EU Privacy Policy
Last Updated Date:2025-03-23 Effective Date:2025-03-24
This Privacy Policy is for individuals within the European Economic Area, United Kingdom, and Switzerland. If you are residents in the United States, you can read this versionof the Privacy Policy; or this version of the Privacy Policy, if you are in other jurisdictions.
Cornerstone Robotics Limited and affiliated companies (hereafter referred to as “Cornerstone Robotics”, “we”, “our” or “us”) is committed to protecting and respecting the privacy of your personal data. This Privacy Policy (the “Policy”) explains how we will collect, store, use, and share (“process”) your personal data as the data controller in accordance with the EU General Data Protection Regulation (“GDPR”) when you visit our website (the “Website”).
Please note, the Website may involve integrations with websites and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not us and subject to the third party’s privacy policy. Please read their privacy policies or other documentation. Our linking to another site or service doesn’t mean we endorse that third party.
Our mission and focus are to operate transparently in a way that protects the rights and preserves the trust of everybody whose personal data we use. With this objective, our general use and collection of personal data is guided by the following principles:
• We comply with all applicable data privacy laws and regulations
• We do not sell your personal data to anyone
• We store data with industry-standard information technology and cloud services, following industry standard practices to maintain confidentiality, integrity and availability.
1. Collection and Use of Personal Data
No. | What we collect | How we use it and legal basis |
(1) | Information that we collect through your use of the Website including: • Date and time of requests. | We use this information, including to: • Identify the issues and abnormal status, ensure the stability and security of the Website, and meet compliance obligations
The legal basis for the processing is the safeguarding of the legitimate interests of us as the website operator (Art. 6 para. 1 lit. f GDPR). |
(2) | Information when you communicate with us, whether in person, through the Website, via email or over the phone, including: • City; • Nationality; • Your message sent to us, such as the service you selected and your problem; | We use this information, including to:
The processing of your personal data is based on your consent (Art. 6 para. 1 lit. a GDPR), the performance of a contract (Art. 6 para. 1 lit. b GDPR) or on our legitimate business interests in processing your comments and feedback (Art. 6 para 1 lit. f GDPR). |
The Website does not collect sensitive personal data categories which require special protection, such as race, ethnicity, religious beliefs or personal health data.
2. Cookies and Other Similar Technologies
We use cookies and other similar technologies to operate the Website and deliver essential functions.
For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Policy.
3. How We Disclose Information We Collect
Some or all of your personal data may be disclosed, for the purposes listed below and on a strict need to know basis.
• Affiliates and corporate partners
For proper business administration and service maintenance, we share the specified personal information above within our network of affiliated entities, adhering strictly to applicable legal frameworks.
We may share your personal information if our company goes through business changes like mergers, acquisitions, or financial reorganizations. If this happens, we’ll do our best to let you know before your data comes under new privacy and security rules.
• Law enforcement agencies, public authorities or other judicial bodies and organizations
We may share personal information when legally required or when we genuinely believe it’s necessary to:
Meet legal requirements or respond to official requests;
Enforce our rules and policies, including investigating potential breaches;
Identify and resolve security risks, fraud, or technical problems;
Protect the rights and safety of our company, users, others, or the public, as allowed by law (such as sharing data with other organizations to prevent fraud).
4. Security and Retention of Your Personal Data
We are dedicated to implementing appropriate safeguards to ensure the confidentiality of your personal information. Through comprehensive technical and organizational security measures, we protect your data against accidental or intentional destruction, loss, modification, unauthorized disclosure, or access.
Your personal data will be securely deleted or anonymized once it is no longer required for the purposes specified in the Policy. The retention period typically corresponds with the duration of your engagement with our services. Nevertheless, we may preserve certain personal data when necessary to comply with legal and regulatory obligations, respond to official inquiries from competent authorities, protect our legal rights and interests, or serve other legitimate business purposes.
In determining appropriate retention periods, we carefully evaluate multiple factors including the specific nature of the personal data and related processing activities, the timeframe and extent of your service usage, as well as our legitimate business interests and legal responsibilities. This assessment ensures we maintain your information only for as long as reasonably required.
5. International Transfers of Your Personal Data
Your personal data related to your service usage may be processed or transferred outside the European Union. Certain of our related entities, located outside your country of residence, are given limited remote access to this information so they can provide certain functions. This access is limited, secure and only granted where necessary under strict security controls and authorisation approval protocols. We also rely on service providers around the globe to support our operations. Consequently, your personal data may be accessed by our affiliates or transferred to third-party service providers and business partners in various locations, to fulfill the purposes set forth in the Policy. These entities commit to processing information in compliance with applicable privacy laws and to implementing appropriate security measures to protect your information.
In the event of an international transfer of personal data, when required by applicable laws, we ensure it benefits from an adequate level of data protection by relying on:
• Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country offers an adequate level of data protection. We transfer your information to some countries with adequacy decisions; or
• Article 49. In the absence of an adequacy decision, we rely on Article 49 (1)(b) and (c) GDPR to transfer your personal information to countries without an adequacy decision when necessary to provide the services globally; or
• Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 of the GDPR that allows companies in the EEA to transfer data outside the EEA. These are called standard contractual clauses. We rely on standard contractual clauses to transfer information to certain of our related entities and third parties in countries without an adequacy decision.
Please immediately stop accessing or using the services if you do not want your information transferred to, processed, or maintained outside of the country or jurisdiction where you are located.
6. Your Rights Regarding Your Personal Data
We respect your rights regarding personal information, as described below. Should you wish to inquire about or exercise these rights, please contact us. We will respond to your request within the time limit required by applicable legislation upon identification verification (if necessary).
• Right to access. Request details about what personal data we process about you and obtain a copy.
• Right to rectification. Ask us to update inaccurate information or complete partial data where appropriate.
• Right to erasure. Request removal of your data, though we may retain it when required by law.
• Right to restriction of processing. In certain cases, you may ask us to restrict how we use your information, though legal exceptions may apply.
• Right to data portability. Obtain your data in a usable digital format or request direct transfer to another provider when technically possible (applies to automated processing based on consent or contracts).
• Right to object. Challenge our use of your data when processed for legitimate business interests, subject to legal exceptions.
• Right to withdraw consent. Revoke previously given permissions at any time, without affecting prior lawful processing.
• Complaints. We are dedicated to resolving any privacy concerns amicably. However, if you are unsatisfied with our handling of your Personal Data, you have the right to lodge a complaint with your local data protection authority.
7. Protection of Minor's Information
We highly value the protection of minor’s information. If you are a minor, you should read the Policy under the guardianship and guidance of your guardian and submit your personal information with the guardian's express consent and guidance.
If we discover that we have collected the personal information of a minor without the prior consent of the verifiable parent or legal guardian, we will make efforts to delete the relevant data as soon as possible.
8. Update to The Policy
You are encouraged to review the Policy every time you use the Website. In order to provide you with better service, we will update the provisions of the Policy based on relevant laws and regulations, which constitute an integral part hereof. If these updates result in substantial reduction or significant changes of your rights hereunder, we will notify you by prominent notifications, push messages or other means before they take effect; your continued visit of the Website indicates that you have thoroughly read, understood and agreed to be bound by the revised the Policy. To safeguard your legitimate rights and interests, we encourage you to regularly check the Policy on the settings page of our platform.
9. Controller and Data Privacy Contact Details
Cornerstone Robotics Limited, a company dedicated to delivering accessible surgical systems that allow patients around the world to benefit from the highest standards of care, is the controller of your personal data.
For more information about your data subject rights, or how we process your personal data, please contact us by the information below:
Address: Unit 1109-1113, 11/F, Building 19W, Science Park West Avenue, Hong Kong Science Park, NT, HK
Tel: +852 3619 1979
Fax: +852 3705 2450
Email: compliance@csrbtx.com
