Ovitas, Inc. Privacy Statement
The information in this declaration applies to the processing of personal data on ovitas.com and other Ovitas, Inc. online properties, collectively referred to as ovitas.com. and is intended to inform you of the extent of processing, the purposes of processing, the recipients, legal bases, storage periods and your rights. Personal data are all information relating to an identified or identifiable person (hereinafter also referred to as “data subject”), for example your name, your address or your e-mail address. Processing” of personal data means in particular the collection, storage, use and transmission of such data.
Name and Address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:
Ovitas, Inc.
155 Middlesex Turnpike
Burlington, MA 01803
United States
Phone: +1 (781) 222-5220
https://www.ovitas.com
I. General information on data processing
1. Legal basis for the processing of personal data
Insofar as the data subject has given consent to the processing of his or her personal data for one or more specific purposes, legal basis is Art. 6 para. 1 lit. a GDPR.
Insofar as the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, legal basis is Art. 6 para. 1 lit. b GDPR.
Insofar as the processing is necessary for compliance with a legal obligation to which the controller is subject, legal basis is Art. 6 para. 1 lit. c GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, legal basis is Art. 6 para. 1 lit. f GDPR.
2. Data erasure and storage time
The personal data of the data subject will be erased or processing restricted as soon as the purpose of storage ceases to apply. In certain cases, data can be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject.
II. Provision of the website and creation of log files
1. Description and extent of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing device (computer, smartphone, tablet, etc.). The following data is collected:
- Information about the browser type and version used
- The operating system of the accessing device
- The IP address of the accessing device
- Date and time of access
- Websites from which the system of the accessing device reaches our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s device. For this the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in processing the data also lies in these purposes.
4. Storage time
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this will happen after seven days at the latest. Further storage is possible. In this case, however, the IP addresses of the users are erased or made anonymous, so that an identification of the accessing client is no longer possible.
III. Usage of Cookies
1. Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again. The following data is stored and transmitted in the cookies:
- User interface settings
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para 1 lit. f GDPR.
3. Purpose of data processing
The purpose of using cookies is to simplify the use of our website for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a change of pages within our internet presence. The cookies are not used to create user profiles. We need cookies for the following applications:
- User interface configuration
In these purposes is also our legitimate interest in the processing of personal data.
4. Storage time
Cookies are stored on your device with which you access our website and are transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.
IV. Requests by E-Mail
1. Description and extent of data processing
It is possible to contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted via e-mail will be stored.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
Purpose of data processing is the handling of requests and other questions. The processing of personal data serves us solely to handle the contact approach or application. This is also our legitimate interest in the processing of the data.
4. Storage time
The data will be erased as soon as the purpose of its collection is no longer given. For the personal data that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is finished when the circumstances indicate that the matter in question has been solved.
If data is collected in the course of e-mail communication which we are obliged to store due to tax, commercial law or other regulations, it will not be erased until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.
V. Web analysis with Google Analytics
1. Description and extent of data processing
Our website uses Google Universal Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Universal Analytics uses “cookies”, which are text files placed on users’ computers, to help the website analyze how users use the site. The information generated by the cookie about the use of the website by users is generally transferred to a Google server in the USA and stored there. IP anonymization has been activated on this website so that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area are previously shortened. In some cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the users, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Universal Analytics is not merged with other Google data.
2. Legal basis for data processing
The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The processing of user data by Google Analytics enables us to analyze the surfing behavior of our users. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of the data. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.
4. Storage time and possibility of objection
Cookies are stored on the user’s device and transmitted to our site from there. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.
You can object to the collection of data described above at any time with effect for the future by using the deactivation add-on for browsers from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en.
You can also prevent data collection by Google Universal Analytics by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you erase the cookies in this browser, you must set the opt-out cookie again.
Further information on terms of use and data protection can be found at:
https://marketingplatform.google.com/about/analytics/terms/us/
https://policies.google.com/privacy
5. Recipient of the data and transfer to a third country
The recipient of the data is Google. For the cases in which personal data is transferred to the USA, a transfer to Google in the USA as a third country within the meaning of the GDPR is permitted, since an appropriate level of data protection is given for the USA in relation to this company.
On the basis of Art 25 para. 6 EU-Personal data directive(1995), the EU Commission has issued an adequacy decision in the form of the so-called EU-US Privacy Shield. The EU-US Privacy Shield is an intergovernmental agreement between the United States and the European Union. This agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. A self-certification procedure by the companies under the supervision of the US authorities ensures that only companies that respect data protection equivalent to that of the EU process personal data from the EU in the USA. Google is certified according to the requirements of the EU-US Privacy Shield. This ensures an adequate level of protection for the designated recipients despite the lack of an adequacy resolution by the EU Commission within the meaning of Art. 45 GDPR. The current certifications can be viewed here: https://www.privacyshield.gov/list
VI. Other recipients of personal data (EU only)
For the provision of our website and the offered contact possibilities, we make use of other service providers, including host providers and e-mail providers, each based in the European Union, who process the data stored by them exclusively on our behalf as processors according to Art. 28 GDPR.
VII. Other recipients of personal data (EU only)
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller (in the case of the fulfilment of further conditions regulated in the relevant regulations, if applicable):
- The right of access according to Art. 15 GDPR
- The right to rectification according to Art. 16 GDPR
- The right to erasure (“right to be forgotten”) according to Art. 17 GDPR
- The right to restriction of processing according to Art. 18 GDPR
- The right to a notification according to Art. 19 GDPR
- The right to data portability according to Art. 20 GDPR
- The right to object according to Art. 21 GDPR
- The right not to be subject to a decision based solely on automated processing according to Art. 22 GDPR
- The right to withdraw consent to the processing of personal data according to Art. 7 para. 3 GDPR
To assert these rights, please contact our data protection officer.
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.