Thank you for visiting our website and for your interest in our company and our products. We are the Swiss experts for dental implants. As a Swiss manufacturer, we develop and produce systems for dental restorations that meet the highest standards of quality and safety. In the following, we inform you in accordance with the applicable national and European data protection regulations about the type and scope of the personal data that we collect in the course of your
- your visit to our website,
- the order in our webshop,
- the establishment of contact,
- the posting of job advertisements,
- the newsletter dispatch,
- our social media presences
(hereinafter collectively "website"), for what purposes we use this data and how we use it to optimize our services for you.
Thommen Medical processes data collected about you for various purposes. For example, if you create a customer account, the data stored in your customer account will be processed by Thommen Medical for the purpose of managing the customer account. At the same time, however, address data stored in the customer account will also be used, among other things, for the purpose of delivering ordered goods. Individual data collected about you may also be processed for the purpose of direct advertising. For example, Thommen Medical may send you advertising materials or product catalogs from Thommen Medical to the address stored in the customer account. Thommen Medical may pass on data about you to third parties. This is the case, for example, when goods are delivered by a delivery agent. It is also possible that Thommen Medical, in the event of non-payment of outstanding invoices by you after repeated unsuccessful information on the outstanding claims, will transmit your claim data to a collection service provider. If you are required to provide your e-mail address when creating a customer account, this is necessary because Thommen Medical is required by law to send you an electronic order confirmation after you have placed an order. The e-mail address you provide will be used by Thommen Medical to send you promotional e-mail newsletters if you have consented to receive such newsletters. However, Thommen Medical is also entitled to send you e-mail advertising about goods/services that are comparable to those that you have already purchased from Thommen Medical in the past. You will be informed of the possibility of using your e-mail address for this purpose and of your existing right to do so.
1. Person responsible and data protection officer
(1) Responsible for data protection in the sense of Art. 4 Para. 7 DSGVO:
|In Switzerland||In EU|
Thommen Medical AG
Phone: +41 32 644 30 20
Thommen Medical GmbH
Am Rathaus 2
79576 Weil am Rhein
Phone: +49 7621 4225830
hereinafter referred to as "Thommen Medical", "we" or "us". Further information about the provider can be found in our imprint.
(2) Thommen Medical GmbH is the Union representative of Thommen Medical AG according to Art. 27 DSGVO.
(3) You can reach the data protection officer of Thommen Medical GmbH by post at the above address with the addition "attn. data protection officer" or by email.
2. Types of data processed, categories of data subjects
2.1 Type of data processed
- Master data (e.g. customer master data, such as names, addresses)
- Account data (login, PW # hash)
- Contact data (e.g. email, phone numbers)
- Communication data and history
- Content data (e.g. text input, photographs, videos)
- Contract data (e.g. quotes, order, subject of contract, customer category)
- Payment data (e.g. bank details, payment history)
- CRM data, especially customer history and customer statistics
- Usage data (e.g. pages visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
- Data according to clauses 4 and 5
- Applicant data according to section 9
- Data according to section B
2.2 Categories of persons concerned
- Visitors and users of the website and online offers
- Customers, prospects and business partners
- Newsletter subscribers and direct marketing in existing customer relationships
- Other communication partners
(Hereafter, we also refer to the data subjects collectively as "Users").
3. Purpose of processing
We use your personal data
- For the provision of the website and the online offer, its functions and contents.
- To provide the webshop • To identify you as a contractual partner.
- For the creation and management of your personal customer account.
- For responding to contact requests and communication with users.
- For the assertion, enforcement, exercise or defense of and against legal claim(s) and legal dispute(s), as well as for the detection, investigation and prevention of crime.
- For security measures.
- For range measurement.
- For the purposes of direct marketing, e.g. in the form of an email newsletter or postal advertising.
- For the purpose of product and service satisfaction surveys and analysis there of.
4. Provision of the website and log files
(1) When using the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. In doing so, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 lit. f) DSGVO):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Web page from which the request comes
- browser • Operating system and its interface
- Language and version of the browser software
(2) The IP addresses of the users are deleted or anonymized after termination of use. In the case of anonymization, the IP addresses are changed in such a way that the individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or can only be assigned to such a person with a disproportionate amount of time, cost and effort.
(1) In addition to the aforementioned log files data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and through which certain information flows to the body that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Session cookies (for this purpose b)
- Persistent cookies (for this c).
b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the joint session. Session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You will need to log in again (if a login is required) or reset templates and preferences if the website offers these features. Then a new session cookie is generated, which stores your information and remains active until you leave the site again and close your browser.
c) Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
|Technically necessary cookies||Technically necessary cookies enable the use of our website by providing basic functions such as page navigation and access to secure areas of the website. Visiting our website cannot function properly without these cookies.||Session cookies - are deleted when the browser is closed.|
|Performance (e.g., user's browser), rendering, and preferences.||When using our website, cookies are used (e.g. to recognize the browser) to improve performance (e.g. faster loading of content). When you visit our website, the determined or self-selected country and language selection is stored in cookies to save you from having to select again on subsequent visits. In advance, we check whether your browser supports cookies and this information is stored in another cookie. Subsequently, you will be shown countryand language-specific localized contact information, which will also be stored. The legal basis for this is your consent (Art. 6 para. 1 lit. a) DSGVO).||Session cookies - are deleted when the browser is closed.|
|Advertisecookies (Marketing)||We use advertising cookies to assess the efficiency of our advertising measures and to derive optimizations from them. The legal basis for this is your consent (Art. 6 para. 1 lit. a) DSGVO).||Persistent cookies - remain, but are automatically deleted after 26 months at the latest when the website has no longer been visited, unless shorter periods apply in individual cases.|
(5) Cookies control
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
(1) If you would like to order in our online store, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. For this purpose, it is necessary that you register. Mandatory information necessary for the processing of contracts is marked, other information is voluntary. After verification by us, the account (customer login) will be activated. We process the data you provide to process your order. The legal basis for this is Art. 6 para. 1 lit. b) DSGVO.
(2) In order to process a purchase contract between you and Thommen Medical via the online store, the following data processing is also required: Your payment data may be passed on to payment service providers commissioned by us to process the payment(s). We pass on details of your delivery address to shipping partners commissioned by us. In order to ensure that the goods are delivered according to your wishes, we transmit - insofar as this is necessary - your e-mail address and, if applicable, telephone number to the shipping partner commissioned by us to handle the delivery. The respective data will be transmitted solely for the respective purposes and deleted after delivery, unless our service providers are themselves obliged to retain the data for legal reasons.
(4) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after expiry of the statutory limitation periods, i.e. your data will thereafter be used solely for compliance with the statutory retention obligations.
(5) To prevent unauthorized access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
7. Contact form
(1) On our website there is a contact form which you can use to contact us electronically. If you contact us via this contact form, the data entered in the input fields will be processed by us.
(2) When you submit the form, the following data is also stored:
- Your IP-adress
- Date and time of sending
Please note that the scope of the personal data collected in the context of the contact form also depends on the data you yourself disclose in the contact form.
(3) The purpose of processing the personal data is to process the contact request and to be able to contact you for the purpose of your request. The legal basis for the processing of the personal data provided by you in the context of the contact is Art. 6 para. 1 lit. b) DSGVO.
(4) The other personal data processed during submission (IP address, date and time of submission) are used to prevent misuse of our contact form. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. We have a legitimate interest in preventing or being able to prove misuse of our contact form.
(5) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
(6) The recipient of the data is our server host, which works for us under a commissioned data agreement.
(7) The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it would possibly result in you not being able to use our contact form.
8. E-Mail- Contact
(1) Contact is possible via the e-mail addresses provided on the website. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will be used exclusively for the processing of the request. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
(2) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
(3) Notwithstanding para. 2, the following shall apply: Contact requests from customers that relate to a specific business transaction shall be stored as long as this is necessary for the execution and processing of the contract (Art. 6 para. 1 lit. b) DSGVO) or due to statutory retention obligations (Art. 6 para. 1 lit. c) DSGVO). Contact requests from customers that do not relate to a specific business transaction are stored as long as the business relationship exists. The legal basis is Art. 6 para. 1 lit. f) DSGVO to protect our legitimate interests and those of the customer, in particular support and quality assurance. Customers can object to the processing at any time in individual cases.
9. Career (Open positions)
(1) We advertise vacancies on our website. We are also pleased to receive unsolicited applications. We collect, process and use your personal data to process your online application. The legal basis is Art. 6 para. 1 lit. b) DSGVO in conjunction with. § 26 BDSG (Federal Data Protection Act).
(2) If you have applied for a specific position and this position has already been filled or we consider you to be equally or even more suitable for another position, we would be happy to forward your application within our company. The legal basis for this is Art. 6 para.1 lit. f) DSGVO to protect your and our legitimate interests. Please inform us if you do not agree with this procedure.
(3) After the end of the application process, but after 6 months at the latest, your personal data will be automatically deleted unless you expressly consent to it being stored for a longer period.
10. Disclosure to third parties
(1) As part of the hosting of our website, your data processed by us is processed on the basis of an order processing contract.
(2) In the case of the use of web analytics services and third-party providers, the data is transmitted to the extent described herein, see section B.
11. Storage duration
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the abovementioned purposes. In this context, personal data may be retained for the period during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to retain data result from commercial, tax and social security regulations.
12. Automated decision making, profiling
As a matter of principle, we do not use fully automated decisionfindings in accordance with Article 22 DSGVO to establish and implement the business relationship. We do not engage in profiling.
B. Data processing by third parties
13.1 Google Tag-Manager
(1) This website uses Google Tag Manager. Tags are small pieces of code on our website that are used to, among other things, measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize their website. Google Tag Manager is a solution that allows Thommen Medical to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.
(2) . For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Further information on Google Tag Manger can be found on the Internet at:https://www.google.com/analytics/terms/tag-manager/.
13.2 Google Fonts
(1) On our website we use Google Fonts. These are the "Google Fonts" of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
(2) The fonts are embedded locally on our servers and are not reloaded from Google servers when the website is called up. The Google fonts are licensed under the "SIL Open Font License, 1.1" or the "Apache License, version 2.0", see fonts.google.com/attribution. Google's GitHub page (https://github.com/google/fonts#self-host-fonts-available-from-google-fonts) says: "Since all the fonts available here are licensed with permission to redistribute, subject to the license terms, you can self-host. For help doing this, see github.com/majodev/google-webfonts-helper.
13.3 Google Maps
(1) This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
(2) By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. When you call up a web page on our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:
- Date and time of the visit to the web page in question,
- Internet address or URL of the website called up,
- IP address, (start) address entered as part of route planning.
(3) We have no influence on the further processing and use of the data by Google and therefore cannot assume any responsibility for this.
14. Social Media Plug-Ins
We maintain online presences within social networks in order to communicate with users active there or to offer information about us there.
(1) We currently use the following social media plug-ins: Linkedln. You can identify the provider of the plug-in by marking the box with its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding web page of our online offer. In addition, the data mentioned under item 4 of this declaration is transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA).
(2) We have neither influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The legal basis for our use of the plug-ins is Art. 6 para. 1 lit. f) DSGVO.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
(5) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy notices:
- Linkedln Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://www.linkedin.com/legal/privacy-policy, Cookie-Guidline: https://www.linkedin.com/legal/cookie-policy; Note on data transfer from the EU, the EEA and Switzerland to third countries, in particular the USA: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacypolicy&lang=en
(1) We are present on Facebook. You can access our pages directly via the implemented Facebook button. We would like to point out that user data may also be transmitted to a server in a third country and thus processed outside the European Union.
(2) It is possible that in addition to the storage of the specific data entered by you in this social medium, further information is also processed by the provider of the social network. Furthermore, Facebook may process the most important data of the computer system from which you visit it - for example, your IP address, the processor type and browser version used, including plug-ins.
(3) If you are logged in with your personal user account of the respective network while visiting such a website, this network can assign the visit to this account.
(4) The purpose and scope of the data collection by and the further processing of your data there as well as your rights in this regard can be found in the respective provisions, which are linked below.
(5) Third-party provider details: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.
(6) For fanpages: agreement on joint processing of personal data (Art. 28 (1) DSGVO)
(1) We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they thereby undertake to comply with EU data protection standards.
(2) Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
(3) For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
(4) In the case of information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still require assistance, you can contact us.
(5) Legal basis: Our legitimate interests in presenting the company and addressing customers and interested parties (Art. 6 para. 1 lit. f) DSGVO).
(6) Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
(1) We have integrated YouTube videos into our online offer, which are stored on http://www.youtube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 2 are transmitted. We have no influence on this data transmission.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 4 (Provision of the website and log files) of this declaration are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/ or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
15. Links to other websites
C. Rights of the data subjects
16. Your rights
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller.
a) Rights according to Art. 15 ff. DSGVO
(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to such personal data and to the information specified in Article 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure ("right to be forgotten") under Article 17 GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machine-readable format (right to data portability) pursuant to Article 20 DSGVO, provided that the processing is carried out with the help of automated processes and is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) DSGVO.
b) Revocation of consent according to Art. 7 (3) DSGVO
If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
c) Right of appeal
You have the option of contacting us or a data protection supervisory authority with a complaint (Article 77 DSGVO). In Baden Württemberg, the competent supervisory authority is: The State Commissioner for Data Protection and Freedom of Information, P.O. Box 10 29 32, 70025 Stuttgart, Tel.: 0711/615541- 0, FAX: 0711/615541-15, e-mail: email@example.com.
d) Right of objection according to Article 21 DSGVO
In addition to the aforementioned rights, you have the right to object as follows:
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to processing of data for advertising purposes
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to the profiling, insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.
D. Final provisions
(1) We have taken technical and organizational security measures in accordance with Art. 24, 32 DSGVO to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are committed to compliance with the requirements of the GDPR and the confidential handling of personal data.
(2) SSL or TLS encryption: This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We reserve the right to change our security and data protection measures, insofar as this becomes necessary due to technical development, the expansion of our services or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Please therefore note the current version of our data protection declaration.
Status: August 2023