Privacy Notice - Edvance MedTech

PRIVACY NOTICE

Last updated: 15 October, 2025

Below you find the privacy notice of Edvance MedTech gGmbH i. G. (hereinafter referred to as “Edvance MedTech”, “we”, “us”, “our”). In this document, we describe how we handle your personal data. This privacy notice consists of a general part that is always applicable and a specific part addressing the various context in which we process personal data. Please select the sections that apply to you.

SECTION A. GENERAL INFORMATION

Definitions

For the purposes of this Privacy Notice, the following definitions apply:

GDPR: The General Data Protection Regulation (EU) 2016/679, which is the primary data protection law in the European Union governing the processing of personal data.
Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’).
Controller: The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, Edvance MedTech gGmbH is the controller.
Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Transfer: Any disclosure, communication, transmission, or making available of personal data to recipients outside the European Economic Area (EEA), including to third countries or international organizations.

Controller

The data controller responsible for your personal data is:

Edvance MedTech gGmbH
Simeonscarré 2,
32423 Minden, Germany

Email: privacy@edvance-medtech.com

Recipients

We may share your data with trusted service providers who assist us in operating our services, including:

Video conferencing platforms (Zoom, Microsoft Teams, or Google Meet)
The educational platform that we use to provide education beyond the webinars
Payment processors
Cloud hosting providers
Email service providers
Technical support providers

We would be happy to provide a full list of processors upon your request.

If we collaborate with educational institutions or non-profits for a specific course, we will update this privacy notice to reflect this per course.

Data Location

Your personal data is hosted and stored in Germany, ensuring compliance with European data protection standards.

International Transfers

Depending on the video conferencing platform used for our services, your Personal Data may be subject to Transfers to an organisation established outside the EEA. For transfers to the United States, we rely on the EU-US Data Privacy Framework adequacy decision where applicable. Where the EU-US Data Privacy Framework does not apply, there is no adequacy decision for the United States, and we use Standard Contractual Clauses (2021/914/EU) for such transfers to ensure the sharing of data meets the standards set in the European Union. You can obtain a copy of these clauses via the contact details at the end of this notice.

In particular, we will apply the following transfer measures:

Zoom: Data may be transferred to the United States. Zoom provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.
Microsoft Teams: Data may be transferred to various countries where Microsoft operates data centers. Microsoft provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.
Google Meet: Data may be transferred to countries where Google operates its infrastructure. Google provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.

We ensure that any Transfer of your Personal Data is conducted in accordance with applicable data protection laws and with appropriate safeguards in place.

Cookies

Our website and mobile application use cookies only for website functionality.

We use a minimal set of cookies to ensure our website functions properly for you. These are ‘functional cookies’ that help with essential features like remembering your language preferences, maintaining security, and enabling contact forms to work correctly. They are automatically placed when you visit our website. As these cookies are strictly necessary for website functionality, they do not require your consent under applicable data protection laws. However, you can disable them through your browser settings, though this may affect website functionality.

Name	Function	Validity
*Complianz (complz_)**	Stores consent choices	12 months
wpEmojiSettingsSupport	Stores browser details	Session
I18nextLng	Language settings	12 months
Loglevel	Session-management	Persistent (until you clean your browser or change the settings)
Forminator	Contact form plugin, allows for reCAPTCHA for security purposes	Session

Functional cookies may be placed without your consent. We base the processing of personal data through these cookies on the basis of our legitimate interest (article 6(1)(f) GDPR) to have a functional website.

Data subject rights

Under applicable data protection laws, you have the following rights:

Right of access: Request information about the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data under certain circumstances
Right to restrict processing: Request limitation of data processing under certain conditions
Right to data portability: Request transfer of your data to another controller
Right to object: Object to processing based on legitimate interests or for direct marketing

If processing, as described in this privacy notice, takes place on the basis of consent, you have the right to withdraw his or her consent to the processing of personal data concerning him or her. This has no consequences for processing that took place prior to the revocation of that consent. The personal data that we have processed up to that moment will be removed, unless another processing basis is applicable to the processing that justifies the storage of the personal data.

To exercise these rights, please contact us using the contact information provided below.

Complaints

If you do not agree with the way in which we process your personal data or if you have any questions about the processing of your personal data or this privacy notice, we kindly request you to contact us at privacy@edvance-medtech.com. If we are unable to resolve this issue, or if you prefer not to discuss your complaint with us, you have at all times the right to contact the data protection authority for Nordrhein-Westfalen, the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen:

Postfach 20 04 44
40102 Düsseldorf
poststelle@ldi.nrw.de
https://www.ldi.nrw.de/

Obligatory Provision of Personal Data

The provision of Personal Data may be required by law, contractual obligation, or necessary to enter into a contract with us. Where Personal Data is required to enter into an agreement, failure to provide such data may result in our inability to provide the requested services or enter into the contract. We will inform you at the point of data collection whether the provision of Personal Data is mandatory and the possible consequences of not providing such data.

Automated Decision-Making and Profiling

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, except for the automated determination of pass/fail results for our educational courses based on your answers to multiple-choice questions. This automated processing is limited to evaluating test responses against predetermined correct answers and does not involve complex algorithms or profiling. Certificates for completion will be issued automatically, based on a pre-determined percentage of correct answers to the aforementioned questions which will be communicated at the start of the course.

Should this change in the future, we will update this Privacy Notice and provide you with meaningful information about the logic involved, the significance and envisaged consequences of such processing, and your rights in relation to automated decision-making.

Changes to this privacy notice

We may update this Privacy Notice from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes through our website or other appropriate communication channels. We will inform you about changes that apply to your specific situation.

Contact information and complaints

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us at:

Edvance MedTech gGmbH
Simeonscarré 2
32423 Minden, Germany
Email: [general e-mail to be inserted] or [privacy e-mail to be inserted]

SECTION B: RESEARCH PARTICIPANTS AND APPLICANTS

Personal Data categories

With respect to research applications and conducting of research, we process the following personal data of (potential) researchers:

Contact and identity information: names, job titles, professional titles, corporate and/or private email addresses, work addresses, employer information
Professional information: resumes, professional background
Research contributions: research data, applications, and related materials

Purposes and legal basis

With respect to research applications and conducting of research, we process Personal Data for the following purposes:

Conducting and managing research in the area of medical devices

Legal basis: our legitimate interest in conducting medical device research and advancing scientific knowledge (article 6(1)(f) GDPR).

Assessing and deciding on research applications and managing funded projects.
Legal basis: our legitimate interests in evaluating research proposals and managing research programs (article 6(1)(f) GDPR).

Managing researcher relationships and funding relating to research led by individual researchers

Legal basis: contract performance where we have a direct relationship with you instead of your employer (article 6(1)(b) GDPR) and our legitimate interest in managing research and providing of funding otherwise (article 6(1)(f) GDPR).

Establishing, exercising or defending Edvance MedTech against legal claims

Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

Retention period for research data

We retain research fellow Personal Data for 10 years after project completion to comply with research documentation requirements and potential follow-up studies. Application materials are retained for 3 years after the application process concludes. Payment information, where applicable, is retained for 10 years as required by German tax law.

Notwithstanding the retention periods specified above, we may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, resolve disputes, or comply with legal obligations. In such cases, Personal Data will be retained only for as long as necessary for these purposes and will be subject to appropriate safeguards.

SECTION C: NEWSLETTER SUBSCRIBERS

Personal Data categories

In order to send you our newsletter, we will process:

Contact information: e-mail addresses, names (if provided)

If you are also a customer of Edvance MedTech, we will also process:

Processing purposes

Sending newsletters and updates about our services or news that may interest you and managing your user preferences, and
Providing updates on relevant industry developments and research undertaken by Edvance MedTech.

Legal basis: consent (article 6(1)(a) GDPR), except if you are an existing customer of Edvance MedTech or receiving funding from Edvance MedTech, in which case the legal basis will be our legitimate interest to inform you about our services and products similar to those you have previously purchased or received funding for.

Establishing, exercising or defending ourself against legal claims

Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

Analyzing engagement for service improvement

Legal basis: our legitimate interest in improving our services (article 6(1)(f) GDPR).

Retention period

If you are an Edvance MedTech customer or a researcher undertaking research with Edvance Medtech, we retain your Personal Data for two years after the last contact or communications, unless you indicate you want to continue receiving our newsletter.

If you are just a subscriber to our newsletter, we will retain your Personal Data until this purpose until you unsubscribe from our newsletter. If you withdraw your consent, we may retain your Personal Data if another legal basis for retention applies.

SECTION D: LINKEDIN SUBSCRIBERS

Personal Data we collect if you follow us, comment on our posts or contact us on LinkedIn:

Contact information: names, contact details reflected in communications you have with us via LinkedIn.
Professional information: Job titles, company information as reflected in interactions we have with you on LinkedIn.
Engagement Data: LinkedIn interaction data, connection information

Purposes and legal basis

If you follow us, comment on our posts or contact us on LinkedIn, we will process your personal data for the following purpose:

tracking the success rate of our post on LinkedIn
Professional networking and communication
Sharing industry updates and company news
Building professional relationships

Legal basis: legitimate interests in professional networking and business development (article 6(1)(f) GDPR).

Retention period for LinkedIn data

We retain LinkedIn interaction Personal Data for three years from the date of interaction, unless you unfollow our company page or request deletion of your data.

SECTION E: TRAINERS

Categories of Personal Data

Personal Data we collect if you are a trainer for an Edvance MedTech training course, seminar, conference or webinar (jointly: Edvance MedTech Educational Event):

Contact and identity information: Names, job titles, corporate and private email addresses, depending on which you use in your communication with us, work or private addresses depending on which you provide to us, telephone number.
Financial information: Bank account details for payment processing
Professional information: resume, professional background, LinkedIn profile, employer information, job title
Audio-Visual data: video recordings during training sessions, photographs for educational materials. Please note that such recordings may inadvertently capture personal data from a special category (including health information, religious beliefs, or ethnic origin as defined under article 9 GDPR).

Purposes and legal bases

Managing trainer relationships and contracts
Processing payments for training services
Delivering educational programs
Creating educational materials

Legal basis: our legitimate interest to run our educational programmes and to engage trainers (article 6(1)(f) GDPR).

Establishing, exercising or defending Edvance MedTech against legal claims

Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

If you provide a photo to us for educational or promotional materials or agree to act as a trainer in an Edvance MedTech Educational Event, you explicitly consent to us processing this photo and any personal data from a special category that can be derived from your photo.

Retention period

We retain trainer Personal Data for 10 years after contract termination to comply with tax obligations. Payment information is retained for 10 years as required by German tax law.

Audio-visual recordings are retained until the material becomes outdated and is replaced or until we stop issuing the course, whatever comes first.

SECTION F: EDUCATION PARTICIPANTS

If you participate in an Edvance MedTech training course, seminar, conference or webinar (jointly: Edvance MedTech Educational Event), we will process the following Personal Data about you:

Contact and identity information: Names, job titles, corporate or private email addresses, work addresses, employer information
Financial Information: Payment information, consisting of bank account details and names related to the account.
Audio-Visual Data: Video recordings during webinars, live video feeds during online events
Technical Data: Zoom, Teams, or Google Meet session details, app usage data
Educational Information: University diplomas and graduation certificates (with non-essential information redacted) or provision of a hyperlink to either an employer profile or LinkedIn profile detailing past experience, depending on the applicant’s preference, for young professional discount verification
Certificate Information: Certificate numbers, issuance dates, completion status, course titles and descriptions included in certificates
Your answers to questions in the Edvance MedTech educational environment
Any communications you may have in the Edvance MedTech educational environment.
If there is a group aspect included in your Edvance MedTech Educational Event we, and other participants, may process your name and any other personal data you share during the group interaction for the purpose of the educational aspect of the Edvance MedTech Educational Event.

Purposes and legal bases

Providing educational programs and training, issuing certificates of completion, managing certificate verification for third parties, processing certificate replacement requests, and maintaining certificate records

Legal basis: our legitimate interest in delivering educational services, providing educational credentials, and maintaining verification services (article 6(1)(f) GDPR).

Processing event registrations

Legal basis: our legitimate interest in managing and facilitating educational events (article 6(1)(f) GDPR)

Processing payments for services

Legal basis: contract performance where payment is made directly by the individual (article 6(1)(b) GDPR), otherwise legitimate interest in processing payments and running of our educational programs and running of our business (article 6(1)(f) GDPR).

Verifying young professional discount eligibility

Legal basis: our legitimate interest in verifying eligibility for discounts (article 6(1)(f) GDPR).

Establishing, exercising or defending Edvance MedTech against legal claims

Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

Visibility during online events

During live online events and webinars, your name, image (if camera is enabled), and other identifying information may be visible to other participants. By participating in these events, you acknowledge that other attendees will be able to see this information.

Certificate verification and third-party access

We may share certificate information with employers, professional bodies, or other organizations for verification purposes when requested by you or when required for professional accreditation. This includes confirming completion status, course details, and issuance dates. We will only share such information with appropriate verification of the requesting party’s legitimate need for the information.

Retention periods

We retain education participant Personal Data for two years after course completion to provide ongoing support and maintain educational records. Certificate information is retained for three years to enable verification and reissuance. Payment information is retained for 10 years as required by German tax law. Video recordings of sessions that include your personal data – if at all – are retained for 2 years unless consent is withdrawn earlier. University diplomas, graduation certificates and/or hyperlinks to employer profiles or LinkedIn accounts used for discount verification are deleted immediately after verification.

SECTION G: WEBSITE AND PLATFORM CONTACT

When you contact us via email, contact form on our website, or through our educational platform, we process the following Personal Data:

Contact and identity information: names, email addresses, phone numbers (if provided)
Communication content: your messages, inquiries, and any attachments you send
Technical data: IP addresses, timestamps of communications

Purposes and legal basis

We process your Personal Data for the following purposes:

Responding to your inquiries and providing customer support

Legal basis: our legitimate interest in providing customer service, analysing requests and responding to inquiries (article 6(1)(f) GDPR).

Establishing, exercising or defending Edvance MedTech against legal claims

Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

Marketing and business development: Following up with potential customers or sending information about services they inquired about.

Legal basis: our legitimate interest in business development and providing relevant information about our services (article 6(1)(f) GDPR).

Service improvement and analytics: Analyzing contact patterns, frequently asked questions, and communication trends to improve our services

Legal basis: our legitimate interest in improving our services and customer experience (article 6(1)(f) GDPR).

Quality assurance and training: Reviewing communications for staff training and quality control purposes

Legal basis: our legitimate interest in maintaining service quality and training staff (article 6(1)(f) GDPR).

Fraud prevention and security: Monitoring communications for suspicious activity or security threats

Legal basis: our legitimate interest in protecting our business and users from fraud and security risks (article 6(1)(f) GDPR).

Retention period

We retain contact communication Personal Data for two years after the last communication to provide ongoing support and maintain records of our interactions.

[the rest of this page was intentionally left blank]