Effective Date 7/18/18
EU-U.S. Privacy Shield
ulrich is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to any third party acting on its behalf. ulrich complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including onward transfer liability provisions.
With respect to the personal data received or transferred pursuant to the Privacy Shield Framework, ulrich is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, ulrich may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Individuals have the right to access the personal information that ulrich medical USA, Inc. holds and are able to correct, amend or delete aid information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of person other than the individual would be violated.
In compliance with the Privacy Shield Principles, ulrich medical USA, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquires or complaints regarding our Privacy Shield policy should first contact ulrich medical USA, Inc. at:
firstname.lastname@example.org or email@example.com or by postal mail at 18821 Edison Ave. Chesterfield, MO 63005.
ulrich medical USA, Inc. has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
If you have an unresolved privacy or data use concern that has not been satisfactorily addressed, please contact our third party dispute resolution provider. You are free to lodge a complaint with a regulatory authority if you think that our processing of your personal data infringes the European General Data Protection Regulations or other national and international data protection laws. Any findings of this DPA will be considered binding arbitration.
Contact details of the competent regulatory authority for our company are as follows:
Bavarian State Office for Data Protection Supervisory Authority (BayLDA)
91522 Ansbach, Germany
Phone: +49 (0) 981 53 1300 Fax: +49 (0) 981 53 98 1300
Personal Information collected and how it is used
Information collected domestically from our end-users:
ulrich receives limited personal data regarding product end-users, typically limited to initials (at times last names) and dates of birth. The data is collected by ulrich’s customer base and is transmitted to ulrich via email.
ulrich does not collect data directly from end-users. ulrich’s website does not collect any personal information. Information collected is used to verify product use and sale between ulrich and its customer base and to respond to customer service requests.
Information collected or accessible from our parent company:
ulrich receives and has access to GmbH employee contact information such as name, email address and phone number. Information shared between ulrich and GmbH is used to respond to customer service requests.
Goods and Service Provider Collection and Use
ulrich collects information under the direction of its clients and has no direct relationship with the individuals whose personal data it processes. Given the intercompany nature of the relationship between ulrich and GmbH, ulrich’s use and access to GmbH employee contact information is limited to and for use in maintaining normal business operations.
ulrich periodically utilizes third party service providers for such things as IT and regulatory consulting. Personal information is shared only as necessary for the third party to provide that service.
As required by law, such as to comply with a subpoena or similar legal request, when ulrich believes in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, personal data may be disclosed.
Should ulrich become involved in any merger, acquisition, or sale of all or a portion of its assets, personal data owners will be notified by email (if possible) or a prominent notice on the ulrich website of any change in ownership or uses of personal information. In certain situations, ulrich may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Access to Personal Information
Upon request, ulrich will provide an individual with information about whether ulrich holds or processes on behalf of a third party, any of that individual’s personal information. To request this information, please contact ulrich’s VP, Finance and Administration at firstname.lastname@example.org or ulrich’s Systems Manager at email@example.com, or by contacting ulrich via postal mail at the contact information below. ulrich will respond to your request within 30 days.
ulrich will retain personal data as long as needed to provide services to our clients and as long as necessary to comply with ulrich’s legal obligations, resolve disputes and enforce agreements.
ulrich collects information for its clients and/or in accordance with its business relationship with its parent company. If an individual is a customer of one of ulrich’s (or ulrich medical GmbH’s) clients or an employee of GmbH and would no longer like his or her information to be shared with ulrich, that individual should contact ulrich’s client or GmbH, respectively, whichever entity that individual interacts with directly.
If an individual has direct interaction with ulrich and would no longer like his or her information to be shared with a third party not covered by an ulrich service agreement or would like to opt out should their information be found to be used for a materially different purpose than which it was originally collected or subsequently authorized by the individual, that individual should contact the ulrich contacts above.
ulrich may transfer personal information to companies that help it conduct its business. Transfers to subsequent third parties are covered by ulrich’s service agreements with our clients.
Access to Data Controlled by ulrich’s Clients
ulrich has no direct relationship with the client’s customers with whom ulrich may have some personal data. An individual who seeks access to, who seeks to correct, amend, or delete inaccurate data should direct his or her inquiry to ulrich’s client, with whom they have direct interaction.
While ulrich’s website is not designed to collect information from its visitors, certain information is gathered automatically. This information may include IP addresses, browser type, service providers, page visits, operating system, date/time stamp, and data to analyze commercial trends and to administer the site.
The security of personal information is important to ulrich. ulrich follows generally accepted standards to protect personal information received by ulrich. However no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, security cannot be guaranteed. If you have questions about security on ulrich’s website or otherwise, please contact ulrich’s VP, Finance and Administration at firstname.lastname@example.org or ulrich’s Systems Manager, email@example.com or by contacting ulrich via postal mail at the contact information below. ulrich will respond to your request within 30 days.