Privacy Policy for the EU and UK
LAST UPDATED: August 21, 2024
Welcome to the JenaValve Privacy Policy (“Privacy Policy”) for the European Union (“EU“) and the United Kingdom (“UK”). We take the protection of your personal data seriously and work hard to maintain a secure website for your use. JenaValve Technology, Inc., together with its affiliates (collectively, “JenaValve”, “we,” or “us”), provides effective and innovative solutions that support physicians and clinicians in the treatment of cardiovascular conditions and improve the quality of life for people around the world.
This Privacy Policy is intended to better help you understand our practices regarding personal data collected through our website, www.jenavalve.com (“Website”), by describing how JenaValve collects, processes, shares and retains the personal data you provide to us or that we collect through your use of the Website (“User” and collectively, “Users“).
This Privacy Policy is only applicable to Users from the EU or the UK. Users from the U.S. please visit our U.S. Privacy Policy here, https://jenavalve.com/privacy-policy/.
1. Contact Information of the Controller
JenaValve Technology, Inc. is the Controller for processing your personal data in relation to this Website.
If you have any questions, requests, or comments about this Privacy Policy, please do not hesitate to contact us at:
Phone: 1-949-767-2110
Email: info@jenavalve.com
Postal Address:
Corporate Compliance Officer
JenaValve Technology Inc.
4 Cromwell
Irvine, California 92618
USA
2. Information on the Processing of Your Personal Data on this Website
2.1 Personal Data that is Processed Automatically by Visiting this Website
As part of your use of the Website, we automatically collect certain personal data that is required for the use of the Website and process it accordingly. These are
- Your IP-Address;
- Visited webpages of our Website;
- Date and time you visited our Website;
- Browser type and version;
- Operating system;
- Name of the search engine or the external link; and
- Name of the downloaded files.
This personal data is automatically transmitted to us by your end device and processed by us in real time without storage in order to (1) deliver and optimize the content of our Website; (2) to ensure the long-term functionality of our information technology systems as well as of the technology of our Website; and (3) providing law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.
This data processing is based on our legitimate interest in ensuring the functionality and user-friendly operation of the Website.
2.2 Contacting Us Using the Contact Form
When users complete the ‘Contact Us’ form on the Website, we process the following categories of your personal data:
- Name;
- Email address;
- Phone number;
- Company name; and
- Your message.
This personal data is processed in order to handle and answer your query. This processing is based on our legitimate interest in responding to your query if your query is not contract related, e.g., general queries regarding information. Our legitimate interest is to manage our business relationship if you contact us on behalf of a business in relation to a (potential) contract. If your inquiry is related to a contract you have entered into or are interested in entering into with us as a consumer, that contract will be the basis for the processing of your personal data.
Your personal data will be deleted if and when your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations.
2.3 Fraud Prevention
We process your personal data to prevent fraudulent activities on our Website. For this purpose we process the following categories of personal data from you:
- Your name; and
- Email address.
This processing is based on our legitimate interests in protecting ourselves from fraudulent activities. The personal data provided will be processed as part of security monitoring and threat analysis/mitigation.
2.4 Assertion of and Defense Against Legal Claims
We can process and retain your personal data to assert or defend against legal claims. In order to do so, we process the following categories of your personal data:
- Content of query sent via the ‘Contact Us’ form including the personal data mentioned under Section 2.2 above; and
- Any other personal data that may be relevant to the case.
This processing is based on our legitimate interests in exercising legal claims, including the provision of evidence in case of a legal dispute or an administrative request.
2.5 Using the Integrity and Ethics Reporting Helpline (“Helpline”)
You have the option of using the Helpline to which access is provided on the Website. JenaValve offers the following convenient ways to report a concern to the Helpline:
- You can submit a report online;
- You can speak directly to an EthicsPoint specialist by calling the dedicated Helpline number for your location; and
- You can use an QR code to access the Helpline mobile site.
If you choose to use the Helpline, JenaValve has no influence on the processing of your personal data as it is not the controller. If you choose to submit an online report, you will be directed to a website of NAVEX Global, Inc. (“NAVEX”), for which NAVEX is the sole controller. The NAVEX Privacy Statement can be found here.
2.6 Using the Career Website
When you visit our careers website, you will be directed to paycomonline.net where you can view our current job opportunities. This feature is currently only available for job openings in the U.S. For information regarding the processing of your personal data on paycomeonline.net, please see the Paycom Payroll LLC’s privacy policy here. Our processing of your personal data for the purposes of the application process is set out in a separate privacy policy which you can access during the application process.
3. Recipients of Personal Data
To the extent permitted by applicable law, we disclose personal data to the following categories of recipients:
- Combined entities, affiliates and Agents. We, JenaValve Technology Inc., share personal data with our combined entities, affiliates, any business partners or agents acting on our behalf. These include JenaValve Technology GmbH and JenaValve Production Ltd.
- Service Providers. We share personal data with our service providers (e.g., data storage service providers), agents, vendors and other third-parties we use to support our business. We share personal information with such third-parties to the extent necessary to provide services to us, and pursuant to binding contractual obligations. These include IT service providers, e.g., for hosting and fraud prevention, as well as customer support service providers.
- Mergers, Acquisitions, Divestitures. We share, disclose or transfer personal data to a buyer, investor, new affiliate, or other successor in the event JenaValve, or any affiliate, portion, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, joint venture, consolidation, reorganization, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets of JenaValve or any affiliates or during steps in contemplation of such activities (e.g., negotiations and due diligence).
- Law Enforcement, Courts and Public Authorities. In case required by law, necessary for the assertion or defense of legal claims, or requested in an official order or by court, we transfer your personal data to a court or a public authority and to our external legal advisors.
In case our service providers process your personal data on our behalf, we enter into a data processing agreement with them.
4. Cookies and Similar Technologies
We use cookies on our Website to make our internet presence more user-friendly and functional. Some cookies remain stored on your end device.
Cookies are small text files that are sent from our web server to your browser and stored on your computer’s hard disk. Only an individual pseudonym will be stored. This information is used, for example, to recognize you when you navigate our Website and to make navigation easier for you.
Cookies are divided into the following categories depending on their purpose and function:
- Necessary: Technically necessary cookies ensure the technical operation and basic functions of our Website. This type of cookie is used, for example, to maintain your settings while you navigate the Website. Technically necessary cookies are not consent based.
- Functional: Functional cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our Website. If you do not allow these cookies then some or all of these services may not function properly, e.g. videos displayed on this Website.
- Analytics: They help us to understand how users interact with our Website by collecting and analyzing information. This provides us with valuable insights to optimize both the Website and our products and services.
- Performance cookies: Performance cookies help us understand the performance indexes of our Website for us to deliver a better user experience.
- Advertisement: These cookies are used for targeted advertising activities for users on our Website.
The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our Website. It is not necessary to obtain consent for these cookies, as the use of these cookies is necessary to provide important functions of the Website.
The use of all other cookie categories listed above is based on the consent previously obtained from you. You can withdraw your consent to the use of cookies at any time for the future. Consent is voluntary. If you do not consent, there are no disadvantages.
Alternatively, you can also view this Website without cookies. You can preset this in your browser. Please note that some functions of the Website may no longer be available in whole or in part as a result.
Further information about the cookies we use (in particular about their purpose and storage duration) can be found in the cookie banner itself.
We also use so-called local storage functions (also known as “local storage”) on our Website. This involves storing data locally in your browser’s cache, which continues to exist and can be read even after you close the browser—unless you delete the cache or it is session storage. Third parties cannot access the data stored in the local storage. If you do not want data to be stored in the local storage, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
5. Google Analytics
We use Google Analytics 4, a service provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Personal data transferred to the service provider Google in the USA when using Google Analytics is transferred based on the adequacy decision of the European Commission EU-U.S. Data Privacy Framework (EU-U.S. DPF) within the meaning of Art. 45 para. 3 GDPR or where applicable the UK Extension to the EU-U.S. DPF.
We use this tool to analyze your engagement with our Website (web analysis tool). Google uses the information collected on the website to analyze your use of our Website and to compile reports on website activity. The reports provided by Google are used by us to analyze the performance of our Website. We use the User ID function (user identifier), which allows us to assign a unique, permanent ID (identifier) to one or more sessions (and the activities within these sessions) and thus analyze user behavior across devices.
During your Website visit, your user behaviour is recorded in the form of “events”. Events can be:
- Page views
- First visit to the Website
- Start of session
- Web pages visited
- Your “click path”, interaction with the Website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Interaction with videos
- File downloads
Also recorded:
- Your approximate location (region)
- Date and time of your visit
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this Website)
The legal basis for processing your personal data with Google Analytics is your consent. You can withdraw your consent at any time by changing your cookie settings in our cookie banner, accessible here.
If you require more information about the automatically collected data, you can view it at the following link: https://support.google.com/analytics/answer/9234069?visit_id=638573410300103827-4005264376&rd=2.
Information on any predefined dimensions of a user (depending on the option used) or on the optimised analyses and events can be accessed via the following links:
- Regarding the possibly predefined dimensions of a user: https://support.google.com/analytics/answer/9268042?visit_id=638573410300103827-4005264376&rd=1
- With regard to any optimised analyses and events: https://support.google.com/analytics/answer/9216061
6. Google Tag Manager
We also use the Google Tag Manager tool, a service provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Personal data that is transferred to the service provider Google in the USA when using the Google Tag Manager is transferred based on the adequacy decision of the European Commission EU-U.S. Data Privacy Framework (EU-U.S. DPF) within the meaning of Art. 45 para. 3 GDPR or where applicable the UK Extension to the EU-U.S. DPF.
We use the Google Tag Manager service to integrate various website tags from Google into our website (e.g. website analysis products). In programming language, tags are parts of code that are used to track the activities of visitors to a website. The word “tag” refers to a label or a marker and is used to mark a database with certain (additional) information. Depending on the type of activity tracked and the function of the respective tag, a distinction is made in particular between so-called counter tags, conversion tags, remarketing tags and container tags. The personal data Google processes for these purposes are your IP-address, device and browser information, location data, visited page sequences and technical data.
The legal basis for processing your personal data with the Google Tag Manager is your consent. You can withdraw your consent at any time by changing your cookie settings in our cookie banner, accessible here.
As a processor, Google processes your personal data on our behalf. For this purpose, we have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. Google is authorized to commission subcontractors. You can access a list of approved subcontractors here.
To find out more about Google’s privacy policy in general, you can access this policy here.
7. Embedded YouTube Videos
We embed YouTube videos on our Website, a service provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Personal data that is transferred to the service provider Google in the USA when using YouTube is transferred based on the adequacy decision of the European Commission EU-U.S. Data Privacy Framework (EU-U.S. DPF) within the meaning of Art. 45 para. 3 GDPR or where applicable the UK Extension to the EU-U.S. DPF.
The integration of YouTube content takes place in “extended data protection mode”. This ensures that YouTube does not initially store any cookies on your device. As a result, YouTube no longer stores any information about visitors until you watch the video.
If you click on the video, your IP address is transmitted to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube or your Google account, this information will also be assigned to your user account. This can be prevented by logging out of YouTube before watching the video.
Accordingly, the following data is collected and processed via YouTube
- IP address
- Referrer URL
- Device information
- Videos viewed
The legal basis for the processing is your consent. If you do not want YouTube to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://policies.google.com/privacy?hl=en-GB&gl=de
8. Embedded Vimeo Videos
We embed Vimeo videos on our Website, a service provided by Vimeo.com, Inc. (“Vimeo”), located at 330 West 34th Street, 10th Floor, New York, NY 10001, USA. Personal data that is transferred to the service provider Vimeo in the USA when playing Vimeo videos on our Website is transferred based on the adequacy decision of the European Commission EU-U.S. Data Privacy Framework (EU-U.S. DPF) within the meaning of Art. 45 para. 3 GDPR or where applicable the UK Extension to the EU-U.S. DPF.
If you click on the video, your data mentioned below is transmitted to Vimeo, which tells Vimeo that you have watched the video. If you are logged in to Vimeo, this information will also be assigned to your user account. This can be prevented by logging out of Vimeo before watching the video.
Accordingly, the following data is collected and processed via Vimeo
- IP address
- Referrer URL
- Device information, e.g. browser
- Videos viewed
- Duration of video view
- Clicking behaviour in video
The legal basis for the processing is your consent. If you do not want Vimeo to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.
Further information on data protection at “Vimeo” can be found in the provider’s privacy policy at: https://vimeo.com/privacy
9. Data Retention
We process your personal data for as long as necessary to achieve the purposes of processing and/or if we have an ongoing legitimate business interest in retaining your personal data. In certain instances, we are required to retain your personal data in order to comply with statutory obligations. Once the retention of your personal data is no longer necessary for the purpose of its processing, there is no ongoing legitimate business interest in and no statutory obligation for retaining your personal data, we will delete or anonymize your personal data.
10. International Data Transfers
This Website is hosted in the United States (“U.S.”) and JenaValve is a U.S. organization. Therefore, your personal data is transferred to the U.S. and processed there. In addition, the Website is provided using resources and servers located in the U.S., the EU and the UK. Therefore, personal data about Users are transferred, processed and stored outside the country where the Websites are used, including to countries outside the EU, the EEA or the UK and such countries do not have the same level of data protection. If we transfer your personal data to recipients in a country without adequate data protection, we will ensure that an appropriate transfer mechanism is in place to protect your personal data unless they are already subject to a legally recognized set of data protection safeguards or we can rely on an exemption. The aforementioned transfer mechanisms are usually an adequacy decision of the European Commission or appropriate safeguards such as standard data protection clauses laid down in European Commission regulations (the European Commission’s standard contractual clauses are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj).
11. Data Protection Rights
Subject to the statutory requirements, you have the following data protection rights:
- Right of access: You have the right to obtain from us confirmation as to whether or not we process your personal data, and, where this is the case, to access your personal data;
- Right to rectification: You have the right to request rectification of inaccurate personal data from us, and the right to have incomplete personal data completed by us;
- Right to erasure: You have the right to request erasure of your personal data from us;
- Right to restriction: You have the right to request restriction of processing;
- Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format and the right to have your personal data transmitted to another controller without hindrance;
- Right to object: You have the right to object to the processing of your personal data at any time where the processing is based on our legitimate interests and we do not have compelling legitimate grounds for the processing which override your rights, interests and freedoms;
- Right to withdrawal: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before your withdrawal; and
- Right to lodge a complaint: You have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data by us.
- German Supervisory Authority:
- Bayerisches Landesamt für Datenschutzaufsicht
- Website: https://www.lda.bayern.de/
- United Kingdom Supervisory Authority:
- Information Commissioner’s Office
- Website: https://ico.org.uk/
If you have any questions regarding our Privacy Policy, the practices of this Website, or your dealings with us, please feel free to email us at info@jenavalve.com.