Privacy Policy

Our company attaches great importance to the protection of personal data and respects your wish for privacy. In the following, we inform you about the collection of personal data when using our website. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer.


  1. General information                                                                                
    1. Personal data
    2. Controller
    3. Contact options for the data protection officers
    4. General purposes of the processing of personal data and their legal basis
      1. Data processing during website access
      2. Data processing during app access
        1. Information collected when downloading the app
        2. Information that is collected automatically
        3. Access permissions within the scope of using the app
    5. General information about the recipient of the data
    6. Contact
  2. Details on the processing of personal data when visiting the platform 
    1. Cookies and tools
      1. Cookiebot
      2. Google Analytics
    2. Registration process
    3. Data processing in the context of the use of the platform
    4. Data processing during registration for events
    5. Deletion of Account
  3. Storage period of your data
  4. Rights                                                                                                     
    1. General rights
    2. Right to object
    3. Right to complain to the supervisory authority
    4. For US Residents
    5. Notice to California Residents


1. General information

1.1 Personal data

Personal data within the meaning of Art. 4 of the General Data Protection Regulation (GDPR) is any information relating to an identified or identifiable natural person, such as the name, address, e-mail address of a person.

1.2 Controller

The data controller within the meaning of the GDPR is: Brainlab AG
Olof-Palme-Straße 9
81829 Munich Germany

1.3 Contact options for the data protection officers

You can reach our data protection officer at:
intersoft consulting services
AG Beim Strohhause 17
20097 Hamburg

1.4 General purposes of the processing of personal data and their legal basis

Novalis Circle is a worldwide network of clinicians and a platform designed to exchange knowledge aiming to optimize treatments in radiosurgery. Novalis Circle provides a communication and collaboration network for developing new ideas and optimizing treatments that continues to change the face of cancer care.

You can access the Novalis Circle platform via website or app (Android or iOS).

1.4.1 Data processing during website access

In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server and that is technically necessary for the presentation of our website and to ensure stability and security.

For retrieval from the website, the short-term registration of the IP number is indispensable. The IP address is the globally valid, unique identification of a computer and consists of four blocks of digits separated by dots. As a rule, private users are not assigned a constant IP address by the provider, but only temporary IP addresses for one session. Nevertheless, in the case of static IP addresses, it is in principle possible to unambiguously assign the user’s data via this characteristic. The external web servers (see section 1.5) store IP addresses in the log files for a maximum of 14 days. After that, the access data is anonymized.

  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Web page from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.

1.4.2 Data processing during app access

Certain information is already processed automatically as soon as you use the Android or iOS app. We have listed exactly which personal data is processed for you below: Information collected when downloading the app

We do not process any personal data when you download the app. Information that is collected automatically

As part of your use of the app, we automatically collect the IP address and information about the app usage. This data is processed automatically.

The data processing is necessary to provide you with the service and the associated functions and also serves to improve the functions and performance features of our app.
The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in the functionality and error-free provision of the app for you as a user. Access permissions within the scope of using the app

When you use our app, we use your data. In doing so, the app accesses certain features of your cell phone, provided you have previously agreed to this access.

The app requires the following permissions:

  • Internet access: This is required for general app functionality and storing your data on our servers.
  • Camera access: This is required so that you can take photos or videos and save them in the app and on our servers. (optional)
  • Photo library: This is required so that you can select photos or videos from the library and save them in the app and on our servers. (optional)
  • Write external storage: Save downloaded documents.
  • Location data access: Save user location for the posts (optional)
  • Microphone: This is required so that you can record audio and save it in the app and on our servers. (optional)

The processing and use of usage data, is done to provide the service. The legal basis for the data processing that is necessary for the function of the app and thus ensure proper functioning of the app is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

The legal basis for such data processing that is not required for the function of the app and whose access can optionally be determined by you is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. The access authorizations and thus your consent to the data processing are requested in the context of the use of the app at the appropriate point that requires access to the functions.

1.5 General information about the recipient of the data

In addition to the listed receiving parties in the individual sections listed below, we transmit the collected data for processing to the relevant internal departments and to other affiliated companies within Brainlab AG. Within the scope of a legal obligation, we reserve the right to disclose information if and to the extent that there is an obligation to transmit it to competent authorities or law enforcement agencies (Art. 6 para. 1 sentence 1 lit. c) GDPR).

The website is hosted on servers at an external service provider (hoster). The personal data listed in section 1.4 that is collected on this website is stored on the hoster’s servers.

1.6 Contact

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR. Insofar as we request input via our contact form that is not required for contacting you, we have always marked this as optional. This information serves us to specify your request and to improve the processing of your request. A communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para.1 p. 1 lit. a GDPR. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. You can, of course, revoke this consent at any time for the future.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

As the controller, our company has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.

2. Details on the processing of personal data when visiting the platform

In addition to the data already described in section 1.4, further personal data may be collected on our website through cookies and other tools. The same applies to the use of the contact form.

2.1 Cookies and tools

Cookies are data that are stored on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that uses cookies. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

A distinction is made between transient cookies and persistent cookies. Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser. Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

The use of third-party offers also leads to the fact that so-called third-party cookies are sometimes used on this website. A third-party cookie is set by a third party, i.e. not by the actual website you are currently on. Third party cookies can store the number of page views as well as the time spent on a website or the route taken by a user via hyperlinks. They enable the tracking of user behavior across different websites.

Details on the cookies and tools used on the website can be found below:

2.1.1 Cookiebot

Cookiebot is a consent management platform that enables websites to protect user privacy and comply with the GDPR when it comes to cookies and tracking. “Cookiebot” is an offer of the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereinafter referred to as “Cybot”.
The “Cookiebot” function informs the users of the website about the use of cookies and enables them to make a decision about their use. If the user gives his/her consent to the use of cookies, the following data is automatically logged:

  • The IP number of the user
  • Date and time of consent
  • User agent of the end user’s browser
  • The URL of the provider
  • The user’s allowed cookies (cookie status), which is required as proof of consent.
  • An anonymous, random and encrypted key.

The encrypted key and the cookie status are stored by means of a cookie on the user’s terminal device in order to establish the corresponding cookie status when the page is called up in the future. This cookie is automatically deleted after 12 months. The installation of the cookie as well as its storage, and thus his cookie consent, can prevent or terminate the user by settings of his browser at any time.

You can open the cookie bot settings via the following link: Cookie declaration (

For further information on Cookiebot, please see:

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is the user- friendliness of the website as well as the fulfillment of the legal requirements from the GDPR.

2.1.2 Google Analytics

Insofar as you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The use includes the Universal Analytics mode of operation. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

We use the function ‘anonymizeIP’ (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

During your website visit, the following data is collected, among other things:

  • The pages you visit, your “click path”.
  • achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases)
  • Your user behavior (for example, clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • Your internet service provider
  • The referrer URL (via which website/advertising medium you came to this website)
  • On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

The recipient of the data is Google Ireland Limited as a processor. We have concluded an order processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities may access the data stored by Google. A transfer of data to the USA cannot be ruled out.

The data sent by us and linked to cookies are automatically deleted after 26 months. The deletion of data whose retention period has been reached takes place automatically once a month. You can also prevent the storage of cookies by configuring your browser software accordingly. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

The legal basis for this data processing is your consent pursuant to Art.6 para. 1 p.1 lit.a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

For more information on the terms of use of Google Analytics and data protection at Google, please visit and

2.2 Registration process

In order to use the Novalis Circle platform, registration is required. The purpose of the registration is to enable a professional exchange of users in the field of radiotherapy/radiosurgery.

Within the scope of registration, the following personal data will be processed:

  • First name
  • Surname
  • Title
  • Institution
  • E-mail address
  • Department
  • Job title
  • City
  • Country
  • Company

By registering, a Brainlab ID will be created. The Brainlab ID is the single sign-on system for Brainlab customers. With a Brainlab ID, customers can register with various Brainlab services without having to create their own user accounts. To verify your authorization to use the Novalis Circle platform, your data is matched once within our system.

The data collection and storage within the registration process is based on the user agreement concluded between the parties pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

2.3 Data processing in the context of the use of the platform

Provided that the registration process has been completed, further processing of personal data may occur in the course of using the Novalis Circle platform.

When using Novalis Circle, users have the possibility to comment on existing entries, create new entries or ask questions to experts. The personal contributions are always displayed with the username. The contributions are generally stored until they are deleted by the user or the operator (e.g. due to violations of the rules of use).

You have the option to be notified by e-mail about new events, such as new comments on your questions or questions you follow. You can configure the notifications individually in the settings. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

2.4 Data processing during registration for events

On the Novalis Circle platform you can register for events. Within the scope of registration for events, the following personal data will be processed:

  • First name
  • Last name
  • Company/Institution
  • E-mail address
  • Job title
  • City
  • State
  • Country

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

2.5 Deletion of Account

If your account is deleted all of your personal data will be removed from the Platform. In particular the link between your username and your posts, comments and other profile data will be removed. The same applies to messages and other conversations on the Platform. Although the personal reference is removed, any of your posts, comments and messages remain on the Platform, displayed as “anonymous”. Content or information that you don’t want to remain on the Platform must be deleted manually by you before your account is deleted.

3. Storage period of your data

As a matter of principle, we store personal data only until the respective purpose for which the data was collected has been achieved. In the context of a business relationship with you, we store your personal data as long as the business relationship lasts, this also includes the initiation and the execution of a contract as well as the regular limitation period. In addition, we store the data if and to the extent that we are subject to statutory retention obligations. Such obligations may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).

If you have given us consent for a processing operation, the data related to the granting of consent will be stored until revoked or at the longest for the duration of the processing operation and after its termination within the scope of the statute of limitations.

4. Rights

You have the following rights as a data subject of the data processing in accordance with the legal provisions regarding the personal data concerning you:

4.1 General rights

As a data subject, you have the right to information, the right to rectification and erasure, the right to restrict processing, the right to object to processing and the right to data portability in accordance with the GDPR. Insofar as processing is based on your consent, you have the right to revoke this consent with effect for the future.

4.2 Right to object

In part, we process data on the basis of our legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR. You may object to this processing at any time if you have individual reasons for doing so that take precedence over our interests.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Article 21 (2) GDPR.

In the event of an objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

4.3 Right to complain to the supervisory authority

You also have the right to complain to a competent data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for us is:

The Bavarian State Commissioner for Data Protection (BayLfD). Wagmüllerstraße 18, 80538 Munich, Germany
Tel.: 089 / 212672-0
Postfach 22 12 19, 80502 Munich, Germany E-mail:

For asserting the statutory data subject rights and for all other questions about data processing, please write to the address of Brainlab AG listed above or send an e-mail to The exercise of your above rights is free of charge for you.

4.4 For US Residents

You authorize Brainlab to communicate with you in response to your submissions on the website and any other communications.

4.5 Notice to California Residents

The California Civil Code permits California residents to request that we not share your Personally Identifiable Information with third parties for their direct marketing purposes. If you are a California resident, you may contact to request information regarding whether and how we share personally information with third parties for their direct marketing purposes and/or to request that such information not be shared with third parties for such purposes.