Privacy Statement

This Privacy Statement (“Privacy Statement”) applies exclusively to any personal data processing performed in connection with the iGrow educational website and platform iGrow (“iGrow” or “Service”). It shall inform visitors and users of iGrow or the Website (“User”, “You” or “Your”) about of the processing of personal data (“Personal Data”) in terms of article 4 No. 1 of the General Data Protection Regulation (“GDPR”) when using or visiting the iGrow or the Website. iGrow and the Website are provided by HOYA Surgical Optics GmbH (“HOYA”, “We”, “Us” or “Our”).

Data Controller
HOYA Surgical Optics GmbH, De- Saint-Exupéry-Str. 10, 60549 Frankfurt a.M., Germany, [email protected] acts as Controller in terms of data protection law when you visit the iGrow website and use the Service.
For any questions concerning the processing of Your Personal Data when visiting Our website or using Our Service, please reach out to us via [email protected] . You may also get in contact with Our Data Protection Officer via [email protected] .
Personal Data
We process when you are visiting the website or using iGrow and source of Personal Data.
To provide You with iGrow and all ancillary services on the website we may process the following categories of personal data:
1. Technical information, such as your IP address, browser type and version, operating system used, the internet service provider you are using, date and time of the server inquiry and the referring page you last visited.
2. Personally identifying and contact details, such as Your name, surname, E-Mail address.
3. Authentication data, that is necessary to log in onto the Service, such as Your E-Mail Address, password.
4. Data about how You use Our Service, such as number of videos played, feedback assessment.
Purposes and legal bases for data processing
We may process your Personal Data for specific purposes based on various legal bases when you are using iGrow. The Data processing serves the following purposes and on the following legal bases:
1. Provision of the website: If you are visiting the iGrow website, Your browser will contact our webserver to call-up our webpage. We process your Personal Data to deliver the requested webpage. This processing is technically necessary to provide you with the requested information and services, article. 6 (1) b GDPR.
2. Identification for Service: We process your Personal Data to verify You when You access Your user account. This processing technically necessary to provide You with the requested information and services, article 6 (1) b GDPR.
3. Improving Service: We process Your Personal Data to get a better general understanding of how our Service is used and what we can do to improve it. We, therefore, analyze aggregated user data obtained from Our Users while using the Service. The feedback data collected may be used to classify your experience. We do not create user profiles, perform individual analysis or anything alike for that purpose. That processing is based on our legitimate interest to improve the Service we provide to You, and we expect that it is also in your best interest to You a Service which meets Your requirements, article 6 (1) f GDPR.
4. Communication, Chat function: We will process Your Personal Data for any communication with You, for example when we need to contact You or when we answer any request from You. This processing is either necessary to answer any queries from you, article 6 (1) f GDPR, or to communicate with You in the context of provision of our Service, article 6 (1) b GDPR.
5. Exercising Our rights: Where reasonably necessary, We use your Personal Data to exercise any legal obligations, Our rights and prevent abuse of Our service. For example, We may use Your Personal Data to detect and prevent fraud, spam, or content that violates our Terms of Service.
6. Legal compliance: We may process Your Personal Data when We are required to do so by law or by court order. This might be the case, for example, if We are obliged to provide information to respond to a court order, article 6 (1) c GDPR.
7. IT-Security: To maintain the necessary level of security for Our Service, We may process Your Personal Data in connection with IT-security measures. That processing is based on Our legitimate interest to protect Our website as well as the users of it from third party attacks or fraudulent action, article 6 (1) f GDPR.
Disclosure of your data to third parties
1. Data transfers within Our group of companies: We may transfer personal data to other companies within Our group of companies or allow them access to this Personal Data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate entrepreneurial and business interests or takes place if it is necessary to fulfill Our contractual obligations or if the consent of the person concerned or a legal permit is available.
2. Data disclosure to third parties: We may share the information provided by You with third party service providers whose services are important for us to provide our services. As a result, Your Personal Data may be disclosed and if necessary transferred to the following recipients located inside and/or outside European Union:
  1. Webhosting: Our website is hosted by a web hosting provider (HOYA Medical Singapore Pte. Ltd. (Global Headquarter, HSO), 10 Biopolis Road, Chromos, Level Four, Singapore 138670 Singapore). The web hosting provider processes Your Personal Data to make Your visit at Our website possible. The host provider automatically logs the pages you visit in so-called “log files”. These log files will be used to ensure the security of Our website, in particular to prevent unauthorised interference with it, and to enable Us to exercise Our legal rights and obligations concerning such unauthorised interference.
  2. Every disclosure or transfer of Your Personal Data to third parties is governed by a Data Processing Agreement, Article 28 (3) GDPR.
3. Data processing in third countries: If We disclose or transfer Your Personal Data to third parties in third countries (outside EU/EEA) We make sure to strictly comply with the provisions of Chapter V of the GDPR. Unless the EU commission has issued an adequacy decision for a third country (where a third party processor is based), We are relying on Standard Contractual Clauses (SCC) to ensure sufficient protection of Your Data.
Cookies, Website Analytics and Marketing
We are deploying Analytic tools based on cookie-technology and other technologies to understand how iGrow is used and where and how We can improve it. We try to avoid processing Personal Data as far as possible for those purposes. Moreover, it is our explicit goal to provide You with a top-class educational service, that is tailored to Your needs. To achieve that goal, we also deploy technology that allows us to analyze your individual behavior and allows us to recommend content tailored to Your needs.
Of course, Our analysis is performed in accordance with applicable data protection law and We will, where necessary, ask for consent before processing Personal Data. You may find further information about all techniques for data analysis, processed data and applicable legal in Our Cookie Management Tool.
Retention period for your Personal Data
1. We will retain Your Personal Data only as long as necessary to achieve the specific purpose of collection. Thereafter, Your Personal Data will be deleted unless We have a sufficient legal basis to retain it for specific purposes.
2. In case We are legally obliged to retain certain documents that may contain any Personal Data, e.g. due to commercial law or tax retention obligations, We will retain the data but restrict the data processing, until the legal retention period expires and the documents (and Data) can be deleted.
Your rights as data subject
1. The Data Protection law grants several rights to data subjects. Please find below a short overview of Your rights. If You wish to exercise your rights, please get in touch with us via e-mail: [email protected] .

Your rights	Meaning
Your right to access	You have the right to obtain confirmation as to whether or not we process Personal Data of you. In case We process your Personal Data, you have the right to request access to your data and receive information regarding the processing of this data as well as getting a copy of it.
Your right to rectification	You have the right to demand rectification of inaccurate Personal Data about You.
Your right to erasure	Under certain conditions, You have the right to request deletion or removal of your Personal Data where there is no compelling reason for us to keep using it or its use is unlawful. You may find the aforementioned conditions in article 17 GDPR.
Your right to restrict processing	Under certain prerequisites, You have the right to request restriction of Processing of your Personal Data. When processing is restricted, we can still store Your Personal Information, but may not use it beyond that. You will find the aforementioned prerequisites in article 18 GDPR.
Your right to data portability	You have the right to receive a copy of your Personal Data in a structured, commonly used and machine-readable format
Your right to object	If we are processing your Personal Data on the legal basis of a legitimate interest (Article 6 (1) f GDPR), You have the right to object to the processing, for reasons relating to your particular situation, at any time.
Your right to object	We will then stop processing your Personal Data, unless we are able to demonstrate compelling legitimate grounds for the processing which override Your interests or the processing is necessary for the establishment, exercise or defence of legal claims.
Your Right to lodge a complaint	You have the right to lodge a complaint with a competent supervisory authority.