Privacy notice

Last updated: 11 November, 2025 

Below you find the privacy notice of Edvance MedTech gGmbH (hereinafter referred to as “Edvance MedTech”, “we”, “us”, “our”). In this document, we describe how we handle your personal data. This privacy notice consists of a general part that is always applicable and a specific part addressing the various context in which we process personal data. Please select the sections that apply to you. 


SECTION A: GENERAL INFORMATION


Definitions

For the purposes of this Privacy Notice, the following definitions apply:

  • GDPR: The General Data Protection Regulation (EU) 2016/679, which is the primary data protection law in the European Union governing the processing of personal data.
  • Personal Data: Any information relating to an identified or identifiable natural person ('data subject'). 
  • Controller: The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, Edvance MedTech gGmbH is the controller.
  • Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Transfer: Any disclosure, communication, transmission, or making available of personal data to recipients outside the European Economic Area (EEA), including to third countries or international organizations.


Controller

The data controller responsible for your personal data is:

Edvance MedTech gGmbH
Simeonscarré 2, 32423 Minden, Germany
Email: privacy@edvance-medtech.com 

Recipients

We may share your data with trusted service providers who assist us in operating our services, including:

  • Video conferencing platforms (Zoom, Microsoft Teams, or Google Meet)
  • The educational platform that we use to provide education beyond the webinars
  • Payment processors
  • Cloud hosting providers
  • Email service providers
  • Technical support providers
  • Chat and customer support services
  • Content delivery and security provider

We would be happy to provide a full list of processors upon your request. If we collaborate with educational institutions or non-profits for a specific course, we will update this privacy notice to reflect this per course.  


Data Location


Your personal data is hosted and stored in Germany, ensuring compliance with European data protection standards. 


International Transfers


Depending on the video conferencing platform used for our services, your Personal Data may be subject to Transfers to an organisation established outside the EEA. For transfers to the United States, we rely on the EU-US Data Privacy Framework adequacy decision where applicable. Where the EU-US Data Privacy Framework does not apply, there is no adequacy decision for the United States, and we use Standard Contractual Clauses (2021/914/EU) for such transfers to ensure the sharing of data meets the standards set in the European Union. You can obtain a copy of these clauses via the contact details at the end of this notice. 


In particular, we will apply the following transfer measures:

  • Zoom: Data may be transferred to the United States. Zoom provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.
  • Microsoft Teams: Data may be transferred to various countries where Microsoft operates data centers. Microsoft provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.
  • Google Meet: Data may be transferred to countries where Google operates its infrastructure. Google provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.
  • Vimeo: Data may be transferred to the United States where Vimeo operates its infrastructure. Vimeo provides appropriate safeguards through Standard Contractual Clauses and maintains certifications under relevant data protection frameworks.

We ensure that any Transfer of your Personal Data is conducted in accordance with applicable data protection laws and with appropriate safeguards in place.

 

Cookies 
See the  explanation about our use of cookies in our [hyperlink: cookie policy]

 

Data subject rights

Under applicable data protection laws, you have the following rights:-               

  • Right of access: Request information about the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data under certain circumstances
  • Right to restrict processing: Request limitation of data processing under certain conditions         
  • Right to data portability: Request transfer of your data to another controller             
  • Right to object: Object to processing based on legitimate interests or for direct marketing


If processing, as described in this privacy notice, takes place on the basis of consent, you have the right to withdraw his or her consent to the processing of personal data concerning him or her. This has no consequences for processing that took place prior to the revocation of that consent. The personal data that we have processed up to that moment will be removed, unless another processing basis is applicable to the processing that justifies the storage of the personal data.

Marketing Opt-out: You have the right to opt out of direct marketing communications at any time by using the unsubscribe link in our emails or contacting us directly. You can also object to the use of your Personal Data for marketing purposes through cookie settings and third-party opt-out mechanisms.

To exercise these rights, please contact us using the contact information provided below. 

Complaints

If you do not agree with the way in which we process your personal data or if you have any questions about the processing of your personal data or this privacy notice, we kindly request you to contact us at privacy@edvance-medtech.com. If we are unable to resolve this issue, or if you prefer not to discuss your complaint with us, you have at all times the right to contact the data protection authority for Nordrhein-Westfalen, the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen:

Postfach 20 04
4440102 Düsseldorf
poststelle@ldi.nrw.de
https://www.ldi.nrw.de/ 

Obligatory Provision of Personal Data

The provision of Personal Data may be required by law, contractual obligation, or necessary to enter into a contract with us. Where Personal Data is required to enter into an agreement, failure to provide such data may result in our inability to provide the requested services or enter into the contract. We will inform you at the point of data collection whether the provision of Personal Data is mandatory and the possible consequences of not providing such data. 

Business Transfers

In the event that we sell, transfer, or otherwise dispose of our business or assets, or if we undergo a merger, acquisition, or similar transaction, your Personal Data may be transferred to the acquiring party. We will notify you of any such transfer and inform you of your choices regarding your Personal Data, including the option to have your data deleted before the transfer. 

Automated Decision-Making and Profiling

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, except for the automated determination of pass/fail results for our educational courses based on your answers to multiple-choice questions. This automated processing is limited to evaluating test responses against predetermined correct answers and does not involve complex algorithms or profiling. Certificates for completion will be issued automatically, based on a pre-determined percentage of correct answers to the aforementioned questions which will be communicated at the start of the course. 

Should this change in the future, we will update this Privacy Notice and provide you with meaningful information about the logic involved, the significance and envisaged consequences of such processing, and your rights in relation to automated decision-making. 

Changes to this privacy notice

We may update this Privacy Notice from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes through our website or other appropriate communication channels. We will inform you about changes that apply to your specific situation. 

Contact information and complaints

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us at:

Edvance MedTech gGmbH 
Simeonscarré 2 32423 Minden, Germany 
Email: info@edvance-medtech.com 


SECTION B: RESEARCH PARTICIPANTS AND APPLICANTS


 Personal Data categories

With respect to research applications and conducting of research, we process the following personal data of (potential) researchers: 

  • Contact and identity information: names, job titles, professional titles, corporate and/or private email addresses, work addresses, employer information
  • Professional information: resumes, professional background
  • Research contributions: research data, applications, and related materials


Purposes and legal basis

With respect to research applications and conducting of research, we process Personal Data for the following purposes:

  • Conducting and managing research in the area of medical devices.Legal basis: our legitimate interest in conducting medical device research and advancing scientific knowledge (article 6(1)(f) GDPR). 
  • Assessing and deciding on research applications and managing funded projects. Legal basis: our legitimate interests in evaluating research proposals and managing research programs (article 6(1)(f) GDPR). 
  • Managing researcher relationships and funding relating to research led by individual researchers. Legal basis: contract performance where we have a direct relationship with you instead of your employer (article 6(1)(b) GDPR) and our legitimate interest in managing research and providing of funding otherwise (article 6(1)(f) GDPR).  
  • Establishing, exercising or defending Edvance MedTech against legal claims. Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).


Retention period for research data

We retain research fellow Personal Data for 10 years after project completion to comply with research documentation requirements and potential follow-up studies. Application materials are retained for 3 years after the application process concludes. Payment information, where applicable, is retained for 10 years as required by German tax law.

Notwithstanding the retention periods specified above, we may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, resolve disputes, or comply with legal obligations. In such cases, Personal Data will be retained only for as long as necessary for these purposes and will be subject to appropriate safeguards.


SECTION C: NEWSLETTER SUBSCRIBERS


Personal Data categories

In order to send you our newsletter, we will process:

  • Contact information: e-mail addresses, names (if provided)

If you are also a customer of Edvance MedTech, we will also process: 


Processing purposes

  • Sending newsletters and updates about our services or news that may interest you and managing your user preferences, and
  • Providing updates on relevant industry developments and research undertaken by Edvance MedTech. Legal basis: consent (article 6(1)(a) GDPR), except if you are an existing customer of Edvance MedTech or receiving funding from Edvance MedTech, in which case the legal basis will be our legitimate interest to inform you about our services and products similar to those you have previously purchased or received funding for. 
  • Establishing, exercising or defending ourself against legal claimsLegal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR). 
  • Analyzing engagement for service improvement Legal basis: our legitimate interest in improving our services (article 6(1)(f) GDPR). 


Retention period

If you are an Edvance MedTech customer or a researcher undertaking research with Edvance Medtech, we retain your Personal Data for two years after the last contact or communications, unless you indicate you want to continue receiving our newsletter.
If you are just a subscriber to our newsletter, we will retain your Personal Data until this purpose until you unsubscribe from our newsletter. If you withdraw your consent, we may retain your Personal Data if another legal basis for retention applies.

 


SECTION D: LINKEDIN SUBSCRIBERS


Personal Data we collect if you follow us, comment on our posts or contact us on LinkedIn

  • Contact information: names, contact details reflected in communications you have with us via LinkedIn.
  • Professional information: Job titles, company information as reflected in interactions we have with you on LinkedIn. 
  • Engagement Data: LinkedIn interaction data, connection information


Purposes and legal basis

If you follow us, comment on our posts or contact us on LinkedIn, we will process your personal data for the following purpose:

  • Tracking the success rate of our post on LinkedIn
  • Professional networking and communication
  • Sharing industry updates and company newsBuilding professional relationships. 

Legal basis: legitimate interests in professional networkingand business development (article 6(1)(f) GDPR).


Retention period for LinkedIn data

We retain LinkedIn interaction Personal Data for three years from the date of interaction, unless you unfollow our company page or request deletion of your data.



SECTION E: TRAINERS 


Categories of Personal Data

Personal Data we collect if you are a trainer for an Edvance MedTech training course, seminar, conference or webinar (jointly: Edvance MedTech Educational Event): 


  • Contact and identity information: Names, job titles, corporate and private email addresses, depending on which you use in your communication with us, work or private addresses depending on which you provide to us, telephone number. 
  • Financial information: Bank account details for payment processing[Cv1]
  • Professional information: resume, professional background, LinkedIn profile, employer information, job title
  • Audio-Visual data: video recordings during training sessions, photographs for educational materials. Please note that such recordings may inadvertently capture personal data from a special category (including health information, religious beliefs, or ethnic origin as defined under article 9 GDPR). 


Purposes and legal bases

  • Managing trainer relationships and contracts
  • Processing payments for training services
  • Delivering educational programs 
  • Creating educational materials.Legal basis: our legitimate interest to run our educational programmes and to engage trainers (article 6(1)(f) GDPR). 
  • Establishing, exercising or defending Edvance MedTech against legal claims. Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).

If you provide a photo to us for educational or promotional materials or agree to act as a trainer in an Edvance MedTech Educational Event, you explicitly consent to us processing this photo and any personal data from a special category that can be derived from your photo.

Retention period 

We retain trainer Personal Data for 10 years after contract termination to comply with tax obligations. Payment information is retained for 10 years as required by German tax law. 

Audio-visual recordings are retained until the material becomes outdated and is replaced or until we stop issuing the course, whatever comes first.  

Notwithstanding the retention periods specified above, we may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, resolve disputes, or comply with legal obligations. In such cases, Personal Data will be retained only for as long as necessary for these purposes and will be subject to appropriate safeguards. [Cv1]Should I take this out in full? 


SECTION F: EDUCATION PARTICIPANTSVery large text.


If you participate in an Edvance MedTech training course, seminar, conference or webinar (jointly: Edvance MedTech Educational Event), we will process the following Personal Data about you:    


  • Contact and identity information: Names, job titles, corporate or private email addresses, work addresses, employer information.
  • Financial Information: Payment information, consisting of bank account details and names related to the account.
  • Audio-Visual Data: Video recordings during webinars, live video feeds during online events.
  • Technical Data: Zoom, Teams, or Google Meet session details, app usage data.
  • Educational Information: University diplomas and graduation certificates (with non-essential information redacted) or provision of a hyperlink to either an employer profile or LinkedIn profile detailing past experience, depending on the applicant’s preference, for young professional discount verification.
  • Certificate Information: Certificate numbers, issuance dates, completion status, course titles and descriptions included in certificates.
  • Your answers to questions in the Edvance MedTech educational environment.
  • Any communications you may have in the Edvance MedTech educational environment.
  • If there is a group aspect included in your Edvance MedTech Educational Event we, and other participants, may process your name and any other personal data you share during the group interaction for the purpose of the educational aspect of the Edvance MedTech Educational Event. 


Purposes and legal bases

  • Providing educational programs and training, issuing certificates of completion, managing certificate verification for third parties, processing certificate replacement requests, and maintaining certificate records. Legal basis: our legitimate interest in delivering educational services, providing educational credentials, and maintaining verification services (article 6(1)(f) GDPR).
  • Processing event registrations. Legal basis: our legitimate interest in managing and facilitating educational events (article 6(1)(f) GDPR)
  • Processing payments for services. Legal basis: contract performance where payment is made directly by the individual (article 6(1)(b) GDPR), otherwise legitimate interest in processing payments and running of our educational programs and running of our business (article 6(1)(f) GDPR).
  • Verifying young professional discount eligibility. Legal basis: our legitimate interest in verifying eligibility for discounts (article 6(1)(f) GDPR).
  • Establishing, exercising or defending Edvance MedTech against legal claims.Legal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR). 


Visibility during online events


During live online events and webinars, your name, image (if camera is enabled), and other identifying information may be visible to other participants. By participating in these events, you acknowledge that other attendees will be able to see this information. 

Certificate verification and third-party access

We may share certificate information with employers, professional bodies, or other organizations for verification purposes when requested by you or when required for professional accreditation. This includes confirming completion status, course details, and issuance dates. We will only share such information with appropriate verification of the requesting party's legitimate need for the information. 

Retention periods

We retain education participant Personal Data for two years after course completion to provide ongoing support and maintain educational records. Certificate information is retained for three years to enable verification and reissuance. Payment information is retained for 10 years as required by German tax law. Video recordings of sessions that include your personal data – if at all - are retained for 2 years unless consent is withdrawn earlier. University diplomas, graduation certificates and/or hyperlinks to employer profiles or LinkedIn accounts used for discount verification are deleted immediately after verification.

Notwithstanding the retention periods specified above, we may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, resolve disputes, or comply with legal obligations. In such cases, Personal Data will be retained only for as long as necessary for these purposes and will be subject to appropriate safeguards. 


SECTION G: WEBSITE AND PLATFORM CONTACTVery large text.


 When you contact us via email, contact form on our website, or through our educational platform, we process the following Personal Data:    


  • Contact and identity information: names, email addresses, phone numbers (if provided)
  • Communication content: your messages, inquiries, and any attachments you send
  • Technical data: IP addresses, timestamps of communications
  • Website usage data: pages visited, referring sites, exit pages, time spent on pages
  • Browser and device information: browser type and version, operating system, device identifiers


Purposes and legal basis

We process your Personal Data for the following purposes:

  • Responding to your inquiries and providing customer supportLegal basis: our legitimate interest in providing customer service, analysing requests and responding to inquiries (article 6(1)(f) GDPR). 
  • Establishing, exercising or defending Edvance MedTech against legal claimsLegal basis: our legitimate interest in establishing, exercising or defending legal claims (article 6(1)(f) GDPR).
  • Marketing and business development: Following up with potential customers or sending information about services they inquired about. Legal basis: our legitimate interest in business development and providing relevant information about our services (article 6(1)(f) GDPR). 
  • Service improvement and analytics: Analyzing contact patterns, frequently asked questions, and communication trends to improve our servicesLegal basis: our legitimate interest in improving our services and customer experience (article 6(1)(f) GDPR). 
  • Quality assurance and training: Reviewing communications for staff training and quality control purposesLegal basis: our legitimate interest in maintaining service quality and training staff (article 6(1)(f) GDPR). 
  • Fraud prevention and security: Monitoring communications for suspicious activity or security threatsLegal basis: our legitimate interest in protecting our business and users from fraud and security risks (article 6(1)(f) GDPR).


Retention period


We retain contact communication Personal Data for two years after the last communication to provide ongoing support and maintain records of our interactions.

Notwithstanding the retention periods specified above, we may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, resolve disputes, or comply with legal obligations. In such cases, Personal Data will be retained only for as long as necessary for these purposes and will be subject to appropriate safeguards.