Tegus Medical GmbH (“Company”) must restrict access to confidential and sensitive data or to personal data the Company processes in the capacity of controller or the processor to protect it from being lost or compromised to avoid adversely impacting our customers, incurring penalties for non-compliance and suffering damage to our reputation. At the same time, we must ensure users can access data as required for them to work effectively.

It is not anticipated that this Data Protection Plan (“Plan”) can eliminate all malicious data theft or other data breach. Rather, its primary objective is to increase user awareness and avoid accidental loss scenarios, so it outlines the requirements for data leakage prevention.

This Plan applies to all customer data, including customer personal data and data of their users, or other company data defined as sensitive or confidential by the Company. Therefore, it applies to every server, database and IT system that handles such data, including any device that is
regularly used for email, web access or other work-related tasks. Every user who interacts with Company’s IT services is also subject to this policy Plan.Information that is public is not subject to this policy Plan.

Other data can be excluded from the Plan by Company management based on specific business needs, such as that protecting the data is too costly or too complex.