Privacy Policy

We appreciate your interest in our services and your visit to our website.

Data protection on the websites of Surgical Process Institute Deutschland GmbH

We are committed to ensuring data protection and data security when you visit our website. Therefore, we would like to inform you which of your personal data we collect when you visit our website and which purposes we use these data for.

This privacy policy applies to the online offer of Surgical Process Institute Deutschland GmbH, found on the website under the domain name “” (hereinafter: “our website”).

This privacy policy can be viewed, saved and printed out any time by going to Since amendments to the law or changes to our internal company processes may require an amendment of this privacy policy, we kindly ask you to regularly read this privacy policy.

Data controller

Surgical Process Institute Deutschland GmbH, Universitätsstraße 14, 04109 Leipzig, (for detailed contact information see the imprint: is the “controller” in accordance with the applicable data protection law, in particular the EU General Data Protection Regulation (GDPR) for the processing of personal data on these websites.

Personal data

Personal data are information that provides personal or factual details about you (e.g. name, address, can be used for it, telephone number, date of birth or e-mail address). Information which does not allow us to identify you (or it can be done only with disproportionate effort), e.g. due to anonymization of the information, is not personal data.

Which personal data do we collect and process?

You can visit our websites without telling us who you are and without providing your personal data to us (e.g. name, address, telephone number or e-mail address), unless you voluntarily provide this information to us or relevant legislation on the protection of your data allows for this.

Intended purpose

We will only collect, process and use the personal data you provide to us online for the purposes disclosed to you.

Some data that we may collect from you is necessary so that we:

  • can provide to you the services you desire;
  • can perform our contracts with you;
  • can adhere to legal requirements (e.g. billing).

If we collect data directly from you, we may ask you for your consent, if necessary, and clearly identify mandatory information (e.g. by an asterisk (*)). You provide all other, unmarked information to us voluntarily.

Legal bases

The legal bases for the processing of your data could be the following:

  • your consent to the use of data in accordance with Art. 6 (1) lit. a) GDPR;
  • the performance of our service obligations arising from contracts concluded with you in order to provide the services you request in accordance with Article 6 (1) lit. (b) GDPR;
  • our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR, e. g.
    • our business interests in improving our services so that we can better understand your needs and expectations and thus improve the services we provide to you;
    • to prevent fraud and to ensure that our websites are used completely and without any fraudulent behaviour;
    • to ensure and guarantee the security of our services, making sure that our offer is technically secure and properly functioning;
    • to ensure and enforce our contractual requirements and claims.
  • Legal reasons in accordance with Art. 6 (1) lit. c) GDPR if collection, storage, transfer or other processing of data is prescribed by law or processing is necessary to fulfil our legal obligations.

Disclosure of data

We will neither sell or market your personal data to third parties, nor will we disclose them for other reasons, unless specified otherwise in this privacy policy. In addition to the other cases specified in this privacy policy, your personal data are disclosed without your express prior consent only in the following cases:

  • If this is necessary to investigate any illegal or abusive [sic: use?] of our websites or to take legal action, personal data are disclosed to the law enforcement authorities and to injured third parties, if applicable. However, this will only happen if there is specific evidence of illegal or abusive behaviour. In addition, we are required by law to provide information to certain public authorities on request. These include law enforcement authorities, authorities that prosecute administrative violations, and tax authorities.
  • Data may be disclosed to a third party sworn to professional secrecy if this is required to enforce the contractual terms or other agreements and our claims from contracts that you concluded with us.
  • On occasion, we rely on contracted external companies and external service providers to provide our service, for example, in the scope of contract performance or hosting. In such cases, information is disclosed to these companies or individuals to enable further processing by them. These external service providers are carefully chosen by us and regularly reviewed to ensure that your privacy is maintained, and they may only use the data for the purposes specified by us. Moreover, they are contractually bound to handle your data exclusively in the scope of this privacy policy and German data protection laws.
  • As our business continues to develop, the structure of our company may change in that its legal form changes, subsidiaries, company divisions or business units are established, bought or sold. In such transactions, the customer information will be passed on with the transferred part of the company, with your consent. Any time personal data are disclosed to third parties in the scope described above, we will ensure that continued use will be in adherence to this privacy policy and the relevant data protection laws and will ask for your consent.

Use of cookies

We do not create personal user profiles. In connection with the retrieval of the information you request, data are stored on our servers only in an anonymized form for the provision of our various services or for analysis purposes. In this process, general information is logged, e.g. when and which content of our website was visited or which pages are visited most frequently. For these purposes, we use “cookies” (small text files with configuration information). The cookies are used in particular to determine the frequency of use and the number of users of our website. This helps us find out which area of our website and which other websites our users have visited.

However, these usage data cannot be traced back to the user. All these usage data collected in anonymized form are not combined with your personal data and are deleted immediately after the end of statistical analysis.

Moreover, our websites do not store cookies that do not have purely technically needed functions and serve for the proper functioning of our websites, if you did not previously agree to this. For this purpose, you have to agree to the storage of cookies by choosing the types of cookies you would like or accept and clicking on “Accept” in the banner containing the information about the storage of cookies. For more information about the specific types of cookies we use and how you can adjust the use of individual types of cookies and agree or refuse their use go to your cookie settings.

The legal bases for this data processing are Art. 6 (1) lit. f GDPR (which allows processing of data to guarantee legitimate interests of the data controller) and Art. 6 (1) lit. a GDPR (which allows data processing based on your consent).

Most browsers are set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser to inform you before saving cookies. Users who do not accept cookies may not be able to access certain areas of our websites.


We may use plugins of the YouTube video portal on our websites. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our YouTube plugin-enabled websites, a connection to the YouTube server will be established. The YouTube server will be informed about which of our pages you visited.

If you are logged in your YouTube account, you allow YouTube to associated your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of presenting our online offers in an attractive manner. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

For more information about the handling of user data see YouTube’s privacy policy at:

Google Maps

We may use the Google Maps service via an API on our websites. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the Google Maps functions it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission.

Google Maps are used in the interests of presenting our online offers in an attractive manner and to easily find the locations we specify on our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

For more information about the handling of user data see Google’s privacy policy:

Server log data

Your visit to our websites is automatically logged by our web server.

In connection with the retrieval of the information requested by you from our websites, data are collected for the provision of our various services or for analysis and security purposes, and stored, if necessary, in anonymized form (without personal reference). The web servers we use automatically store data about the retrieval of our websites in server log files. These data are:

        • IP address
        • referrer URL (the website from which you visited us)
        • time of server request
        • host name of the accessing device (name of your Internet service provider)
        • browser type and browser version
        • operating system used and its settings.

The processing of the above data is done for security purposes, for general fraud prevention and as a precaution against attacks on our websites. There is no automated merger of this data with data from other data sources.

If your IP address is logged automatically as well, it will be automatically deleted at the latest after 7 days.

Other than that, only general information is collected, e.g. when and which content is retrieved from our website or which pages are visited most frequently, the names of the requested files and their retrieval date and time. These data are evaluated to improve our websites and do not allow use to identify you personally.

We will not use this information for any other purpose.

The legal basis for the data processing is Art. 6 (1) lit. f GDPR, which allows the processing of data to guarantee legitimate interests of the data controller.

Data storage

We store personal information you submit to us only for as long as is necessary to fulfil the purposes for which such information was transmitted, or as required by law:

  • if you conclude contracts with us, we store and process your personal data for the duration of the contractual relationship and beyond for the fulfilment of post-contractual obligations and handling of issues as well as for the duration of statutory retention periods (maximum 10 years);
  • If you have consented to the promotional use of your e-mail address, we will store your e-mail address in our mailing database until you unsubscribe, requesting us to delete the data;
  • If you send us an enquiry, we process your personal data while we handle your request.

If we no longer need your personal data, we will delete them from our systems and records or anonymize them so that you can no longer be identified.

We may retain certain personal data in order to comply with our legal and regulatory obligations and to allow us to manage our rights (for example, to enforce our claims in court) or for statistical purposes (in anonymized form).

Data security

We use SSL encryption for secure transmission of your personal data. This form of transmission is acknowledged as a secure form of data transmission according to current knowledge. We endeavour to take technical and organizational security measures to protect your personal data against unintentional or unlawful deletion, modification or loss, and against unauthorized disclosure or unauthorized access. Our employees are bound by confidentiality and privacy, accordingly.

To avoid loss or misuse of the data we store, we take extensive technical and organizational security measures that are periodically reviewed and adapted in line with technological progress. As far as it is within our sphere of influence, we use modern encryption techniques as well as a large number of other measures especially to prevent the unauthorized access by third parties. You can identify an encrypted connection by the fact that the address line in the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When SSL/TLS encryption is enabled, the data you exchange with us cannot be read by third parties.

We point out, however, that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our area of responsibility. In particular, unencrypted disclosed data, even if disclosed by e-mail, can be read by third parties. We have no technical influence over this. In such cases, it is the responsibility of the user to protect the data provided by him against misuse through encryption or in another manner.


If you have any questions or comments regarding the handling or use of your personal data or if you wish to receive information about the data stored about you or if you would like to exercise your above-mentioned rights, please contact:

Surgical Process Institute Deutschland GmbH
Kreuzstrasse 5
04103 Leipzig

T +49 341 308674 – 0

You can also use our contact details for other general enquiries and contact requests.

If you do this, we will collect and process your contact information. You can generally decide yourself which data you provide to us when you contact us. We use your data in this case we use your data exclusively to respond to your enquiry.

These data are processed on the basis of your consent and to perform legal obligations, as well as to protect the legitimate interest of Surgical Process Institute Deutschland GmbH as the provider of these websites.

Your rights as a data subject

As a data subject in data processing, you have the following rights specified in this section.

If you would like to exercise one of your rights indicated below, please contact us using the contact details in the “Contact” section below.

Please note that we may request proof of identity and full details of your request before we can process your request.

Information, restriction of processing and erasure

In the scope of the applicable legal provisions, you have the right at any time to receive information free of charge about the data about you that is stored, its origin and recipient, and the purpose of the data processing. In the presence of certain prerequisites, you may also have the right to correction of incorrect data, as well as restriction of processing and erasure of the data.

Withdrawal of your consent to data processing

Some forms of data processing are possible only on the basis of your express consent. You can withdraw previously granted consent at any time. The legality of the processing before withdrawal is not affected.

Right to data portability

With regard to data that we process automatically on the basis of your consent or in performance of a contract, you generally have the right to have them provided to you or to a third party in a commonly used, machine-readable format. If you request direct transmission of these data to a third party, this will be done only where technically feasible with reasonable effort.

Right to lodge a complaint with the competent supervisory authority

In case of data protection violations on our part, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority in matters of data protection in charge of the activities of Surgical Process Institute Deutschland GmbH is the Saxon Data Protection Officer (SaxonDPO), which can be contacted using the contact details at the following link:

Operational data protection officer of Surgical Process Institute Deutschland GmbH

EU Data Protection Officer of Johnson & Johnson family of companies: .

Hyperlinks to other websites

Our website contains hyperlinks to websites of other providers. When activating these links you are redirected from our website to the website of the other provider directly. In connection with these links to external companies and other third parties, Surgical Process Institute Deutschland GmbH is not responsible for the data privacy requirements or the content of these websites.


Version: 2.0