HAT App

The operator of this App and the responsible controller in terms of data protection is: 

B. Braun Medical AG
Seesatz 17
6204 Sempach
Switzerland

Business responsible: info.bbmch@bbraun.com
Data Protection Officer: dataprotection.ch@bbraun.com

This data protection declaration applies to data, including personal data, which is collected about you when you use the B. Braun application. Personal data are data or a combination of individual data by which you can be identified as a user or by which you can be identified. It is not possible to use our application without providing certain personal data (e.g. name of the super-user and the auditor, email address, etc. according to the form to be completed).

We process your personal data in compliance with the data protection laws of Switzerland (Federal Act on Data Protection) and the European General Data Protection Regulation (GDPR).

As an international company, we work together with external service providers. To the extent that processed information contains personal content, corresponding contractual agreements and organizational measures have been enacted according to applicable law which ensure the security of your information.

In our company, compliance with the statutory provisions and this declaration is monitored by our internal data protection officer.

Our employees are trained to handle personal data and have committed in writing to comply with data protection regulations.

We draw your attention to the fact that data transmission via the Internet (e.g. when communicating by e-mail) may involve gaps in security. We attempt to protect your data from unauthorized access by third parties by means of precautions such as pseudonymization, data economy, observing deletion periods and in consideration of the current state of the art technology. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.

If you use our application, data is processed through the login and registration: Individual data is collected when the app is downloaded, other data is collected when a user account is created (registration) and when logging in, and other data is processed when the application is used ; some of the data is processed automatically. In detail, the following personal data are processed:

Last name, first name, email address, place of work, password, auditor processes, access time, IP address, operating system used, browser, MAC address.

3.1 Data collected during the download
You can freely choose the App Store for the download (e.g. Google Play or Apple App Store). When the app is downloaded, information is sent to the selected app store. What information this is can differ depending on the app store. In particular, the following data can be processed during the download: user name, email address, customer number of your account at the App Store, the time of the download, payment information and individual device code.

This data is processed by the selected app store. We have no influence on the processing of this data. Please inquire about the data protection provisions of the app store.

3.2 Data that is automatically collected during use
In order to be able to use the app, certain data are required. The following data is therefore automatically collected during use: internal device ID, version of your operating system, time of access, duration of access, interaction with the system, audits.

This data, which is automatically transmitted to us, is used to enable you to use the app and to provide you with the associated functions. They serve to maintain and improve the security of the app, the technical administration as well as to optimize the app and avoid malfunctions. The processing of this data takes place within the framework of the contract that we have with you through the use of the app and in the mutual interest of being able to maintain the use and function of the app (Art. 13 Para. 1 and 2 let. a DSG, Art. 6 Para. 1 Letters f GDPR).

This data is stored by us and can be used anonymously for the hygiene benchmark of your company. We point out that no data is saved about the audited person, only information about the auditor is saved.

3.3 Creation of the user account (registration) and registration
When you create a user account or log into the app, we process your access data. The mandatory information includes those data that are marked with an asterisk during registration. These data are required for the conclusion of the user contract. If you do not provide this information, you will not be able to register or use the app.

We use this data to authenticate you as the owner of the account and when you log into this account and to comply with your possible request to reset the password. The data is necessary to verify your authorization to manage the user account and to guarantee you access to and management of your user account. The processing of the data is therefore in the interests of both parties.

We also need the data to enforce the terms of use of the app as well as all related rights and obligations (Art. 13 Para. 1 and 2 Letter a GDPR, Art. 6 Paragraph 1 Letter b GDPR). In addition, we use the data to be able to contact you and to send you messages such as technical or legal notices, updates, security messages or other messages relating to the administration of the user account (Art. 13 Para. 1 DSG , Art. 6 Paragraph 1 Letter f GDPR).

3.4 Use of the app
While using the application, you can enter, manage and edit various information. You determine the scope of this information yourself and thus shape your own application

The app also requires the following permissions:

• Internet access: The app requires Internet access in order to transfer your recorded data to our servers via an encrypted connection. The data connection of your mobile phone is used for this.

We process the usage data you have entered in order to provide the app, which benefits both you and us and what is necessary to fulfill the usage contract between you and us (Art. 13 Paragraph 1 and Paragraph 2 Letter a DSG , Art. 6 Paragraph 1 Letter b GDPR).

3.5 Use of the app and the internet connection
When you visit our website, our web server temporarily stores every access in a log file. The following data is recorded and stored until it is automatically deleted:

• Anonymized IP address of the requesting computer
• Date and time of access
• Name and URL of the data accessed
• Notification whether the call was successful
• Identification data of the browser and operating system used
• Website from which access is made
• Name of your Internet access provider

The lawful processing of this data takes place for the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure and the optimization of the Internet offer. By agreeing to this data protection declaration, you are giving your consent that we may collect this data. You have the option to object to this data processing. If you object to the use of the data, we point out that only limited use or no use of our services may be possible.

Beyond the aforementioned cases, this personal data will not be processed unless you expressly consent to further processing.

3.6 Use of cookies
Our website also uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. They do no harm to your computer and do not contain any viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Some cookies (so-called "functional cookies", e.g. for language setting and ordering processes) are those that are absolutely necessary to ensure essential functions of the website. Without this, the website cannot be used as intended.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when you close the browser. If you reject the use of cookies (a possible setting in your browser), you can still use our website (possibly restricted).

3.7. Data protection declaration for the use of third-party software on our website
In our application it cannot be ruled out in the future that we will use third-party software to analyze application activity. When using such third-party software, this will be listed accordingly at this point.

You can access external links within our application. The usage and data protection provisions of these providers apply to the use of these links. For more information, read the terms of use available at

• www.youtube.com/t/terms
• https://policies.google.com/privacy?hl=de&gl=de
• https://www.youtube.com/intl/de/about/policies/#community-guidelines
• https://www.who.int/about/who-we-are/privacy-policy
• https://www.nejmgroup.org/legal/terms-of-use.htm?query=footer
• https://www.nejmgroup.org/legal/privacy-policy.htm?query=footer

We have no influence on the terms of use of third-party providers. By following the links, you accept the terms of use of the third party providers.

Your personal data will not be passed on to third parties, i.e. not to persons outside B.Braun, unless you have given us your prior consent or it is legally permissible or necessary.

The transfer within B.Braun is necessary for administrative purposes (Art. 13 Paragraph 2 Letter a GDPR, Art. 6 Paragraph 1 Letter f GDPR).

In order for us to be able to provide and operate the app, we rely on external service providers. For this purpose, any data can be passed on to these service providers. We have carefully selected, checked and contracted these service providers (Art. 6 Paragraph 1 Letter f and Art. 28 Paragraph 1 GDPR).

If it is necessary to investigate illegal or improper use of the app or for legal prosecution, personal data will be passed on to the law enforcement authorities or other authorities and, if necessary, to harmed third parties or legal representatives. A transfer can also take place if this serves to enforce conditions of use or other legal claims or if we have to provide information to law enforcement authorities and other authorities (Art. 13 Para. 1 GDPR, Art. 6 Para. 1 Letter f GDPR).

We only transfer your data to countries outside Switzerland or the European Union/European Economic Area (third countries) if

• it is necessary for the fulfilment of your orders,
  
• it is required by law or
• you have given us your consent.

If we transfer your data to a third country or to an international organisation, this is always done in accordance with the provisions of the FADP and the GDPR. Furthermore, in accordance with the principle of data minimisation, we only transfer data that is limited to the necessary minimum.

In some cases, we use service providers whose registered office, parent company or subcontractor is based in a third country. Your data will only be transferred if the Federal Council of Switzerland and the European Commission have decided that an adequate level of protection exists in a third country (Art. 16 para. 1 FADP and Art. 45 GDPR), suitable guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective legal remedies are available to you as a data subject. We have contractually regulated compliance with the European General Data Protection Regulation and its requirements with the service providers.

Your personal data will be transferred to the EU, to the Philippines and to the USA. We have taken appropriate safeguards for the transfer of data to the Philippines, in particular data storage location in the EU, conclusion of standard contractual clauses and technical and organisational measures to prevent access by authorities (e.g. encryption and support obligations).

We delete or anonymize your personal data as soon as they are no longer required for the purposes for which they were collected. As a rule, we store your personal data for the duration of the contractual relationship between you and us. The information on the storage of data in accordance with section 3 is reserved.

The data will then be stored longer if it is necessary for criminal prosecution or to secure, assert or enforce legal claims. Other legal requirements for the storage and deletion of personal data (e.g. tax reasons) are reserved.

This does not apply to data whose erasure would involve disproportionate effort. In cases like these, B. Braun is deemed to have a legitimate interest within the meaning of Article 6(1) (f) GDPR in storing your data.

You have the right at any time to:

• Free information about your stored personal data, its origin and recipients and the purpose of the data processing,
  
• Correction of data,
• blocking of data,
• deletion of data,
• Receive your data in a structured, commonly used and machine-readable format (right to data portability).

You have the right to object to the processing of your personal data. With regard to the right of objection, the provisions of the DSG (Art. 12 Para. 2 lit. b DSG) or the GDPR (Art. 21 GDPR apply, depending on the applicable law.

In this case, we will stop processing your personal data, unless we can prove that our interest in data processing outweighs your interest in stopping processing. Stopping data processing is then not possible if there are legal obligations.

To exercise this right, contact the person responsible in writing (by post) or by email (section 1).

If you have questions regarding the processing of your personal information, you can contact our data privacy officer and his/her team directly. They are also available for information requests, inquiries or complaints:

Data Protection Department
Christian Audergon
B. Braun Medical AG
Seesatz 17
6204 Sempach
Switzerland

Data Protection Officer: dataprotection.ch@bbraun.com

If you wish to exercise your right to lodge a complaint with the supervisory authority with jurisdiction.

In Switzerland this is:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch

In the European Union the representative of the controller is:
B. Braun Melsungen AG, Carl-Braun-Strasse 1, 34212 Melsungen. Germany, Datenschutz@bbraun.com

In all other countries, report to your local data protection authority.