DE

Contact

Privacy Policy

FILAX MEDICAL – PRIVACY NOTICE FOR EU CUSTOMERS / SUPPLIERS (2025-01-20)

Filax-Medical is committed to protecting your personal data. This Privacy Notice explains how we, Filax-Medical AG, Aeschenplatz 6, CH-4052 Basel, Switzerland, as the data controller, collect, use, process, and disclose personal data (data) about you: (i) if you are a customer of Filax-Medical, (ii) if you are a business customer, client, supplier, or healthcare provider in a professional relationship with Filax-Medical, or (iii) if your employer provides us with your data as a business customer, client, or supplier of Filax-Medical. For information about how we process personal data provided through our website, please refer to the Website Privacy Policy at filax-medical.com..

Your Right to Object – Please note that you have the right to object to the processing of your personal data when it is carried out based on our legitimate interests. To exercise this right, please contact us (see “Contact Us” below).

Please read this notice carefully to understand how we use your data.

1. What Data We Collect 

This Privacy Notice applies to you if you are a customer, supplier, or an employee of one. It also applies to any third parties whose data you provide to us in the context of your relationship with Filax Medical. Please ensure these third parties are informed and provided with a copy of this notice.

“Personal data” means any information relating to an identified or identifiable natural person.

 We may collect and process the following data:

  • If you are a direct customer of Filax Medical: your name, contact details, health-related data connected to the product provided (e.g. prescription data), use of Filax Medical products, and insurance information.
  • If you are a healthcare professional: your name, contact information, workplace details, employer contact data, and professional ID number.
  • If you are a business customer or supplier: your name, business contact details (including email and phone), and any data you or your employer provide us..
  • Your role and any information outlined in contracts between Filax Medical and yourself or your employer.
  • Additional data you or your employer provide to facilitate business, service delivery, or support activities.

You are not required to provide us with personal data. However, if you do not provide certain information (e.g. contact details), we may be unable to fulfill our contractual obligations or respond to inquiries. We will indicate when data is required by contract or law.

2. Purpose and Legal Basis of Data Processing

We may store, process and transmit your data for the following purposes:

Purpose of processing

Legal basis of processing
  • To provide and deliver Filax Medical products and manage distribution and product administration.
  • To respond to your inquiries and contact you if necessary.

The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • To fulfill business agreements between Filax Medical and physicians.
  • To conduct training sessions.

The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • To comply with regulations of authorities such as the Food and Drug Administration (FDA) in the USA, the European Medicines Agency (EMA), and medical technology associations, and to fulfill requirements for product licensing where necessary.
  • For quality assurance purposes.
  • For product and complaint management.

The processing is required to comply with Filax Medical’s legal obligations.
 
  • To provide you with information related to our business relationship.
  • To inform you of changes in our business agreement.
  • To fulfill business agreements between us and your employer.
  • To conduct training.
  • To gather information to improve the provision of products and services.
  • To conduct audits and assist with audit and reporting requirements.

This use of your data is necessary for the legitimate interests of our business, including legal, personnel, administrative purposes, management, and the prevention and detection of crime. We have conducted a proportionality assessment to ensure that your interests are not harmed by this legitimate business interest. If you would like information about this assessment conducted by Filax Medical, please contact info@filax-medical.com. Please note that you have the right to object to the processing of your data based on our legitimate interests.
  • To send you information about our latest products, offers, and events.
  • To inform you about educational events and provide educational materials.

This use of your data is necessary for our legitimate business interest in marketing our company, services, and products. We have conducted a proportionality assessment to ensure that your interests are not harmed by this legitimate business interest. If you would like information about this assessment conducted by Filax Medical, please contact info@filax-medical.com. Please note that you have the right to object to the processing of your data based on our legitimate interests.

Where required, we may ask for your consent to use your data for a specific purpose. You may withdraw such consent at any time.

3. Special categories of personal data

Certain categories of your personal data are considered “special data.” These include:

  • Physical or mental health
  • Religious or philosophical beliefs, political opinions
  • Trade union membership
  • Ethnic or racial origin
  • Biometric or genetic data
  • Sexual orientation

We only process special categories of your data based on your explicit consent. 

We may store, process and transmit your data for the following purposes:

Purpose of processing Legal basis of processing

• For product and distribution management.
• To handle complaints and report to authorities..
Explicit consent

4. Sharing your data

The data we collect, as described in this privacy notice, may be shared with the following third parties:

  • Contractors or third-party service providers of Filax Medical
  • Legal advisors to meet legal obligations, obtain legal advice, or defend in legal disputes
  • Insurance companies for legal compliance, advice, or defense against claims
  • Auditors to meet financial reporting and other requirements
  • Consultants and other independent third parties who support our business or manage business relationships.
  • Regulatory bodies such as the FDA, EMA, and medical device associations.
  • A buyer or legal successor in the event of a merger, sale, restructuring, or transfer of Filax-Medical’s business.
  • In the event of a business or asset sale or acquisition, we may share your data with the prospective buyer or seller

We may also disclose your data if legally required or to protect the rights, property, or safety of Filax Medical, our customers, or others. This includes data sharing with other companies and organizations for fraud protection and credit risk reduction.

You will be informed in advance if we intend to process or disclose your personal data for purposes other than those described here. We will take all legally required steps to ensure the confidentiality and integrity of your data, including entering into contracts with relevant third parties where necessary.

5. Transfer of Data Outside the EEA

The data we collect from you may be transferred to and stored in destinations outside the European Economic Area (EEA) for the purposes described above. These countries may not provide an adequate level of protection for personal data according to European data protection law. Due to our global operations, your data may be disclosed to group entities outside the EEA, particularly in the USA. It may also be processed by employees working outside the EEA who work for us or for one of our suppliers acting on our behalf. We ensure appropriate safeguards are in place to protect the confidentiality and integrity of such personal data. Please contact us if you would like more information about these safeguards (see “Contact Us” below).

6. Data Retention

We will retain your data only as long as necessary for the purposes described above, to manage your business relationship with Filax Medical or your employer, in accordance with applicable laws, and to assert or defend legal claims. Please contact us for more information about data retention (see “Contact Us” below).

7. Cookies

Our website uses cookies and similar technologies to enable, improve and analyse the use of the website. Cookies are small text files that are stored on your device. We distinguish in particular between:

  • Technically necessary cookies: These are required for the website to function properly (e.g. language settings, shopping cart, login).
  • Functional and analytics cookies: These help us to understand how the website is used and to improve our offering.
  • Third-party cookies: These are set by integrated services (e.g. YouTube, Google Maps).

You can disable or delete cookies in your browser settings, either completely or in part. If you disable cookies, some functions of this website may no longer be available. You can change your selection regarding optional cookies at any time via the cookie banner.

8. Integration of YouTube

Videos from YouTube may be embedded on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When you play a YouTube video, data is transmitted to Google’s servers.

In particular, the following data may be processed:

  • IP address
  • Information about the browser and device used
  • The subpage accessed
  • Date and time of access
  • Any Google cookies and your Google account, if you are logged in

Data may be transferred to the USA or other third countries. Google may use this data for its own purposes (e.g. profiling, personalised advertising). We have no influence over this data processing.

The integration of YouTube is based on our legitimate interest in providing an attractive presentation of our online offerings and in the efficient delivery of video content.

Further information can be found in Google’s privacy policy: https://policies.google.com/privacy

YouTube videos are only loaded after you have given your consent to data processing via the cookie banner or directly in the video placeholder.

9. Integration of Google Maps

Our website may display maps from the Google Maps service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access a page with embedded Google Maps content, data is transmitted to Google, in particular:

  • IP address
  • Information about the browser and device used
  • The subpage accessed
  • Date and time of access
  • Data may be transferred to the USA or other third countries. Google may process this data for its own purposes. We have no influence over this.

The use of Google Maps is in the interest of providing an attractive presentation of our online offerings and making it easier to find the locations we indicate.

Further information on data processing by Google can be found at: https://policies.google.com/privacy

Google Maps is only loaded after you have given your consent via the cookie banner or directly in the map area.

10. Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not set cookies and does not create user profiles. However, the tool allows us to manage and trigger other tags (e.g. analytics or marketing tools) on our website.

When Google Tag Manager is executed, your IP address and possibly further technical data (browser, device, page accessed, date/time) are transmitted to Google. This data may be processed by Google for its own purposes and may be transferred to third countries (in particular the USA).

The use of Google Tag Manager is based on our legitimate interest in the efficient, secure and technically flexible management of tracking and analytics tools.

Tags for statistics and marketing purposes are only activated after you have given your consent in the cookie banner.

11. Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), in order to analyse and improve the use of our website.

Google Analytics uses cookies and similar technologies to collect information about the use of the website. In particular, the following data is processed:

  • IP address (shortened / IP anonymisation enabled)
  • Information about browser and device
  • Pages viewed and interactions
  • Date and time of access
  • Approximate location data (region, based on IP address)
  • Technical events (e.g. scrolling, clicks, session duration)

IP anonymisation

We have configured Google Analytics so that IP anonymisation is enabled before storage. This means that the IP address is shortened and not stored in full, and can therefore no longer be directly associated with an individual person.

Data transfer to the USA

Google may transfer data to the USA or other third countries. Google uses Standard Contractual Clauses (SCCs) and additional safeguards for this purpose. However, we have no influence on whether and how Google may also use this data for its own purposes.

Purpose of processing

Processing is carried out in order to analyse the use of our website, create statistical evaluations and optimise our online offering.

Retention of data

By default, data in Google Analytics is stored for between 2 and 14 months (depending on the setting). We use the shortest possible retention period wherever this is functionally feasible.

Legal basis / consent

Google Analytics is only activated after you have given your consent to statistics cookies in the cookie banner.
You may withdraw your consent at any time via the cookie banner.

Data processing agreement

We have concluded a data processing agreement with Google (Art. 9 Swiss Data Protection Act / Art. 28 GDPR), which governs the use of Google Analytics.

Further information

Google privacy policy: https://policies.google.com/privacy

Information about Google Analytics: https://support.google.com/analytics

12. Google Fonts (locally hosted)

We use fonts from Google Fonts on our website. The fonts are hosted locally on our own server. No connection is made to Google servers for this purpose. As a result, no personal data is transmitted to Google in connection with the use of these fonts.

13. Newsletter with MailPoet (locally hosted)

You have the option of subscribing to our newsletter. The newsletter is sent using the WordPress plugin MailPoet, which is operated on our own server in Switzerland. No data is transferred to external newsletter service providers.

For newsletter registration, we collect and process in particular:

  • Email address
  • First and last name (if requested)
  • Date and time of registration
  • IP address at the time of registration (proof of consent / double opt-in)

Data is processed for the purpose of sending information about our company, our products and services.

Legal basis and double opt-in

Processing is based on your consent. After registering, you will receive an email asking you to confirm your registration (double opt-in). Your subscription is only completed after this confirmation.

You can withdraw your consent at any time by unsubscribing via the link in the newsletter or by contacting us directly. In this case, your data will be deleted for newsletter purposes, unless statutory retention obligations require otherwise.

Sending and logging data

MailPoet may generate statistical evaluations, for example whether a newsletter has been opened or which links have been clicked. These evaluations help us to optimise our newsletter offering. Any analysis is carried out, if at all, only in aggregated form or in a strongly limited, non-personalised manner.

14. Your Rights

If you are located in the EEA, you have the right to request access to, correction or deletion of your data, or restriction of processing, as well as the right to object to the processing of your data. You also have the right to data portability, in accordance with applicable laws. Below is a summary of these rights:

  • Right of access: You have the right to request a copy of your data.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: Under certain circumstances, you can ask us to delete your data—for example, if it is no longer needed for processing or if you believe processing is unlawful. This request may be denied if processing is necessary for compliance with a legal obligation in the EU or Ireland or to establish or defend legal claims.
  • Right to restrict processing: You can request we suspend the processing of your data, for example, while we verify its accuracy or assess our legitimate interest.
  • Right to object: You can object to the processing of your data based on our legitimate interests (or those of third parties). We will stop processing unless there are compelling legitimate grounds or if processing is necessary to establish or defend legal claims. You also have the right to object to data processing for direct marketing.
  • Right to data portability: You can request we transfer your data to another party or provide it to you so you can transfer it yourself.

These rights may not be exercised in certain cases, such as when processing is necessary to comply with a legal obligation or for legal claims. Please send requests to exercise your rights to info@filax-medical.com. We will respond within one month in writing (including electronically) or verbally if requested. We may require proof of identity. 

We may reject your request if it is clearly unfounded, excessive, or violates data protection law.
You also have the right to lodge a complaint with a data protection supervisory authority, especially in the EU Member State of your residence, place of work, or where the alleged infringement occurred, if you believe that the processing of your data violates the EU General Data Protection Regulation.

15. Security and Data Storage Location

We are committed to protecting your data. We use various security technologies and procedures to protect your data from unauthorized access and unlawful use. While modern security measures are effective, no physical or electronic system is completely secure. We cannot guarantee the absolute security of data transmitted by you. We have strict internal policies in place to protect your data at all levels of our organization. We continuously review our policies and implement additional security features as new technologies become available.

16. Changes to this Privacy Policy

We reserve the right to change this privacy policy at our sole discretion when needed. If we make changes, we will notify you. This privacy policy was created on January 20, 2025.

17. Contact Us

Please send questions, comments, requests, and complaints regarding this privacy policy and the information we hold about you to the following email address: info@filax-medical.com, or by mail to:

Filax Medical AG
Aeschenplatz 6
CH-4052 Basel, Switzerland
All inquiries will be handled in accordance with local laws.

Last updated: December 2025