Privacy policy
PRIVACY POLICY
Last updated: 2026
This Privacy Policy describes how GASTER Technology Limited ("GASTER Technology", "we", "us", or "our") collects, uses, and discloses personal information when you visit gastercontrol.com (the "Website") or interact with us. It complies with the General Data Protection Regulation (GDPR — Regulation EU 2016/679) and applicable Maltese data protection law.
NOT MEDICAL ADVICE: The content of the Website is provided for informational and educational purposes. It does not constitute medical advice and does not replace consultation with a healthcare professional. For any decision concerning your health, please consult your physician.
═══════════════════════════════════════════
1. Who we are — Data Controller
The data controller responsible for the processing of your personal information is:
Company: GASTER Technology Limited
Legal form: Limited Company incorporated under Maltese law
Registered office: 5/1 Merchants Street, Valletta VLT 1171, Malta
Director of publication: Alexandra Vorbauer
Contact: office@gastertechnology.com
═══════════════════════════════════════════
2. Scope of this policy
The Website is currently a B2B information and contact channel intended for healthcare professionals, distributors, hospitals, and industrial partners. We do not offer direct-to-consumer purchase on the Website. Some information addressed to the general public is published for educational and transparency purposes.
This policy covers personal information collected through:
- Browsing the Website (technical data, cookies)
- Subscription to our newsletter
- Contact forms and direct email exchanges
- Professional inquiries (distributors, healthcare professionals, partners)
═══════════════════════════════════════════
3. Personal data we collect
We collect only the data necessary for the purposes described in this policy. Depending on how you interact with the Website:
Identification and contact data
Name, surname, professional title, email address, telephone number, employer or institution, country.
Technical data
IP address, browser type and version, device type, operating system, referring URL, pages visited, time spent on pages, date and time of visit.
Communication data
Content of your messages when you contact us, attachments shared with us, history of exchanges.
Newsletter data
Email address, opt-in date, language preference, open and click data (aggregated).
Marketing analytics data (via cookies)
Anonymized or pseudonymized navigation data used to measure audience and improve content.
We do not collect health data or sensitive medical information from visitors. The Website does not host patient records or clinical study data.
═══════════════════════════════════════════
4. Purposes and legal bases for processing
We process your personal data only for specific purposes and on a defined legal basis under Article 6 GDPR:
Responding to your inquiries
Purpose: handle your questions, requests for information, partnership proposals.
Legal basis: pre-contractual measures at your request (Art. 6.1.b GDPR) or our legitimate interest in maintaining business relationships (Art. 6.1.f).
Sending the newsletter
Purpose: inform you about our scientific publications, congress activities, product updates.
Legal basis: your explicit consent (Art. 6.1.a GDPR), which you may withdraw at any time.
Managing professional relationships
Purpose: communicate with healthcare professionals, distributors, and partners about commercial, scientific, or regulatory matters.
Legal basis: performance of a contract (Art. 6.1.b) or our legitimate interest (Art. 6.1.f).
Improving the Website
Purpose: understand audience, identify content gaps, optimize navigation.
Legal basis: your consent for non-essential analytics cookies (Art. 6.1.a) or our legitimate interest for aggregated traffic data (Art. 6.1.f).
Marketing and remarketing
Purpose: show relevant content to professionals having shown interest, measure campaign effectiveness.
Legal basis: your consent (Art. 6.1.a), expressed via the cookie banner.
Legal obligations
Purpose: comply with applicable law, respond to legitimate requests from authorities.
Legal basis: legal obligation (Art. 6.1.c).
═══════════════════════════════════════════
5. Cookies and similar technologies
The Website uses cookies for three categories of purposes:
Strictly necessary cookies
Required for the Website to function (session management, security, language preference). No consent required.
Analytics cookies
We use Shopify native analytics and Google Analytics 4 to understand how visitors interact with the Website. These cookies are deposited only after your consent.
Marketing cookies
We may use marketing pixels (such as Meta or LinkedIn Insight Tag) to measure the effectiveness of professional campaigns. These cookies are deposited only after your consent.
You can manage your preferences at any time via the cookie banner displayed on your first visit and accessible from the Website footer.
═══════════════════════════════════════════
6. Who we share your data with — Data Processors
We share personal data only with carefully selected service providers acting as data processors under Article 28 GDPR. These providers process data on our behalf and under our instructions:
Shopify International Limited (Ireland)
Role: hosting of the Website and e-commerce platform.
Data shared: technical data, contact data, transaction data when applicable.
Privacy policy: privacy.shopify.com
Google LLC
Role: web analytics (Google Analytics 4).
Data shared: pseudonymized navigation data after consent.
Privacy policy: policies.google.com/privacy
Email service provider
Role: newsletter delivery, transactional emails.
Data shared: email address, name, opt-in metadata.
Marketing platforms (where applicable)
Role: professional advertising campaigns, retargeting after consent.
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
═══════════════════════════════════════════
7. International data transfers
Some of our service providers are established outside the European Economic Area (EEA), notably in the United States. When personal data is transferred outside the EEA, we ensure that the recipient provides an adequate level of protection through one of the following mechanisms:
- Adequacy decision of the European Commission for the recipient country;
- Standard Contractual Clauses adopted by the European Commission;
- Other appropriate safeguards recognized under Article 46 GDPR.
You may obtain a copy of the safeguards in place by contacting us at office@gastertechnology.com.
═══════════════════════════════════════════
8. How long we keep your data
We retain personal data only as long as necessary for the purposes described in this policy:
Contact and inquiry data: 3 years from the last interaction, then deleted or anonymized.
Newsletter subscription data: until you unsubscribe; logs of opt-in/opt-out kept for 3 years for compliance.
Professional relationship data: duration of the relationship plus 5 years for commercial documentation.
Accounting and tax records: 10 years, as required by Maltese law.
Cookies: lifetime defined per cookie, with a maximum of 13 months for analytics cookies.
═══════════════════════════════════════════
9. Your rights under the GDPR
You have the following rights regarding your personal data:
Right of access (Art. 15) — obtain confirmation that we process your data and receive a copy.
Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
Right to erasure (Art. 17) — request deletion of your data, subject to legal limits.
Right to restriction of processing (Art. 18) — request that we limit the use of your data.
Right to data portability (Art. 20) — receive your data in a structured, commonly used format.
Right to object (Art. 21) — object to processing based on legitimate interest or for direct marketing.
Right to withdraw consent — when processing is based on consent, withdraw it at any time.
To exercise these rights, contact us at office@gastertechnology.com. We will respond within one month of receipt, in accordance with Article 12 GDPR.
You also have the right to lodge a complaint with the competent national supervisory authority of your country of residence. The list of EU/EEA data protection authorities is available on the European Data Protection Board website: www.edpb.europa.eu
For users residing in Malta, the supervisory authority is the Office of the Information and Data Protection Commissioner (IDPC) — idpc.org.mt
═══════════════════════════════════════════
10. Specifics related to medical device communication
GASTER control® is a medical device bearing the CE mark, compliant with Regulation EU 2017/745 (MDR). This Privacy Policy covers personal data collected through the Website. It does not cover:
- Data collected by independent clinical investigators in the context of clinical studies (governed by specific protocols and informed consent procedures);
- Adverse event reporting collected through dedicated materiovigilance channels;
- Patient data collected by healthcare professionals using the device in their practice.
If you wish to report an adverse event related to GASTER control®, please contact us directly at office@gastertechnology.com and we will guide you through the appropriate reporting procedure.
═══════════════════════════════════════════
11. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include access controls, encryption in transit, and regular review of security practices. However, no security system is impenetrable; we cannot guarantee absolute security, and any transmission of information to us is at your own risk.
═══════════════════════════════════════════
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The updated version will be published on this page with a revised "Last updated" date. For material changes, we will notify you by appropriate means, such as a banner on the Website or, where you have subscribed, by email.
═══════════════════════════════════════════
13. Contact
For any question about this Privacy Policy or to exercise your rights, please contact:
GASTER Technology Limited
5/1 Merchants Street, Valletta VLT 1171, Malta
Email: office@gastertechnology.com
═══════════════════════════════════════════
Last updated: 2026