Our website is intended for healthcare facilities (doctors, nursing staff, hospital administrators, health insurance companies) and not for consumers.
We ask patients and other interested persons to contact their treating doctor for information, as we are unable to provide medical information.
However, if you do contact us, you have to agree to the processing of data. Otherwise, we will not be able to reply to you.
Irrespective of this, we explain the legal bases and your rights to you below:
1. Information about the Controller
Boston Medical Products, Inc, 70 Chestnut Street, Shrewsbury, MA 01545 USA,
represented by its president Stuart K. Montgomery
2. Data Protection Officer
3. Competent supervisory authority
4. Purposes of processing
With the exception of compulsory legal requirements, we do not process any personal data, and when we are obliged to do so, we process the data in anonymised form. Anonymised means that an individual cannot be identified from the stored data, but this person can be contacted in connection with the medical facility (e.g. if transmission of safety information is ordered by an authority).
5. Legal bases of processing
The data are collected and managed in consideration of legal requirements, among other, of the GDPR, Directive 93/42/EEC, the Act on Medical Devices, and/or the Medical Device Directive (MDR), see Art. 6 (1) c) GDPR.
If you contact us, the data will be stored due to your initiation of contact, see Art. 6 (1) b) and f) GDPR.
After that, the data will be stored for as and to the extent necessary for defense against asserted claims, see Art. 6 (1) f) GDPR.
6. Which data do we process?
Data are processed on the basis of legal regulations and only to the extent that the storage of these data is necessary.
If a consumer contacts us, we save the information transmitted to us.
7. Recipients of data
The data are not passed on to third parties, unless we are required to do so by law.
8. Your rights
a. Information: You have the right to receive information about your personal data processed by us and request access to your personal data and/or copies of these data. This includes information about the purpose of use, the category of the used data, their recipients and who is authorised to access them, and, if possible, the planned duration of data storage or, if this is not possible, the criteria for the determination of duration.
b. Rectification, deletion or restriction of processing: You have the right to ask us to rectify your incorrect personal data immediately. In consideration of the purposes of processing, you have the right to ask us to complete incomplete personal data – also by means of a supplementary declaration.
c. Right to object: If the processing of your personal data is done on the basis of Art. 6 (1) f) GDPR, you have the right to object to the processing of your data for reasons arising from your particular situation. In this case, we will no longer process your personal data, unless we are able to demonstrate compelling, legitimate reasons for processing, which override your interests, rights and freedoms, or the processing is done in order to assert, exercise our legal claims or defend ourselves against legal claims.
d. Right of withdrawal: If the processing is based on consent, you have the right to withdraw your consent at any time, but the lawfulness of the use made on the basis of the consent until withdrawal will remain unaffected.
e. Right to restriction of processing: You have the right to restrict the processing, if one of the following requirements is fulfilled:
- You dispute the accuracy of the personal data, in which case you can restrict their processing for a period that allows us to verify the accuracy of the personal data.
- The processing is unlawful and you decline the deletion of the personal data and request instead the restriction of the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend yourself against legal claims, or
- You objected to the processing in accordance with paragraph 8.c above, in which processing can be restricted for as long as it has not been determined whether our justified reasons prevail over yours. If processing is restricted in accordance with this paragraph 8.e, these personal data – except for their storage – may only be processed with your consent or to assert, exercise or defend against legal claims, or to protect the rights of another natural or legal person, or due to an important public interest. If you were granted a restriction of processing, you will be informed before the restriction is lifted.
f. Right to deletion: You have the right to request that we delete your personal data immediately, and we are obliged to immediately delete personal data in the presence of one of the following reasons:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You object to the processing in accordance with paragraph 8.c above and there are no overriding justified reasons for the processing.
- The personal data were processed unlawfully.
- The deletion of the personal data is necessary to fulfill a legal obligation.
This does not apply if the processing is necessary:
- to fulfill a legal obligation that requires the processing and/or storage.
- to assert, exercise or defend against legal claims.
g. Right to lodge a complaint: Irrespective of other administrative or judicial remedies, you have the right to lodge a complaint with the supervisory authority competent in our case or one of the other data protection authorities of your choice, if you believe that the processing of your personal data violates the GDPR and/or the BDSG [German Federal Data Protection Act].
9. Duration of storage
For data that we collect in the framework of legal requirements and/or for contract performance, deletion can only be requested with limitations (e.g. telephone number, e-mail address, see Art. 17 and 21 GDPR, i.e. only to the extent that the processing did/does not take place on the basis of Art. 6 (1) b), c) and/or f) GDPR. The storage and/or retention period is usually 10 years at the end of the calendar year, but for medical products possibly “for life”.
The stored data are protected from access though.
10. Consequences of not providing the necessary data
If the personal data are not provided to us (in anonymised form), e.g. in the scope of Annex VII to Directive 93/42/EEC, we cannot manufacture the medical device.
If you contact us as a consumer, you thereby agree to the processing of data. Otherwise, we will not be able to reply to you.
11. Transmission of personal data to a third country or to an international organisation
This is not performed and is not planned: a) to store the data for purposes other than the mentioned legal and contractual purposes; b) to transfer the data to third parties that are not mentioned; c) to save or process the data in a third country; and d) to transfer them to a third country or to international organisations.
12. Cookies and tracking/analytics on websites
Our websites use session cookies. Sessions cookies are cookies that are deleted at the end of the browser session. Their purpose is to facilitate your use of the website. For example, the settings for a date of a query are transferred to another one, so you do not have to enter these settings repeatedly.
The following session cookies are used:
- fe_typo_user (TYPO3 Frontend Session Cookie, deleted when the browser is closed)
- PHPSESSID (PHP Session Cookie, deleted when the browser is closed)
The cookies described above are necessary for the normal operation of the website and cannot be deactivated. However, you can deactivate the storage of cookies in your browser, limit it to certain websites or set your browser to notify you when a cookie is being stored. In addition, you can delete cookies from the hard disk of your PC at any time.
We do not store, track or analyse session cookies.
We do not use tracking/analytics.