CCPA RIGHT TO KNOW AND RIGHT TO DELETION
(CALIFORNIA RESIDENTS)

 

As a California resident, you possess the right to inquire about the Personal Information collected, utilized, or shared with third parties by Odne, along with the associated business purposes. Furthermore, you retain the right to request the deletion of your Personal Information held or managed by Odne. To fulfill such requests for information or deletion and ensure the requester’s identity verification, Odne may necessitate the verification of up to three pieces of Personal Information maintained by the company. 

 

To initiate a request for information on collected, used, or disclosed Personal Information or to request the deletion of your Personal Information, please send an eMail to privacy@odne.co

 

 

PRIVACY STATEMENT (GDPR)

 

This privacy statement provides information about the personal data processed during your website visit and outlines your associated rights. Please carefully review the following explanations.

 

Personal data encompasses any information concerning an identified or identifiable natural person, encompassing details like name, address, contact information, or email address.

 

The affected person is any identified or identifiable natural person whose personal data undergo processing by the entity responsible for processing.

 

Users encompass all categories of individuals affected by data processing, including our business partners and other website visitors.

 

The responsible entity or “the person responsible for processing” refers to the natural or legal person, public authority, institution, or other body determining, alone or jointly with others, the purposes and means of processing personal data.

 

Processing involves any operation or series, whether automated or not, pertaining to personal data, such as collection, recording, organization, sorting, storage, adaptation, alteration, reading, retrieval, use, disclosure by transmission, dissemination, provision, reconciliation, linking, restriction, deletion, or destruction.

 

In terms of the terminology used, we also defer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The terms employed, such as “user,” are to be interpreted as gender-neutral.

 

 

Responsible body

 

Odne AG

Ringstrasse 14

8600 Dübendorf

Switzerland

 

The representative of the responsible body is Dr. Mark Bispinghoff, COO.

 

Data Protection Officer

 

You can contact our data protection officer at the email address privacy@odne.co or via our postal address with the addition “Att: Data Protection Officer”.

 

Processing of personal data 

 

Data collected during website visit

Visiting our website, your browser transmits certain data to our web server for technical reasons. This concerns the following data (server log files):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its access status / HTTP status code
  • Transmitted data volume
  • Website from which the request comes (“referrer URL”)
  • Browser, language, and version of the browser software

 

>> Purpose of data processing

The storage of these data in log files is necessary to ensure the functionality of the website. They help us to optimize the website and to ensure the security of our information technology systems.

 

>> Legal basis for processing

We collect these data on the basis of our legitimate interest within the meaning of Article. 6 paragraph 1 point (f) of the GDPR in order to be able to display our website and to guarantee its security.

 

>> Duration of storage

Information in the log files is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and is then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been conclusively clarified.

 

>> Possibility of objection and deletion

The collection of data for the provision of the website and its storage in log files is absolutely necessary for technical reasons. Consequently, there is no possibility of objection on the part of the user. 

 

Data collected on Contact forms & eMails 

 

Utilizing the contact forms on our website, the data input will be transmitted to us: e.g. first name, last name, E-Mail, Telephone Number, Street Address, Zip / Postal code, City, Country, Clinic name.

 

Reaching out to us via eMail, based on your specific request, the sender’s personal data conveyed with the email will be subject to processing, exclusively for managing the conversation and addressing the request.

 

>> Purpose of Data Processing

The processing of personal data assists us in facilitating contact establishment. Additional personal data processed during the transmission process (e.g., IP address, date, time) are employed to prevent contact form misuse and ensure the security of our information technology systems.

 

>> Legal basis for processing

When contacting us via the contact form or by email, the user’s details are processed in order to deal with the contact request and its handling in accordance with Article 6 paragraph 1 point (b) of the GDPR: In the event of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

 

>> Recipient of Processing

When you reach out to us via the contact form or email, your personal data will be processed by the relevant internal departments responsible for the matter.

 

>> Duration of Storage

We will delete the data we store as soon as it is no longer necessary for its intended purpose, and there are no legal retention obligations. Retention obligations arise from commercial and tax law requirements.

 

>> Possibility of Objection and Deletion

You have the option to withdraw your consent for the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, our communication cannot be continued. 

 

If you wish to revoke your consent, please send an email to the following address contact@Odne.com. All personal data stored in the course of contacting us will then be deleted.

 

Cookies

 

Our website utilizes cookies, which are small text files stored on your computer during your visit. These cookies pose no harm to your computer and do not contain malware such as viruses. They comprise a unique character string facilitating browser identification upon revisiting the website. While some elements require the ability to identify the calling browser after a page change, this is achieved through the assignment of an ID number to the cookie (“cookie ID”), not by linking it personally to you. The website employs both transient and persistent cookies:

 

Transient cookies, including session cookies, are automatically deleted upon closing your browser. Session cookies store a session ID, connecting different requests from your browser to a common session. Recognition occurs when you revisit, and these cookies are cleared upon logout or browser closure.

 

Persistent cookies are automatically deleted after a specified period, which varies. You can manage and delete cookies in your browser’s security settings.

 

>> Purpose of Data Processing

We use cookies to enhance the attractiveness and user-friendliness of our website, improve its performance, and expedite inquiries. Identification and recognition of the calling browser after a page change are necessary for certain elements.

 

>> Legal Basis for Data Processing

The legal basis for processing personal data through technically necessary cookies is Article 6, paragraph 1, point (f) of the GDPR.

 

>> Duration of Storage

Transient/session cookies are deleted when the browser is closed, while persistent cookies are automatically removed after a specified period.

 

Possibility of Objection and Deletion

As a user, you have full control over cookie usage. Adjust your Internet browser settings to prevent saving or enable automatic deletion at the end of your browsing session. To do so, choose “do not accept cookies” in your browser settings, or in Microsoft Internet Explorer, go to “Tools > Internet Options > Privacy > Settings.” Be aware that such adjustments may limit some website functions. Consult your browser’s help function for instructions on preventing and deleting cookies if you use a different browser.

 

Web analysis

 

Our website employs Google Analytics, a web analysis service provided by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google analyzes your website usage on our behalf using cookies and other features, as explained in the “Cookies” section above.

 

The information collected by Google about your website usage (e.g., pages visited) is sent to a Google server in the USA, where it is stored, analyzed, and provided to us in anonymized form. We implement IP anonymization on our website, where Google truncates your IP address within EU Member States or other signatory states to the Agreement of the European Economic Community before processing. Google is certified under the EU-US Privacy Shield, ensuring an adequate level of data protection for Google in the USA.

 

>> Purpose of Data Processing

Google utilizes this information on our behalf to evaluate website usage and compile reports on activities within our website, enhancing your online experience and improving website user-friendliness.

 

>> Legal Basis for Processing

Our legitimate interest in data processing through Google Analytics is aligned with the mentioned purposes. The legal basis is Article 6, paragraph 1, point (f) of the GDPR.

 

>> Duration of Storage

Sessions are terminated after a specific period, typically closing after 30 minutes of inactivity, and cookies have a maximum time limit of two years.

 

>> Possibility of Objection and Deletion

Google does not merge the transmitted IP address with other data. You can prevent cookie storage by adjusting your browser settings, as outlined in the “Cookies” section above. Additionally, you can avoid the recording and processing of data generated by cookies by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

 

If you wish to prevent Google Analytics from collecting your data on future visits across various devices (especially mobile devices), you must apply the opt-out on all used systems. Click here to place the opt-out cookie.

 

Note that the opt-out cookie prevents web analysis only as long as it remains undeleted. Further details on Google Analytics are accessible in the Google Analytics Conditions of Use, Safety and Privacy Principles of Google Analytics, and Google Privacy Statement.

 

Data Security

 

We implement technical, contractual, and organizational measures, utilizing state-of-the-art technology, to secure data processing. These measures ensure compliance with data protection laws, especially the General Data Protection Regulation, safeguarding processed data against destruction, loss, alteration, and unauthorized access. Security measures include encrypted data transmission between your browser and our servers. Please be aware that SSL encryption for internet transmissions is activated when the key symbol appears in your browser’s bottom menu bar, and the address begins with www. SSL (Secure Socket Layer) protects data transfer against unauthorized access by third parties through encryption technology. If this option is unavailable, you may choose not to transmit specific data over the internet. 

 

Disclosure of data to third parties

 

We will only disclose data to third parties in compliance with legal requirements. User data is shared with third parties solely when necessary for contractual purposes, such as under Article 6, paragraph 1, point (b) of the GDPR, when legally obligated (Article 6, paragraph 1, point (c) GDPR), or based on justified interests outlined in Article 6, paragraph 1, point (f) of the GDPR, supporting the efficient and effective operation of our business.

 

For order processing per Article 28 of the GDPR, we engage subcontractors to provide our services, particularly for website operation, maintenance, and hosting, along with our information technology systems. We have implemented appropriate legal precautions and employed relevant technical and organizational measures to ensure the protection of personal data in adherence to applicable legal regulations.

 

External services and contents on our website

 

We incorporate links to external services or content on our website, driven by our legitimate interests in the analysis, optimization, and efficient operation of our online offerings, as outlined in Article 6, paragraph 1, point (f) of the GDPR.

 

When utilizing such services or displaying third-party content, communication data, including date, time, and IP address, is exchanged between you and the respective provider for technical reasons. Specifically, this pertains to your IP address, which is essential for rendering content in your browser.

 

It is conceivable that the provider of these services or content may process your data for their own purposes. However, as we lack control over the data collected by third parties and their processing methods, we cannot provide definitive information on the purpose and extent of data processing. For details regarding the purpose and scope of data collection and processing, please refer to the data protection information provided by the respective providers of the integrated services or content, who are responsible for compliance with data protection laws. You will find additional information on data processing and available objection options in their provided data protection documentation.

 

Social Media Plug-ins

 

We presently utilize various social media plug-ins, including Facebook, LinkedIn, Instagram, and YouTube. As a fundamental practice, when you visit our website, no personal data is automatically disclosed to the plug-in providers. The identity of each social media plug-in provider is indicated by their respective logo. We provide an option for direct communication with the plug-in provider through a button. Initially, when accessing a page with integrated social media plug-ins, they remain deactivated. Activation only occurs by clicking on the corresponding symbol/logo, signaling your consent to the transfer and storage of your data with the respective provider (for US-based providers, this includes data storage in the USA).

 

If you are a member of any listed social networks and logged in during your website visit, clicking on the social media provider’s logo may link your data and visit information to your profile on the social network.

 

Given that plug-in providers collect data, especially through cookies, we recommend logging out of the relevant social media platform before activating the social media button. If you prefer not to have information transmitted to the social media provider, delete all cookies through your browser’s security settings.

 

We lack control over the data collection and processing methods of the plug-in providers and are unaware of the full extent, purposes, or storage durations of the data collected. Information on data protection practices, rights, and privacy settings can be obtained from the respective social media provider’s data protection information. Visit the following addresses for detailed information:

 

 

Your rights

 

If we process your personal data, you are an affected person within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis us regarding your personal data:

  • Right to information (Article 15 GDPR)
  • Right to correction (Article 16 GDPR)
  • Right to deletion (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data transfer (Article 20 GDPR)
  • Right to object against processing (Article 21 GDPR)
  • Right to lodge an appeal with a data protection supervisory authority (Article 77 GDPR)

 

Changes to the privacy statement

 

We reserve the right to change the privacy statement in order to adapt to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the privacy statement contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

 

Please regularly check the contents of the privacy statement.

(Odne March 2024)