PRIVACY AND COOKIE POLICY (EXTERNAL) – FERROSAN MEDICAL DEVICES A/S
1. INTRODUCTION
At Ferrosan Medical Devices A/S, CVR-no. 32 94 23 42 (“us”, “we”, or “our“), we understand the importance of treating the personal data of our customers, business partners, visitors to our website, and other individuals we interact with in a confidential manner. We are committed to the following the requirements and obligations in relation to data privacy in accordance with applicable law, including the EU General Data Protection Regulation (“GDPR“) and the Danish Data Protection Act. Therefore, we have secure and adequate data processing procedures in place.
We are the data controller for the processing of your personal data. Below, we have provided an overview of the processing activities in which personal data are processed, including among others the purpose thereof and the legal basis.
If you have any questions to this privacy and cookie policy (“Privacy Policy”) or you wish to exercise your data subject rights pursuant to Chapter III of the GDPR and according to section 6 of this Privacy Policy, please contact us by e-mail at GDPR@ferrosanmd.com.
2. PROCESSING OF PERSONAL DATA
Website visitors (cookies) |
||||
|---|---|---|---|---|
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| The purpose of using cookies is to allow our website, https://ferrosanmedicaldevices.com/ (“Website”), to function. Find more information about our use of cookies in section 5 below. | When you visit our Website, we will process personal data about you, for instance, cookies, browser type and version, IP-address, and length of visit. | The legal basis for our use of functionality cookies on our website is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to provide you with a website that is functional. | We may share your personal information with business partners or other collaborators for business purposes, such as business partners within IT support/assistance, public authorities, customers/distributors, consultants, or suppliers/sub-suppliers. Such third parties include, among others, social media providers, as further described in section 4 below. | Personal data collected via cookies through use of our Website are stored for different periods depending on the type and purpose of the cookie in question. See section 5 below. |
Contact persons at a business partner |
||||
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| The purpose of processing your personal data is for us to communicate with you as a contact person at one of our business partners within IT support/assistance, public authorities, customers/distributors, consultants, or suppliers/sub suppliers (“Business Partners”) or other collaborators. | When we communicate with you, we will process personal data about you, such as your name, email address, telephone number, and job position. | In certain cases, the processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the retention of accounting records in accordance with the Danish Bookkeeping Act (In Danish: Bogføringsloven). In such cases, the legal basis is Art. 6(1)(c) of the GDPR. In other cases, where you are an employee at a company that is our Business Partner, the legal basis for the processing of your personal data in relation to you as a contact person is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to communicate with our customer or business partner where necessary for business and collaboration purposes. |
We may disclose your personal data to authorities, if we are legally obliged to do so. We may also share your personal information with our Business Partners or other collaborators. In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of our legal claims, we may disclose your personal data to our legal advisers or other relevant third parties provided it is deemed necessary and lawful. |
We will store personal data about you (i) as long as we communicate with you because you are the relevant point of contact, (ii) until we are no longer obligated to do so, or (iii) until it is no longer necessary for the establishment, exercise, or defence of a legal claim. In general, personal data is deleted automatically after 24 months, if not journalized for specific purposes or manually deleted beforehand. |
Inquiries via telephone or e-mail |
||||
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| The purpose of processing your personal data is for us to communicate with you via telephone or e-mail. | When we communicate with you, we will process personal data about you, such as, your name, email address, telephone number, and job position. | The legal basis for the processing of your personal data is our legitimate interests and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interest pursued is to be able to handle incoming inquiries effectively. In cases where your inquiry is about entering into a contract with us, the legal basis for the processing of your personal data in that regard is Art. 6(1)(b) of the GDPR. This is because the processing is necessary in order to take steps as requested by you prior to entering into a contract. |
In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of legal claims, we may disclose your personal data to our legal advisers or other relevant third parties provided it is deemed necessary and lawful. | We will store personal data about you (i) as long as we communicate with you or until it is no longer necessary for the establishment, exercise, or defence of a legal claim. In general, personal data is deleted automatically after 24 months, if not journalized for specific purposes or manually deleted beforehand. |
Social media |
||||
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| If you choose to follow or communicate with us on social media (LinkedIn), we will process your personal data. The purpose of processing personal data on our social media (LinkedIn) is to communicate and interact with you, as well as to market ourselves to you. | When you interact with us on social media (like, comment, follow, etc.), we gain insight into the personal information you have made available on the social media platform, including, for example, your name, gender, marital status, job, interests, city, comments, visits, and ‘likes’ on our page or posts. | When we process your personal data on social media, the basis for the processing is our legitimate interest in being able to communicate with you, carry out commercial and image branding activities as well as to improve our business. We assess that your interests or fundamental rights and freedoms do not override this, in accordance with Article 6(1)(f) of the GDPR. | Providers of the respective online service, LinkedIn Corporation, is the data controller for their own processing of your personal data and joint data controllers with us for the sharing of your personal data for the purpose of displaying our news and offers and excluding recipients from irrelevant messages and target groups.We have no control over the independent processing of your personal data by social media, and we therefore refer you to their individual privacy policies for more information about their processing and sharing of your personal data.• LinkedIn: https://dk.linkedin.com/legal/privacy-policy | We process your personal data until you delete it from the respective social media platform, for example, by deleting your comment or your ‘like’ or when we remove the post, etc. in question. |
Board members and shareholders |
||||
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| If you are a board member or a shareholder, we will process your personal data to make necessary registrations with relevant authority/-ties.Further, we process information about material and minutes from board meetings and minutes from shareholders’ meetings, that may include personal data such as e.g. names and resumés of opinions and similar. | When you are registered as a board member or as a shareholder, we gain insight into your contact information, identification data, and CPR number. If you are a shareholder, we also process information about the number of shares you own. | The processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the duty to register board members and shareholders in the Danish Companies Act (in Danish: Selskabsloven). In such cases, the legal basis is Article 6(1)(c) of the GDPR and Sections11(2)(1) the Danish Data Protection Act (in Danish: Databeskyttelsesloven). | The Danish Business Authority (in Danish: Erhvervsstyrelsen) is data controller for their own processing of your personal data. Our disclosure of your personal data includes identification information incl. name and address and CPR number. In this regard, we refer to the Danish Business Authority’s privacy policy for more information about their processing of personal data. | Your information is maintained and deleted on an ongoing basis. Personal data such as contact information are deleted when you resign or dispose of your shares.Board materials are kept as long as necessary and as long as it serves a purpose of documentation.In general, personal data is deleted automatically after 24 months, if not journalized for specific purposes or manually deleted beforehand. |
Business partners (physical persons) |
||||
Purpose |
Categories of personal data |
Legal basis for processing |
Recipients of your personal data |
Retention period |
| If you are a physical person and a Business Partner or other collaborators of ours such as independent consultant or health care professional), we will process your personal data to facilitate the business we are conducting together or plan on conducting together, e.g., entering into confidentiality and/or consultancy agreements with you, communicating with you, and by recording online meetings (where applicable). | When we communicate with you, we will process personal data about you, for instance, your name, email address, telephone number, job position, information on work tasks performed by you, and voice and video recordings (where applicable). | In certain cases, the processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the retention of accounting records in accordance with the Danish Bookkeeping Act (In Danish: Bogføringsloven). In such cases, the legal basis is Article 6(1)(c) of the GDPR. In other cases, the legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR, because the processing is necessary in order to take steps at your request prior to entering into a contract or to be able to fulfil a contract. In other cases, the legal basis for the processing of your personal data is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Article 6(1)(f) of the GDPR. The legitimate interests pursued are to communicate with our Business Partners or other collaborators for business purposes where necessary for business and collaboration purposes. |
We may disclose your personal data to authorities, if we are legally obliged to do so.In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of our legal claims, we may disclose your personal data to our advisers or other relevant third parties provided it is deemed necessary and lawful.We may also share your personal data with our Business Partners or other collaborators for business purposes. | We will store personal data about you (i) as long as we communicate with you, (ii) until we are no longer obligated to do so, or (iii) until it is no longer necessary for the establishment, exercise, or defence of a legal claim.In general, personal data is deleted automatically after 24 months, if not journalized for specific purposes or manually deleted beforehand. |
3. Transfer of your personal data to a third country (outside of eu/eea)
In certain cases, your personal data may be transferred to countries outside of the EU/EEA. We ensure that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of the EU/EEA that will receive your personal data will ensure an adequate level of protection, for example, by entering into the EU standard contractual clauses (“SCCs”) with us. We will ensure the implementation of supplementary safeguards if deemed necessary in the specific case. You may receive a copy of the legal basis for transfers upon request. Please contact GDPR@ferrosanmd.com.
4. Social media
Our Website does at the current stage not use plug-ins from social networking sites like LinkedIn. However, this may change in the future. Any chances to this section will be visible in the change log in section 9.
5. Use of cookies
When you visit our Website for the first time, you will be asked to give your explicit consent to the use of cookies on the Website or decline the use of all or some of the cookies. Please note that the use of functionality cookies (e.g. necessary cookies) does not require your consent, as such cookies are necessary for the function of the Website. At the moment, we use no non-functional cookies, but this may change in the future. Any chances to this section will be visible in the change log in section 9.
5.1 What are cookies
A cookie is a text file that is sent to your browser from our Website and saved on your computer, phone or whichever device you use to access the internet. However, the meaning of the word “cookies” in this Privacy Policy and in the consent text also includes other kinds of automated data collection, e.g. Flash-cookies (Local Shared Ob-jects), Web Storage (HTML5), JavaScript’s, pixels, or cookies placed by the use of other kinds of software. The word “cookies” also refers to information about MAC-addresses and other information about your device.
There are basically two types of cookies – so-called session cookies and persistent cookies. Session cookies are information units that are deleted when you close your web browser. Persistent cookies are information units that are stored on your computer until they are deleted. Persistent cookies delete themselves after a certain period but are renewed each time you visit the Website. We use both session and persistent cookies. Read more about this below in section 5.5 where you will also find an overview of the specific cookies we use.
5.2 The purpose of cookies
Cookies may be used for a number of purposes, but in essence they are used to save information about your activity on the internet. Cookies contain information that later in time can be read by a web server on the domain that issued the cookie in question. This means that the relevant website remembers you the next time you visit it. We collect information via cookies to allow the website to function in terms of basic functionality. The benefit for you is that you will save time next time you visit the Website, by ensuring that you have a seamless and secure experience.
5.3 How long are cookies stored?
Cookies delete themselves after varying periods but are updated automatically when you visit the Website again. Information about your online behaviour, including cookies accepted by you, will be deleted in different intervals as described the cookie declaration below.
5.4 Third party cookies
We do not use third party cookies for the time being, but this might change in the future. Any chances to this section will be visible in the change log in section 9.
5.5 Cookie declaration for non-functional cookies
Cookie declaration last updated on XXXX by [insert cookie solution provider]:
Cookie name |
Operator |
Purpose |
Retention periods |
|---|---|---|---|
| CookieInformationConfig | Cookie Information | Used by Cookie Information to track your consent across different domains and subdomains. | 1 Year |
| CookieInformationConsent | Cookie Information | Used by Cookie Information to store your consent data. | 1 Year |
5.6 Removal of cookies
You can always reject or deselect the location of cookies on your computer by changing the settings in your browser or by visiting the permanent representation of the cookie banner available here: [link].
Cookies can easily be deleted subsequently. If you use a computer with a newer browser, you can delete your cookies using the shortcut keys: CTRL + SHIFT + Delete. If the shortcut keys do not work and/or if you use a MAC, you must start by finding out which browser you are using, and then click on the relevant link with guidelines on how to opt out of cookies:
Note that if you use multiple internet browsers, you must delete cookies in all your browsers.
6. Your rights
We have implemented several measures to protect your personal data and ensure your rights. As a data subject, you can exercise the rights listed below. Please note that certain limitations may apply to your ability to exercise these rights, for example, when your right to obtain the information is found to be overwritten by essential considerations of private interests. The Danish Data Protection Agency has prepared guidelines regarding the data subjects’ rights. The guidelines can be accessed here. However, please note that the guidelines are only available in Danish.
As a data subject you have the following specific rights, unless otherwise exceptionally provided by the data protection legislation:
- Right of access
- Right of rectification
- Right of erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
Right to complain to the Data Protection Agency, Datatilsynet
If you disagree with the way in which we process your personal data, you may file a complaint with the Danish Data Protection Agency, using the contact details that are available at www.datatilsynet.dk. However, we hope that you will contact us first, using the below contact details, so that we may reach agreement.
If you wish to exercise any of the above-mentioned rights, or if you wish to withdraw a former consent, you are welcome to contact us at GDPR@ferrosanmd.com.
7. Questions or complaints
If you have any questions relating to this Privacy Policy, you wish to exercise your rights as mentioned above, or you disagree with the way we process your personal data, you can contact us at GDPR@ferrosanmd.com. You can also file a complaint to the Danish Data Protection Agency, which is an independent public authority that, inter alia, is responsible for monitoring and enforcing the application of the GDPR. The Danish Data Protection Agency’s contact information is available on its website: www.datatilsynet.dk.
8. Amendments to this privacy policy
We have the right to modify this Privacy Policy regarding new technologies, regulatory requirements, or other purposes. For this reason, please visit this page periodically. Below is highlighted the date when the last version of this Privacy Policy has been uploaded.
Date of the most recent version of this Privacy Policy: 29 January 2025.
9. Change log
Here you can see all changes made to this Privacy Policy.
Previous version |
Changed from |
Changed to |
Reason for change |
|---|---|---|---|
