Privacy Statement
In this privacy statement we inform you about which personal data we process when you visit our website and what your rights are. We therefore ask you to read the following explanations carefully.
Personal data means any information relating to an identified or identifiable natural person. For example, this includes your name, your address and contact details, or your e-mail address.
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording, organization, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion, or destruction.
The affected person is any identified or identifiable natural person whose personal data are processed by the person responsible for processing.
The responsible body or “the person responsible for processing” means the natural or legal person, public authority, institution, or other body which alone or jointly with others decides on the purposes and means of processing personal data.
Users include all categories of persons affected by data processing. These include our business partners and other visitors to our website.
With regard to the terms used, we also refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The terms used, such as “user”, are to be understood as gender neutral.
1. NAME AND ADDRESS OF THE RESPONSIBLE BODY
Oral Reconstruction Foundation
Margarethenstr. 38
CH-4053 Basel, Switzerland
Tel. +41 61 565 41 51
Email: info@orfoundation.org
The representative of the responsible body is Executive Director Dr. Martin Schuler.
2. DATA PROTECTION OFFICER
You can contact our data protection officer at the e-mail address dataprotection@orfoundation.org or via our postal address with the addition “Att: Data Protection Officer”.
3. PROCESSING OF PERSONAL DATA
3.1. Visiting our website
3.1.1. Scope of data processing
When you visit our website, your browser transmits certain data to our web server for technical reasons. This concerns the following data (so-called server log files):
▪ IP address
▪ Date and time of the request
▪ Time zone difference to Greenwich Mean Time (GMT)
▪ Content of the request (specific page)
▪ Operating system and its access status / HTTP status code
▪ Transmitted data volume
▪ Website from which the request comes (“referrer URL”)
▪ Browser, language, and version of the browser software
3.1.2. Purpose of data processing
The storage of these data in log files is necessary to ensure the functionality of the website. They help us to optimize the website and to ensure the security of our information technology systems.
3.1.3. Legal basis for processing
We collect these data on the basis of our legitimate interest within the meaning of Article 6 paragraph 1 point (f) of the GDPR in order to be able to display our website and to guarantee its security.
3.1.4. Duration of storage
Information in the log files is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and is then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been conclusively clarified.
3.1.5. Possibility of objection and deletion
The collection of data for the provision of the website and its storage in log files is absolutely necessary for technical reasons. Consequently, there is no possibility of objection on the part of the user.
3.2. Contact form, research grant application portal, and e-mail contact
3.2.1. Scope of data processing
If you use the contact form on our website, the following data will be transmitted to us: Title, First Name, Last Name, Company, E-mail, Phone, Street/No, ZIP/City, Country, message text.
If you apply for a research grant through the Grant Application portal, you have to create a login with a password using a double opt-in procedure in order that nobody can register with an unsolicited e-mail address. With the application form the following information will be collected: title, first name, last name, e-mail, address, university/company/private practice, department, clinic, phone number. Additional information collected to provide the corresponding services: project description, billing address, practice/business address, CVs.
Alternatively, you can contact us via e-mail addresses provided by us, depending on your request. In these cases, the sender’s personal data transmitted with the e-mail will be processed.
The data will be used exclusively for processing the conversation and for processing the request.
3.2.2. Purpose of data processing
The processing of personal data helps us to process the establishment of contact. The other personal data processed during the sending process (e.g., IP address, date, time) are used to prevent misuse of the contact form and to ensure the security of our information technology systems. The processing of project related data helps us to evaluate and review the application and to provide users with our services.
3.2.3. Legal basis for processing
When contacting us via the contact form, the research grant application portal, or by e-mail, the user’s details are processed in order to deal with the contact request and its handling in accordance with Article 6 paragraph 1 point (b) of the GDPR: In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The research grant application portal is handled by an external processor who acts in accordance with Article 28 of the GDPR.
3.2.4. Recipient of processing
If you contact us via the contact form, the research grant application portal, or by e-mail, your personal data will be processed by the relevant internal departments responsible for the matter.
3.2.5. Duration of storage
The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations. Retention obligations result from commercial and tax law reasons.
3.2.6. Data storage of research grant application portal
The information processed by the research grant application portal is stored in Frankfurt am Main (DE; Amazon Web Services).
3.2.7. Possibility of objection and deletion
In accordance with the applicable data protection laws, you have the right to object to the processing of your personal data. If you exercise this right, we will cease processing your personal data, unless there are statutory retention obligations that prevent such action. To exercise your right to object or to request the deletion of your data, please contact us at info@orfoundation.org.Â
3.3. Cookies
3.3.1. Scope of data processing
Our website uses cookies. Cookies are small text files that are stored on your computer when you visit our website. Cookies do not damage your computer and do not contain any malware such as viruses. Cookies contain a characteristic string of characters that enable unique identification of the browser when you visit the website again. Some elements of our website require that the calling browser can also be identified after a page change.
This is not done by linking to you personally but instead by assigning an ID number to the cookie (“cookie ID”). We do not merge the cookie ID with your name and IP address or similar data, which would allow cookies to be linked to you.
This website uses transient and persistent cookies.
a) Transient cookies are deleted automatically when you close your browser. This specifically includes so-called session cookies. These store a session ID which enables different requests from your browser to be linked to the common session. When you return to our website, your computer can be recognized again. The session cookies are deleted when you log out or close your browser.
b) Persistent cookies are deleted automatically after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
3.3.2. Purpose of data processing
We use cookies to make our website attractive and user friendly, to improve it, and to speed up inquiries. Some elements of our website require that the calling browser can also be identified and recognized after a page change.
3.3.3. Legal basis for data processing
The legal basis for the processing of personal data using the technically necessary cookies is Article 6 paragraph 1 point (f) of the GDPR.
3.3.4. Duration of storage
Transient/session cookies are deleted as soon as the browser is closed.
Persistent cookies are deleted automatically after a specified period.
3.3.5. Possibility of objection and deletion
As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can ensure that cookies are not saved at all or are deleted automatically at the end of your browsing session. To do this, select “do not accept cookies” in your browser settings. In the Microsoft Internet Explorer select “Tools > Internet Options > Privacy > Settings”; in Firefox select “Tools > Settings > Privacy > Cookies”. If you use a different Internet browser, please refer to the browser’s help function for instructions on preventing as well as deleting cookies. Please note, however, that in this case you may not be able to use all the functions of our website.
3.4. Web analysis
3.4.1. Scope of data processing
We use Google Analytics on our website, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. (“Google”).
Google analyzes your use of our website on our behalf. We use cookies and other features for this purpose. We have described what cookies are and how they can be deleted in the “Cookies” chapter above.
The information collected by Google about your use of this website (e.g., our pages visited) is transmitted to a Google server in the USA, stored there and analyzed, and the result is made available to us in anonymized form.
On our website we use the IP anonymization offered by Google. In this process, Google will truncate your IP address beforehand within Member States of the European Union or other signatory states to the Agreement of the European Economic Community.
Google is certified in EU-US Privacy Shield which ensures an adequate level of data protection for Google in the USA.
3.4.2. Purpose of data processing
Google uses this information on our behalf to evaluate the use of our website and to compile reports on the activities within our website. This allows us to improve your online experience and increase the user-friendliness of our website.
3.4.3. Legal basis for processing
Our legitimate interest in data processing by Google Analytics lies in the above-mentioned purposes. The legal basis is Article 6 paragraph 1 point (f) of the GDPR.
3.4.4. Duration of storage
Sessions are terminated after a specific period of time. As a rule, sessions are closed after 30 minutes without activity. The maximum time limit for cookies is two years.
3.4.5. Possibility of objection and deletion
The IP address transmitted from your browser will not be merged with other data by Google. You can prevent cookies from being saved by setting your browser software accordingly, as described in the “Cookies” chapter above. Furthermore, you can prevent recording of the data generated by the cookies and related to your use of the website to Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link https://tools.google.com/dlpage/gaoptout?hl=en.
If you want to prevent Google Analytics from collecting your data in the future when you visit our website using different devices (in particular mobile devices such as smartphones or tablets), you must employ the opt-out on all systems used. Click here to place this opt-out cookie.
Deactivate Google Analytics
Please note that this opt-out cookie only prevents web analysis as long as you have not deleted it. Further information on Google Analytics is available at Google Analytics Conditions of Use, at Safety and Privacy Principles of Google Analytics as well as at Google privacy statement.
4. NEWSLETTER
On our website you can subscribe to a newsletter that gives you first-hand information about current topics concerning the OR Foundation. We only send newsletters with the consent of the recipients. For this purpose we use a double opt-in procedure. After subscribing to the newsletter, you will receive an e-mail in which you must confirm your subscription. We use this procedure so that nobody can register with an unsolicited e-mail address. We log the registrations for the newsletter in order to be able to verify the registration process in accordance with the legal requirements. This includes the date, time, and location at the time of registration.
To subscribe to the newsletter you need to provide the following information: first name, last name, country, e-mail.
If you no longer wish to receive our newsletter, you can cancel your subscription at any time and thus withdraw your consent. To do this you will find a link to unsubscribe from the newsletter at the end of any newsletter.
5. DATA SECURITY
We take technical, contractual, and organizational measures to ensure the security of data processing using state-of-the-art technology. This way we ensure that the regulations of the data protection laws, in particular the General Data Protection Regulation, are observed and that the data processed by us are protected against destruction, loss, alteration, and unauthorized access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that the SSL encryption for transmissions via the Internet is only activated if the key symbol in the bottom menu bar appears in your browser window and the address begins with https://www. SSL (Secure Socket Layer) protects data transfer against illegal data access by third parties with encryption technology. If this option is not available, you can also decide not to send certain data across the Internet.
6. DISCLOSURE OF DATA TO THIRD PARTIES
Data will only be disclosed to third parties in accordance with legal requirements. We only disclose user data to third parties if this is necessary for contractual purposes, e.g., on the basis of Article 6 paragraph 1 point (b) of the GDPR, if we are legally obliged to do so (Article 6 paragraph 1 point (c) GDPR) or on the basis of justified interests pursuant to Article 6 paragraph 1 point (f) of the GDPR for the economic and effective operation of our business.
As part of order processing in accordance with Article 28 of the GDPR, we use subcontractors for the provision of our services, in particular for the operation, maintenance, and hosting of the website and our information technology systems. We have taken appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
7. EXTERNAL SERVICES AND CONTENTS ON OUR WEBSITE
We link to external services or contents to our website. This is performed on the basis of our legitimate interests in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6 paragraph 1 point (f) of the GDPR.
When using such a service or displaying third-party content, communication data such as date, time, and IP address are exchanged between you and the respective provider for technical reasons. In particular, this relates to your IP address, which is required to display contents in your browser.
It is possible that the provider of the respective services or contents may process your data for their own purposes. However, as we have no influence on the data collected by third parties and their processing of these, we cannot provide any binding information on the purpose and scope of processing of your data. For further information on the purpose and scope of the collection and processing of your data, please therefore refer to the data protection information provided by the providers of the services or contents integrated by us who are responsible for the data protection laws in each case. Here you will also find further information on the processing of data and possibilities of objection.
7.1. Social Media Plug-ins
We currently use the following social media plug-ins: Facebook, Google Maps,
Twitter, Instagram and LinkedIn. When you visit our website, no personal data are disclosed to the providers of the plug-ins as a matter of principle. The provider of the social media plug-in can be identified by the respective logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. By default, these plug-ins collect data from you and transmit these to the servers of the respective provider. When calling up a page that integrates the social media plug-ins, these are initially deactivated. Only by clicking on the respective symbol/logo of the provider will the corresponding plug-in be activated and you thereby give your consent that your data will be transferred to the respective provider and saved accordingly (for US-American providers in the USA). If you are a member of one of the listed social networks and you are logged in to the social network during your visit to our website, your data and information about your visit to this website can be linked to your profile on the social network after clicking on the respective logo of the social media provider.
As the plug-in provider collects data, in particular via cookies, we recommend that you log out of the respective social media provider before activating the social media button and delete all cookies via the security settings of your browser if you do not wish to have information transferred to the social media provider. We have no influence on the collected data and data processing processes nor are we aware of the full extent of data collection, the purposes of processing, or the storage periods of the social media plug-in providers. We also have no information on the deletion of the data collected by the plug-in provider.
For more detailed information on the scope, type, and purpose of data processing and on the rights and setting options for the protection of your privacy, please refer to the data protection information of the respective social media provider. These can be found at the following addresses:
▪ Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
▪ Maps from the “Google Maps” service are provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
▪ LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Details regarding the collection of data by LinkedIn as well as your rights and setting options can be found in LinkedIn’s privacy policy. Further information on privacy policy: http://www.linkedin.com/legal/privacy-policy.
▪ Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Further information on privacy policy: http://instagram.com/about/legal/privacy/.
▪ Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Further information on privacy policy: https://twitter.com/privacy.
Twitter has agreed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-FrameworkÂ
8. YOUR RIGHTS
If we process your personal data, you are an affected person within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights vis-Ă -vis us regarding your personal data:
▪ Right to information (Article 15 GDPR)
▪ Right to correction (Article 16 GDPR)
▪ Right to deletion (Article 17 GDPR)
▪ Right to restriction of processing (Article 18 GDPR),
▪ Right to data transfer (Article 20 GDPR)
▪ Right to object against processing (Article 21 GDPR)
▪ Right to lodge an appeal with a data protection supervisory authority (Article 77 GDPR)
9. CHANGES TO THE PRIVACY STATEMENT
We reserve the right to change the privacy statement in order to adapt to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the privacy statement contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Please regularly check the contents of the privacy statement.
Dated 01.02.2024