Data protection is a subject of special importance for Heraeus: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
United States Privacy Policy
The topic of data protection is very important to Heraeus. We process personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures. Please be sure to read this privacy policy before using this website. If you do not agree with Heraeus practices described in this privacy policy, your ultimate choice is not to use this website. By providing Consent (defined herein) or otherwise using any part of this website, you accept and agree to the Heraeus privacy practic es. Please see Section 6 below regarding changes to this privacy policy. Please check this area periodically for updates to this privacy policy.
(1) The purpose of this privacy policy is to inform you about the nature, scope and purpose of personal data processing on our internet website and the associated sites, functionalities and content (hereinafter collectively referred to as “website”). The privacy policy applies irrespective of the domains, systems, platforms and devices (e.g., desktop or mobile) on which the website is made available. Unless otherwise stated therein, this privacy policy does not apply to the Heraeus e-commerce webshops. There is a separate privacy statement for the Heraeus webshops, which can be found on the corresponding websites.
(2) The provider of the website and legally responsible party for it under privacy law is Heraeus Medical GmbH, Philipp-Reis-Str. 8-13, 61273 Wehrheim, Germany hereafter referred to as the “provider”, “we” or “us”). For further details as well as how to contact us, please see the imprint on our website.
(3) Our Data Protection Officer can be reached via the following email address: dataprotection@heraeus.com
(4) The term “user” includes all customers and their employees as well as visitors to our website.
(5) The products and services of Heraeus Medical are intended exclusively for companies. Heraeus' websites, including its advertising and any business contact forms on Heraeus Medical's websites, are not directed at children and adolescents (persons under 18 years of age). Persons under 18 years of age are not authorized to fill in and submit these contact forms to Heraeus Medical. Except as stated below, does not knowingly collect personal information from persons under 18 years of age. Heraeus Medical will only request data from persons under 18 years of age if such persons apply for a job, an apprenticeship or a student internship at Heraeus Medical in a Heraeus application portal which is set up separately for such persons. The requested data is used exclusively for the purpose of the application process. They will not be used for any other purpose and will be deleted after the application procedure has been completed in accordance with the requirements of data protection law.
1.2 Legal basis
We collect and process personal data on the following legal basis:
a. Consent in accordance with Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is a statement of intent, freely given in a specific instance in an informed and unambiguous manner in the form of a declaration or another unequivocal affirmative act, where the data subjects make it clear that they consent to the processing of their personal data.
b. Necessity for the performance of a contract or in order to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR, i.e., the data is necessary for us to carry out our contractual obligations to users or we need the data in order to prepare a contract with users.
c. Processing for compliance with a legal obligation in accordance with Art. 6(1)(c) GDPR, i.e., the data processing is required on the basis of a law or some other requirement.
d. Processing to safeguard legitimate interests in accordance with Art. 6(1)(f) GDPR, i.e., the processing is necessary to safeguard our legitimate interests or those of a third party, provided the interests do not outweigh the fundamental rights and freedoms of users who require the protection of personal data.
1.3 Data subject rights
(1) Right to information: In accordance with Art. 15 GDPR, users can request confirmation of whether their data is being processed. If this is the case, users have the right to information regarding the information at no charge.
(2) Right to revoke consent: If personal data is processed on the basis of consent, users have the right to revoke this consent at any time in accordance with Art. 7 GDPR.
(3) Right to object: If processing the personal data is necessary to safeguard the legitimate interests of our company, users can object to the processing at any time in accordance with Art. 21 GDPR.
(4) Right to erasure: If users have revoked their consent, objected to the processing of their personal data (and there are no overriding legitimate reasons for the processing), their personal data is no longer necessary for the original purpose of the processing, there is a corresponding legal obligation or personal data has been processed unlawfully, users have the right to request the deletion of their personal data in accordance with Art. 17 GDPR.
(5) Right to rectification: If personal data has been processed while incorrect, users have the right, to request that this data be corrected immediately in accordance with Art. 16 GDPR.
(6) Right to restriction of processing: Under the provisions of Art. 18 GDPR, users have the right to demand that the processing of their personal data be restricted.
(7) Right to data portability: In accordance with Art. 20 GDPR, users have the right to receive the personal data they provided in a structured, commonly used and machine-readable format.
(8) Right to file a complaint: In accordance with Art. 77 GDPR, users have the right lodge a complaint with the responsible supervisory authorities.
1.4 Deletion of data
(1) The data that we store is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements . We review whether the data is still required every two years.
(2) If the user data is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to user data which must be retained for reasons relating to commercial or tax law.
1.5 Security measures
(1) We have in place state-of-the-art organizational and technical security measures to ensure compliance with relevant legal provisions and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.
(2) Our security measures include, in particular, the encryption of data for transmission between the user’s browser and our server.
1.6 Transfer of data to third parties and third-party providers
(1) Heraeus transfers data to third parties exclusively in accordance with legal provisions. We only transfer user data to third parties if necessary (for example, for accounting purposes) or for other purposes necessary to meet our contractual obligations to users or legal requirements.
(2) Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.
(3) If, within the scope of this privacy policy, we use content, tools or resources of other providers (hereinafter collectively referred to as “third-party providers“) whose registered office is in a third country, it must be assumed that data are transferred to such third countries.
(4) Third countries are countries where the GDPR does not apply directly, i.e., in principle, all countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if users have given their consent or if the transfer of such data is permitted by law.
1.7 External references and links
References or links ("links") to the content provided by external providers must be distinguished from the content of Heraeus Medical's own website. By embedding a link to an external website ("hyperlinks"), Heraeus Medical does not endorse same nor adopt such an external website or its content as its own. Should any infringement caused by the external website come to the attention of Heraeus Medical, Heraeus Medical will immediately delete the link. Heraeus Medical neither assumes any responsibility for the availability of such external website nor for its content. You access and use such other web sites, including the content, items or services on those websites, solely at your own risk. With regard to Heraeus Medical’s liability considering external references and links the provisions under the section Disclaimer apply accordingly.
(1) Cookies are files transmitted by our web server or the web server of third parties to users’ web browsers and stored there so they can be accessed later on. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.
(2) More detailed information about the cookies on our website can be found on our cookie information page (see cookie information).
(3) We only use non-essential cookies if you have given your express consent (opt-in). In addition, users who do not want to have cookies stored on their computer can deactivate the corresponding option in their system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionalities of this website.
2.2 Opt-out options
Users can opt out of the use of cookies used for reach measurement and advertising purposes via the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) as well as the U.S. website (http://www.aboutads.info/choices) and the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
3.1 Collection of access data
(1) When accessing our website, information is automatically transmitted from the user’s browser to us; this includes the name of the website and files that are accessed, the date and time they are accessed, the quantity of data transmitted, reports about successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited prior to visiting our website), the user’s IP address and the requesting provider.
(2) The processing of this information is technically necessary and is carried out on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR regarding the safeguarding of the security of the processing (e.g., to prevent and identify cyber-attacks).
(3) The information is automatically deleted four weeks after the end of the connection – i.e. the use of the website – provided there is no retention period that prevents this.
(4) The collection and storage of the data in log files is necessary for the provision of the website. For this reason, users may not request the deletion or correction of this data or object to its processing.
3.2 Contacting us
(1) When a user contacts us (by contact form or email) the user’s data is stored in order to process and carry out the request.
(2) The user information may be stored in our customer relationship management systems (“CRM systems”). The legal basis for the further processing of the data is the preparation of a business transaction (in accordance with Art. 6(1)(b) GDPR).
3.3 Use of cookies
(1) We only use non-essential cookies if you have given your express consent (opt-in) in accordance with § 25 German Telecommunications-Telemedia Data Protection Act (TTDSG). In addition, if you do not want to have cookies stored on your computer you can deactivate the corresponding option in your system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionalities of this website.
(2) If you have consented to the storage of cookies or to the access to information on your terminal device, both activities are carried out on the basis of Section 25 (1) TTDSG.
(3) The legal basis for the data processing of data stored in cookies for the online marketing measures described below is your consent in accordance with Art. 6 (1) (a) GDPR.
(4) To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
(5) When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
(6) CookieFirst is used to obtain the legally required consent for the use of cookies.
(7) We have concluded a data processing agreement with CookieFirst.
(8) Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
(9) We obtain user-consent to use cookies on all websites within the heraeus-medical.com.
3.4 Google Tag Manager
If you give us your consent, we use Google Tag Manager. Google Tag Manager is a solution that allows us to use website tags via an interface (and integrate, for example, Google Analytics and other Google marketing services in our website). The tag manager itself (which implements the tags) does not process any of the user’s personal data. Regarding the processing of the user’s personal data, please note the following information about the Google services. Use policy: https://www.google.com/intl/de/tagmanager/use-policy.html
3.5 Google Analytics
(1) If you give your consent, we use Google Analytics, a web analysis service of Google Ireland Limited (“Google”) in order to analyze and optimize our website. Google uses cookies. The information generated by the cookies about your use of this website is generally transferred to and stored on a Google server in Ireland.
(2) Google is listed in the EU-U.S. Privacy Shield; see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
(3) Google will use this information on behalf of Heraeus to evaluate your use of our website, to compile reports on website activity, and to provide other services to Heraeus that are related to the use of the website and the internet. The data retrieved in this context may be used to create pseudonymized user profiles.
(4) We only use Google Analytics with IP anonymization activated. This means that a user’s IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the U.S. and truncated there.
(5) The IP address transferred from the user’s browser will not be linked with other Google data. Users may prevent the storage of cookies by selecting the appropriate system settings in their browser. Users may also prevent the recording and processing by Google of data generated by cookies and data related to their use of the website by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.
(6) Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).
3.6 Google Target Audience
1) We use Google Analytics to form target groups, provided you have given your consent to the use of Google Analytics, in order to show the ads that are displayed within the advertising services of Google and its affiliates only to those users who have either shown an interest in our website or who have certain characteristics (e.g., interests in certain topics or products determined from websites visited) and that we have sent to Google (so-called “remarketing” or “Google Analytics Audiences”). We use Remarketing Audiences to ensure that our ads correspond to the potential interests of users.
(2) Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).
3.7 Google Display & Video 360
(1) If you give your consent to do so, we use the Google online marketing service “Display & Video 360” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Display & Video 360 differs from other services in that it shows real time advertisements based on user’s presumed interests. This allows us to show ads for and within our website in a more targeted manner so that we only show users those ads that potentially correspond to their interests. When a user is shown an ad for products that they have been viewing on other websites, this is referred to as “remarketing”. For these purposes, upon accessing our websites and other websites on which the Google Advertising Network is active, Google will immediately run a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") will be incorporated into the website. With their help, an individual cookie, i.e. a small file, will be saved on the user’s device (comparable technologies may also be used instead of cookies). This file keeps a record of which websites the user has visited, what content the user is interested in and what offers the user has clicked on, as well as technical information about the browser and operating system, websites that have referred the user, access duration, and other information regarding the use of our website.
(2) The user's IP address is also recorded. It is truncated within Member States of the European Union or in other States which are party to the Agreement on the European Economic Area. It is only transmitted in full to a Google server in the U.S. and truncated there in exceptional cases. The above information may also be linked with such information from other sources by Google. If the user subsequently visits other websites, they may be shown advertisements tailored to their presumed interests on the basis of their user profile.
(3) The user's data is processed pseudonymously within the Google Advertising Network. This means that Google does not store and process, for example, the user’s name or email address but instead processes the relevant data using cookies within the pseudonymous user profile. In other words, from the perspective of Google, the ads are not managed and displayed for a person who is concretely identifiable, but rather for the person with the cookie, irrespective of who this person is. This does not apply if a user has expressly permitted Google to process the data without pseudonymization. The information about the user collected by Google Marketing Services is transmitted to Google and stored on Google servers in the U.S.
(4) Users can find more information about the use of data by Google as well as setting and opt-out options in Google’s privacy policy (https://policies.google.com/technologies/ads) as well as the settings for showing ads by Google (https://adssettings.google.com/authenticated).
3.8 Google (re)marketing services
(1) If you have given us your consent to do so, we use the marketing and remarketing services (“Google marketing services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
(2) Google is listed in the EU-U.S. Privacy Shield; see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
(3) For the purposes of the Google Marketing Services, user data is pseudonymized for processing. This means that Google does not store and process, for example, the user’s name or email address but instead processes the relevant data using cookies within the pseudonymous user profile. In other words, from the perspective of Google, the ads are not managed and displayed for a person who is concretely identifiable, but rather for the person with the cookie, irrespective of who this person is. This does not apply if a user has expressly permitted Google to process the data without pseudonymization. The information about the user collected by Google Marketing Services is transmitted to Google and stored on Google servers in the U.S.
(4) The Google marketing services we use include the “Google AdWords” online advertising program, among others. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. This ensures that cookies cannot be tracked across websites of AdWords customers. The information collected with the help of the cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive information about the total number of users who have clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not receive any information allowing them to identify individual users.
(5) We can show third-party ads using Google’s Display & Video 360 marketing service. Display & Video 360 uses cookies that allow Google and its partner websites to show ads based on user visits to this website and other websites on the internet.
(6) Users can learn more about the use of data by Google for marketing purposes on the overview site at: https://www.google.com/policies/technologies/ads; the Google privacy policy can be accessed at: https://www.google.com/policies/privacy.
(7) Users who would like to opt out of personalized advertisements from Google marketing services can do so with the opt-options provided by Google: http://www.google.com/ads/preferences.
3.9 Friendly Captcha
Our website uses the service "Friendly Captcha" (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a protective solution designed to make the use of our website by automated programs and scripts (known as "bots") more difficult.
Friendly Captcha does not set or read any cookies on the visitor's end device.
The legal basis for processing is our legitimate interests in protecting our website from abusive access by bots, including spam protection and defense against attacks (e.g. mass requests), Article 6 (1) (f) GDPR.
For more information on data protection when using Friendly Captcha, please refer to https://friendlycaptcha.com/legal/privacy-end-users/.
3.10 LinkedIn (re)marketing services
3.10 LinkedIn (re)marketing services
(1) Functions and content from LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”), may be incorporated within our website. This may include, for example, content such as images, videos, or text and buttons that allow users to share content from this website within LinkedIn if they have a LinkedIn account. By clicking on the integrated LinkedIn button you consent to the LinkedIn terms of use and will be forwarded to that website.
(2) We use LinkedIn to show the advertisements displayed within LinkedIn advertising services and its affiliates only to those users who have also shown an interest in our website or who have certain characteristics (e.g. interests in specific themes or products that are determined from the websites visited), which we submit to LinkedIn (so-called "remarketing"). We use LinkedIn to ensure that our ads correspond to the potential interests of users.
(3) If users are members of the LinkedIn platform, LinkedIn can assign the content and functions that have been accessed to the user’s profile.
(4) LinkedIn is listed in the EU-U.S. Privacy Shield; see https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
(5) Further information about LinkedIn is available in its privacy policy at https://www.linkedin.com/legal/privacy-policy.
(6) Users who would like to opt out of personalized advertising by LinkedIn marketing services can take advantage of the setting and opt-out options provided by LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
3.11 Microsoft Dynamics 365 Cloud for Marketing
(1) We use the Microsoft Dynamics 365 Cloud for Marketing automation system provided by Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany) – hereafter referred to as “Microsoft” – to carry out marketing campaigns, for analysis purposes and for target group-specific contact with customers and potential customers. The data is processed within the European Union.
(2) In particular, we use the system to send email communications (e.g., in connection with the provision of downloads), for event management (e.g., to manage event participants) and to provide landing pages and contact forms.
(3) The use of Microsoft and the system, the collection and analysis of statistics and the logging of the registration procedure for communication by email are carried out on the basis of your consent to receive email communication via Microsoft Dynamics 365 Cloud for Marketing. We are interested in a user-friendly and secure system that both serves our business interests and also meets the expectations of users.
(4) System components integrated in our website (e.g., forms) use so-called “cookies” that are stored on the user’s computer and enable us to analyze the use of the website. In particular, the following information is collected: client ID, geographical location, browser type, duration of the visit and pages accessed.
(5) Pseudonymized email tracking: The statistical information collected also includes whether the newsletter was opened, when it was opened and which links the user clicked on. While this information can technically be attributed to individual newsletter recipients, the analysis of personal data has been deactivated and information about newsletter recipients is only analyzed pseudonymously and cannot be decrypted and attributed to individual users.
(6) Double opt-in and recording of data: Subscribing to our newsletter is subject to a so-called double opt-in process. This means that after subscribing for our newsletter users receive an email in which they are asked to confirm their subscription. Such confirmation is necessary to ensure that people do not subscribe using someone else’s email address. The newsletter subscription is logged so the subscription process can be verified in accordance with legal requirements. This includes recording the date and time of the subscription and the confirmation as well as the IP address. The changes to the user data saved by the email marketing service provider are also logged.
(7) Unsubscribe: Users can unsubscribe from the newsletter at any time, i.e., they can revoke their consent to receive it. There is an unsubscribe link at the end of each newsletter. The personal data of users that has been processed in connection with the mailing of the newsletter will be deleted after the user unsubscribes.
(8) Further data privacy information can be found in the Microsoft privacy policy at https://privacy.microsoft.com/en-US/privacystatement.
(9) Further information about the use of cookies in connection with the system can be found at https://docs.microsoft.com/en-US/dynamics365/marketing/cookies.
1) We use the Microsoft Dynamics 365 CRM system at some Heraeus locations. The data is processed in Heraeus Group data centers by Heraeus Infosystems GmbH (hereafter referred to as “HSY ”).
(2) HSY uses the data of users solely for the technical processing of requests, and it does not transmit the data to third parties.
(3) In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.
4.2 Microsoft Dynamics 365 Cloud
(1) At some Heraeus locations, we use the Microsoft Dynamics 365 Cloud CRM system from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, United States) – hereafter referred to as Microsoft – as a cloud service, i.e., the data is processed at Microsoft data centers.
(2) Microsoft is listed in the EU-U.S. Privacy Shield; see https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
(3) Microsoft uses the data of users solely for the technical processing of requests and it does not disclose the data to third parties.
(4) In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.
(5) Further data privacy information can be found in the Microsoft privacy policy at https://privacy.microsoft.com/en-US/privacystatement.
(1) We maintain a presence in social networks and platforms in order to be able to communicate with active customers , interested parties and users who are active there and to provide information to users there about our services.
(2) Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights. Please note that U.S. providers that are listed EU-U.S. Privacy Shield are thereby making a commitment to comply with the data protection standards of the EU and the Swiss Confederation.
(3) In addition, user data is generally processed for market research and advertising purposes. For example, user behavior and the resulting information about the user’s interests can be used to create user profiles. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies that record the user’s behavior and interests are generally stored on the user’s computer. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).
(4) The personal data of users is processed on the basis of our legitimate interests in providing effecting information to users and communicating with users. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by clicking a check box or pressing a button), the legal basis of the processing is consent.
(5) For a detailed overview of the processing and opt-out options discussed in this paragraph, see the information from the provider in the following link:
(6) Note that users seeking information or attempting to assert user rights would best be served by contacting the relevant provider(s) directly. Only the providers have access to the user’s data and can take the corresponding measures and provide information. Users can contact us if they still require assistance.
(1) We reserve the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing.
(2) If the consent of the user is required or if elements of the privacy policy contain components of the contract agreed the user, the changes will only be made with the user's consent.
(3) Users are requested to familiarize themselves regularly with the content of the privacy policy.
(1) Heraeus’s privacy notice for California residents pursuant to the California Consumer Privacy Act of 2018, as amended, which supplements this privacy policy, can be found via this link: California Consumer Privacy Act.
Last updated: 08/18/2023