Welcome

 Dräger SafeTrack Privacy Policy (except Japan) Dräger is committed to protecting the privacy rights of everyone whose personal data is processed by Dräger. Therefore, in this Privacy Information we answer the most important questions about the nature, scope and purpose of the processing of your data This Policy applies to the websites of Dräger SafeTrack: https://draegersafetrackeu.draeger.com and https://draegersafetrack-au.draeger.com. Please refer to our Provider Identification for information on the data controller (“Dräger” or “we”) as defined under Data Protection law (for those users from the European Union: Article 4 (7) of the General Data Protection Regulation). Notwithstanding the above, the Dräger company responsible for the provision of goods or services is the Dräger company that is your contractual partner for the provision of the goods or services within the meaning of data protection law. Information on the relevant Dräger company can be found in the conditions for the provision of the respective goods or services. Whom can I contact at Dräger if I have any questions about data protection? Please feel free to contact our Group Data Protection Officer with your questions about the processing of your personal data and to request information, correction or deletion by email: dataprivacy@draeger.com or by mail: Drägerwerk AG & Co. KGaA Group Data Protection Officer Moislinger Allee 53-55 23558 Lübeck Germany How does Dräger process my data? We collect and process your data exclusively for predefined purposes. These can result from technical necessities, contractual requirements or specific user requests. In addition, we only use your data if you have given us your prior consent. When you visit our website, we process personal data that your browser transmits to our server. This data (so-called log files) is technically necessary to display our website and to ensure stability and security. Log files record the following data: • IP address • Date and time of the request • Time zone difference from Greenwich Mean Time (GMT) • Content of the request (specific page) • Access status/HTTP status code • Amount of data transferred in each case • Web page from which the request comes • Browser • Operating system and its interface • Language and version of the browser software For users from the European Union: The processing is based on Art. 6 (1) f) GDPR to protect our legitimate interest in the trouble-free operation of our website. The data is stored until a certain storage limit is reached and then automatically deleted or anonymized. Version 2.2 Further information on the storage, processing and purpose of the respective data collection can be found below and, where applicable, additionally in the terms of use of the individual web services. When does Dräger process my personal data? Provision of Dräger SafeTrack Web-Application When you use the Dräger SafeTrack service at Dräger, we use the personal information you provide to carry out the service. This may include taking the necessary steps before entering into a contract, answering your related questions, transmitting shipping and billing information, and processing or providing customer feedback and support. The use of Dräger SafeTrack is in a closed area, for which a registration with login is necessary ("user account"). The user is authenticated via such a login. Authorizations can be assigned to the user account, e.g. access for the respective functions is controlled via this. In order to create a user account, certain mandatory information (e.g. first name, last name and e-mail address) is required to create the user account in our online user data management, which is carried out centrally by the respective Dräger organization. After account creation you will receive an e-mail from us verifying the e-mail address used in order to complete the registration and create your user account. As part of the service provision of the application, we implement extensive technical and organizational measures to ensure sustainable data security for our customers and users. These include, but are not limited to, change logs for all write operations performed by the user, access logs for personal data (with ID, timestamp) and application login (IP address). For users from the European Union: The legal basis for the processing of this data is the provision of the service and protection of our legitimate interest within the meaning of Art. 6 (1) b) and f) GDPR. Our legitimate interest is to be able to offer the service to our users and to avoid disruptions and fraud attempts. We carry out the registration and user administration using Okta Inc ("Okta ID") seated in the USA. Twilio SendGrid We use the Twilio SendGrid e-mail services ("Twilio SendGrid"), provided by Twilio Inc, 101 Spear St FL 5 San Francisco, CA, 94105-1554 United States, to communicate with you as part of the provision of our services. For this purpose, the data required for communication (such as recipient address, subject, date and method of communication) are processed. For users from the European Union: The legal basis for the processing of this data is the fulfillment of a contract within the meaning of Art. 6 (1) b) GDPR. Further information on data processing at Twilio SendGrid can be found at https://sendgrid.com/en-us/resource/general-data-protection-regulation-2 Website Optimization / Error Analysis Our objective is to further improve our website for you. To this purpose, we use various web analysis tools that provide us with answers to certain questions, such as: Which of our pages did you visit? Which links did you click on? A list of these tools can be found at: "What services does Draeger use on the website?". Insofar as personal data is processed, this processing is based on our legitimate interest for users from the European Union pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest results from the following purposes of data collection: ensuring a smooth connection setup, ensuring a comfortable use of our website and/or application, and analyzing system security and stability. Version 2.2 For this purpose we use the Sentry service of Functional Software Inc. 45 Fremont Street, 8th Floor, San Francisco, CA 94105 ("Sentry") for error analysis. Sentry is a platform that helps to diagnose and optimize the performance of our software code. This is essentially based on technical information. Insofar as personal data is processed, this concerns the IP address. The retention period is 90 days. For more information about the processing of personal data in connection with Sentry, please visit https://sentry.io/privacy/. Contacting you Have you used one of our contact forms to request information about products and services from Dräger? Generally speaking, we use the data you state in the form to process your request. You can also give us your separate consent before sending your contact request if you are also interested in additional information, such as invitations to events, webinars, or product information. For users from the European Union: The legal basis for the processing of this data is the declaration of consent given by you within the meaning of Article 6 (1) b) GDPR. Customer satisfaction surveys We are very interested in finding out whether you were satisfied with the service we provided and whether we can do anything differently in the future. We therefore use the contact data shared in this context to contact a group of customers selected at random following our interaction with them. To contact customers, Dräger may sometimes use external service providers with whom corresponding data protection agreements are in place. For users from the European Union: The legal basis for the processing of this data is our legitimate interest within the meaning of Article 6 (1) (f) GDPR. Our legitimate interest is derived from the following purposes of data collection: determining the satisfaction of current Dräger customers following the purchase or repair of a Dräger product. Since you are already a Dräger customer at that time, we presume that you agree to us contacting you to find out whether you are satisfied with us. Voluntary information disclosure In addition, we process personal data that you voluntarily provide to us. Such data processing is based on Article 6 (1) (f) GDPR. Our legitimate interest in these cases is to be able to process your request. Does Dräger use cookies? In order to make our offer as user-friendly as possible, we also use so-called cookies and similar technologies, as do many other companies. What are cookies? Cookies are small text files that your browser automatically creates and that are stored on your end device (e.g. laptop) when you visit our website. Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves to make the use of our offers continuously more pleasant and suitable for you. For example, we use so-called session cookies so that you remain continuously logged in after a login and do not have to log in again for each interaction on the website. The session cookies are automatically deleted after you leave our website. Cookie-Settings Most browsers accept cookies automatically. However, you can also set your browser so that no cookies are stored on your end device or a message always appears before a new cookie is created. Please note, however, that the deactivation of certain cookies or the complete deactivation of cookies may mean that you cannot use all the functions of our website. Version 2.2 Legal basis for the use of cookies Insofar as the use of cookies is technically necessary for the operation of our website, the use of cookies is permitted without the consent of the website visitor. Does Dräger share my data with others? Dräger reserves the right to share the data you transmit to us with our subsidiaries and if applicable with specialist retailers (dealers) throughout the world. However, we share it only if doing so is necessary to process your data for its intended purpose. Within the scope of the provision of services, the following subcontractors are used depending on the data controller / the Dräger company responsible for the provision of goods or services. We have implemented safeguards (contractual and technical) to comply with the relevant data protection regulations. - The companies of the Dräger Group required to provide services for operation and support include in particular Drägerwerk AG & Co. KGaA, Dräger Safety AG Co. KGaA, each based in Lübeck, Germany, and Dräger Tehnika d.o.o., based in Belgrade, Serbia. - The Azure solution by Microsoft Ireland Operations Limited, Dublin, is used for the technical hosting of the cloud infrastructure. The servers used are located in Amsterdam, Netherlands. - MongoDB Ltd., Dublin, Ireland is used as database provider. - The development and technical support for Dräger SafeTrack is provided by QuaDigi, UAB , located in Vilnius, Lithuania. Is data transferred to countries outside the EU or the EEA? In principle, the processing of personal data by us takes place within the EU or the European Economic Area. In individual cases, however, it may be necessary for us to transfer information to recipients in so-called "third countries". "Third countries" are countries outside the European Union or the Agreement on the European Economic Area in which it cannot be assumed without further ado that the level of data protection is comparable to that in the European Union. If the information transferred also includes personal data, we will ensure before such transfer that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision" of the European Commission, which establishes an adequate level of data protection for a specific third country as a whole. Alternatively, we may also base the data transfer on the so-called EU standard contractual clauses agreed with a recipient or on a declaration of consent provided by you accordingly. We will be happy to provide you with further information on the appropriate and adequate safeguards for compliance with an adequate level of data protection upon request. You can find more information on the so-called EU standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-dataprotection/standard-contractual-clauses-scc_en and information on the adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-dataprotection/adequacy-decisions_en. How long is personal data stored? In principle, we store personal data as long as this is necessary for the purpose of processing or we have a legitimate interest in this storage and your interests in not continuing the storage or processing do not outweigh. This means that we generally only store your data for as long as this is necessary to provide our website and the associated services, or we are legally obliged to store this data. We also delete personal data without any action on the part of the respective data subject as soon as it is no longer required for the processing purpose or the storage is otherwise legally inadmissible. As a rule the data is deleted or anonymized after the period of time specified above for the respective data processing or website function described in more detail; Version 2.2 the data processed in connection with a business relationship (in particular in connection with products ordered from us) will be deleted after expiry of the statutory retention periods; and the data processed in connection with the customer account will be deleted upon deletion of the respective customer account, unless further storage is required to comply with legal or contractual retention periods in connection with the respective business relationship. Those personal data that we have to store to fulfil retention obligations will be stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the fulfilment of retention obligations, the processing in this regard is generally restricted so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation. What rights do I have as a data subject? The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data. If the legal requirements are met, you as a data subject within the scope of Art. 4 No. 1 of the GDPR have various rights against us, which we would like to inform you about in more detail below. You will also find details on this directly in Art. 15 to 21 of the GDPR. In order to exercise these rights, you can simply contact our Group Data Protection Officer, whose contact details are provided above, or conveniently use the technical means provided by us. Right of access, Art. 15 GDPR You have the right to receive information from us about whether and what data we process about you. This includes, among other things, information about how long and for what purpose we process the data, where it comes from and to which recipients or categories of recipients we transfer it. In addition, we may provide you with a copy of this data. Right to rectification, Art. 16 GDPR As a data subject, you have the right to request that we rectify information about you that is not or no longer accurate without undue delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties about this correction if we have transferred your data to them. Right to erasure (so-called "right to be forgotten"), Art. 17 GDPR As a data subject, you have the right to request that we erase your personal data without delay if one of the following reasons applies: • Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved; • You revoke consent and there is no other legal basis for the processing; • You object to the processing and there are no overriding legitimate reasons for the processing; in the case of use of personal data for direct marketing, a sole objection by you to the processing is sufficient; • your personal data have been processed unlawfully; • the erasure of your personal data is necessary for the purposes of complying with a legal obligation under Union or Member State law to which we are subject. Please note that your right to erasure may be restricted by legal provisions. These include in particular the restrictions listed in Art.17 GDPR and § 35 BDSG. Right to restriction of processing (blocking), Art. 18 GDPR As a data subject, you also have the right to request us to restrict the processing of your personal data if one of the following conditions is met: Version 2.2 • You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data; • The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data; • We no longer need your personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or • You have objected to the processing as long as it has not yet been determined whether our legitimate grounds prevail over yours. If you have obtained a restriction of processing in accordance with the above list, we will inform you before the restriction is revoked. Right of withdrawal for consents, Art. 7 (3) GDPR You may withdraw any consent given to us at any time with effect for the future. This withdrawal can be made in the form of an informal communication to the above contact addresses or via the technical means provided by us for this purpose. If you revoke your consent, this will not affect the lawfulness of the data processing carried out up to that point. Right to data portability, Art. 20 GDPR As a data subject, you have the right to receive personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to others. Details and restrictions can be found in Art. 20 GDPR. The exercise of this right does not affect your right to erasure. Right to lodge a complaint with a supervisory authority, Art. 77 GDPR If you have the opinion that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities, i.e. in particular the Independent Centre for Data Protection Schleswig-Holstein or the respective supervisory authority in the member state of your place of residence, your place of work or the place of the alleged data protection violation. Right to object, Art. 21 GDPR As a data subject, you have the right to object at any time, on the grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. In the event of such an objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms as a data subject, or the processing serves the purpose of asserting, exercising or defending legal claims. If we process personal data for the purpose of direct marketing, you as the data subject have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such dire