the use of cookies. For example, in order for a user area to function, the user must be recognised even after a page change.

The cookies we use are cookies that are technically necessary. The legal basis for the use of these cookies is our legitimate interest in maintaining the functionality of the Internet page. The legal basis is Art. 6 f GDPR.

Use of various Google services

On our website we use various Google services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google").

Google stores cookies on your terminal when using Google services via your Internet browser. Here we cannot exclude the possibility that Google may use servers in the USA for this purpose. However, Google has submitted to both the EU-US Privacy Shield as well as the Swiss-US Privacy Shield. According to information provided by Google, Google uses the collected data for the provision of the service and to ensure that the service functions properly.

If you are logged in to Google, your information will be directly assigned to your Google Account. If you do not wish to be assigned to your profile on Google, you must log out before activating Google services. Google stores your data (even for users not logged in) as user profiles and uses them for the purposes of demand-oriented advertising, market research and/or demand-oriented design of its website, unless expressly denied by Google in the case of individual services. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. For more information, please refer to the description of each Google service as well as Google privacy policy.

Google Analytics with anonymisation function
Google Analytics' cookies allow us to analyse how you use our website. In this way we can constantly optimise our offer and improve the quality of our website and its contents. The cookies in question are given in the table above.

The information generated by the cookies, such as the time, place and frequency of your visit to our website, including your IP address, is transmitted anonymously to Google in the USA and stored. IP addresses are shortened by the additional code "_gat._anonymizeIP" on our Internet pages and are thus automatically anonymised before they are transmitted to Google.

Google evaluates the information about your use of our website on our behalf and generates reports on the activities on our website and provides us with other services associated with Internet use. According to the company, Google does not associate the IP address with any other data held by Google.

You can disable Google Analytics by clicking on the following link: javascript:gaOptout(). This installs an opt-out cookie on your device. This opt-out cookie will prevent Google Analytics from collecting cookies for this website and for this browser in the future as long as the cookie remains installed in your browser.

As an alternative, you can prevent the storage of cookies by setting your browser software accordingly. Also install the browser plugin available at the following link: Browser Add-On for deactivating Google Analytics. This will prevent the collection and forwarding of data relating to your use of the website (including your IP address) as well as the processing of this data by Google.

Google Tag Manager
In connection with Google Analytics we also use the Google Tag Manager. This service is used for the flexible integration of so-called "tags", which transmit the desired analysed data to Google Analytics using code positions. The Tag Manager does not collect or access any personally identifiable information. The data are always anonymised.

Scroll depth of specific pages: This tag analyses how the content of our Internet pages is viewed, in particular pages with longer content. The scroll depth is expressed in %.
Click rate of specific elements: This tag analyses the general interaction with the contents on our website so that we can position the information optimally. For example, the measurements include: downloads of brochures, clicks on email addresses, clicks on interactive buttons.
Progress rate for forms: This tag records opting out from a form or the sending a form. It is used to optimise forms or form fields. For example, the individual form fields are checked for interaction. However, the entered data itself is not transmitted to Google Analytics.

Integration of the reCaptcha Google service

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our Internet pages. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Description and scope of processing

With reCAPTCHA we check whether certain entries in our contact or newsletter forms are made by a person or a computer. For this purpose, reCAPTCHA analyses your interactions as soon as you call up the website using the following characteristics:

  • IP address of the terminal used,
  • the date and your duration on the website,
  • the mouse movements you have made on the reCAPTCHA surfaces and the tasks where you need to identify images,
  • the identification data of the browser and type of operating system used,
  • the Google account if you are logged in via Google.

The data collected during the analysis are forwarded to Google. According to information provided by Google, Google uses the information collected by reCAPTCHA to improve reCAPTCHA and for general security purposes. However, they are not used by Google for personalised advertising.

For more information about Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/ and https://www.google.com/recaptcha/. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield as well as the Swiss-US Privacy Shield.

Purpose and legal basis for data processing:

Ypsomed uses reCAPTCHA to counter the increased number of registrations on user accounts and newsletters by machines with appropriate protection. reCAPTCHA currently offers the best protection against such attacks (bot attacks).

Integration of Google Maps

The offer of Google Maps is also used on our website. This allows us to display an interactive map directly on the website and enables you to conveniently use the map function.

Description and scope of processing: As soon as you click on our address in the navigation of the embedded map on our website, Google Maps opens in a new tab.. Please note that you are bound to additional conditions of use for Google Maps/Google Earth including the Google privacy policy when you use Google Maps. For more information about the purpose and scope of data collection and its processing by Google, please contact Google Maps.

Google saves cookies on your terminal when using Google Maps via your Internet browser. Here we cannot exclude the possibility that Google may use servers in the USA for this purpose. However, Google has submitted to both the EU-US Privacy Shield as well as the Swiss-US Privacy Shield. According to information provided by Google, Google uses these data for the provision of the service and to ensure that the service functions properly. If you are logged in to Google, your information will be directly assigned to your Google Account. If you do not wish to be assigned to your profile on Google, you must log out before activating Google Maps. Google stores your data (even for users not logged in) as user profiles and uses them for the purposes of demand-oriented advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Purpose and legal basis of data processing: the integration of Google Maps serves solely to offer you a route planner to our business location. The use of the convenient route planner is only possible with the integration of Google Maps and the corresponding data processing. For this purpose, our legitimate interest also lies in the processing of personal data.  The legal basis for the processing of personal data is Art. 6 Sec. 1 lit. f GDPR.

Duration of storage: the data you enter in the route planner will not be stored by us. If you wish to have your data deleted by Google, please go to Google privacy policy to obtain information.

Data which you transmit to us

For certain offers and services on our website, you must provide us with personal data about yourself and for the fulfilment of the respective offer/service requested.

Processing orders

Description and scope of data processing
You have the option of ordering information brochures and products from our online offer. If you place an order, we require your contact data to process shipping. We process these data only for the registration and processing of your order and store them in the customer system on the SAP server of Ypsomed AG in Switzerland.

Purpose and legal basis for data processing:
The purpose of processing is to comply with your request and to send you the desired information and brochures. This enables us to fulfil our contractual obligations or to take pre-contractual measures.

Contact form and service phone

Description and scope of data processing
For your questions and concerns you can contact us via a contact form or by phone. The following data are collected via the contact form: first and last name, country, e-mail, message text. If you call us, your name and, if applicable, other contact data such as your callback number or e-mail address, which you provide us via the telephone, as well as the reason for your call and the date and time of your call, will be recorded and stored by our employees on the service telephone. We use your data exclusively to process your enquiry or concern. By submitting your contact request using the form on our Internet page, you give us your consent that we may process personal data about you to answer your request. We store the data in the customer system on the SAP server of Ypsomed AG in Switzerland. 

Legal basis for data processing:
The legal basis for processing your data is your consent, Art. 6 para. 1 lit. a GDPR. If you call us and we do not obtain separate consent, we base the processing of your data on our legitimate interest to be able to process and respond to your request/concern as requested or to fulfil our contractual obligations, Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR.

Duration of storage:
The data will be deleted as soon as they are no longer necessary for the purpose of their processing. This is the case in the context of your enquiries when the relevant facts have been completely clarified, unless contractual or statutory obligations prevent deletion.

Newsletter and media distribution list

Description and scope of data processing
When you register for our newsletter, we collect your e-mail address as well as your surname, first name and interest group. We use the data transmitted by you for the provision of information about Ypsomed or our products in the form of a newsletter. Distribution is by E-mail via the service provider Evalanche (SC-Networks GmbH, Enzianstrasse 2, Starnberg, Germany).

Legal basis for data processing:
The legal basis for processing is your consent when registering for our newsletter, Art. 6 para. 1 lit. a GDPR.

Duration of storage:
If you unsubscribe from a newsletter, your profile will remain in our newsletter database as long as you are still subscribed to other Ypsomed newsletters. Your profile will only be deleted if you have unsubscribed from all newsletters or if you expressly request deletion via our contact form.

User account

Access to certain Internet pages is protected by a password. In order to gain access to such pages, you must register in advance and provide us with further information (e.g. profession, therapy details, etc.) in connection with the desired service.

Description and scope of data processing
The data you provide will only be used for the registration and authentication of your person. If required by law, we will verify your information before we send you access data.

Legal basis for data processing:
The legal basis for the processing of your data is your consent when registering for the user account, Art. 6 para. 1 lit. a GDPR.

Duration of storage:
The data of your user account is hosted on servers in Germany. The operation and hosting of the SAAS solution is guaranteed by the provider maxcluster (maxcluster GmbH, Technologiepark 8, Paderborn, Germany).

You can cancel your user accounts at any time. In this case we delete your data on the web server, unless contractual or legal obligations preclude deletion.

Online job application

Description and scope of data processing

Online form
If you are interested in one of our job vacancies, you can send us your complete documents via an online application form. You will be asked for the following data via the application form: title, first and last name, country, e-mail address, job reference, application documents (motivation letter, curriculum vitae, certificates), optional: address, telephone number, remarks/questions.

Applications that you submit using the online application form are sent via a secure link to the address of the Human Resources Department referred to in the job advertisement. The web server itself does not store any personal data and application documents from the web form.

Application by e-mail
You can also send your application documents directly by e-mail. To do this, use the e-mail address declared in the job advertisement. Please note that an unencrypted transmission by e-mail takes place in this case and that your data could under circumstances be viewed by third parties.

Legal basis for data processing:
Depending on the outcome of the further application process, your documents will be used to establish an employment relationship and to implement pre-contractual measures. This gives us the legal basis for processing your data. The legal basis is Art. 6 para. 1 lit. b GDPR.

Duration of storage:
The application documents are kept in the inbox of the Human Resources Department during the recruitment process and deleted after completion of the application process. When you are employed by Ypsomed, we record your data in Ypsomed's personnel system and the statutory retention obligations during and after termination of an employment relationship apply.

Forwarding of personal data to third parties

If necessary, we share your personal data for the processing of orders, the clarification of enquiries or in connection with technical maintenance work with companies within the Ypsomed Group as well as external service providers insofar as this is necessary to process the contract or if you have consented explicitly. We only disclose as much information as is necessary for this purpose and for completing the order. For example, when ordering products it is necessary for us to pass on your name and address to our shipping agents, to logistics providers, or to pass your bank account details to our bank.

Ypsomed remains responsible for the control and correct processing of the data, even if they are forwarded to companies of the Ypsomed Group or external third parties for the handling of business processes. We ensure that the companies of the Ypsomed Group comply with data protection regulations with the required contractual agreements and also oblige our distribution partners as well as the suppliers commissioned by us, to respect data protection and data security and to only process the data as is necessary to fulfil their task.

Your rights

Right to information, correction and deletion

You can request information in writing at any time as to whether and which personal data we process from you for which purpose, who is the recipient of your data, if any, how long the data is stored, where the data originates from, what rights you are entitled to and whether automated decision making including profiling is thus carried out. Furthermore, you can request the correction or completion as well as the deletion of your data. To do this, please send us a message to the above contact address.

We will endeavour to correct/complete or delete your data immediately upon request. Deletion may be prevented by the necessity to keep the data for the fulfilment of a legal obligation (e.g. tax or commercial retention obligations), for reasons of public interest or for the assertion, exercise or defence of legal claims.

Children

We do not want to process personal data of children without permission. Persons under 16 years of age are expressly advised that they must obtain the consent of their legal guardian to transfer their personal data.

If we become aware that a user is a minor and he/she has provided us with personal data without the verifiable consent of a legal guardian, we will delete these data from our databases immediately. Legal guardians have the option of viewing the information provided by the child and/or request deletion at any time. Until the request for correction or deletion is placed, the provisions of this data protection declaration shall apply.

Right to restriction and data transmission

You have the right to request that the processing of your personal data be restricted, provided that the legal requirements are met.

You may request your personal data that you have provided to us in a structured, common and machine-readable format or have it transferred to another responsible person.

Right of revocation

You can revoke all declarations of consent you have given us for the processing of your personal data at any time without giving reasons. The processing of the data remains lawful until revocation of consent.

Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is performed based on Art. 6 Sec. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

Right of complaint

You can lodge a complaint with the data protection supervisory authority of your usual place of residence or workplace or our registered office if you have doubts that your data are being processed in a legally compliant manner.

Links

The Ypsomed Internet website may contain links to external pages. If you use one of these links, please be aware that this data protection declaration no longer applies to the external site and that Ypsomed does not monitor these sites. You can obtain information on the external Internet site about the applicable data protection regulations there.

Changes to this data protection declaration

This data protection declaration must be amended from time to time so that it meets the legal requirements or so that changes to our services and offers are implemented in the data protection declaration. We reserve the right to change this at any time. The respective current version can always be found here in the same place. Please consult the data protection declaration regularly when you visit our Internet site.