Data Protection Policy
This Data Protection Policy clarifies the nature, scope and purpose of personal data (hereinafter referred to as “data”) processing within our website and associated websites, functions and content as well as external online presences, such as job vacancies (hereinafter referred to jointly as “online services”). With regard to the used terminology, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
|Street/No:||Greifenhagener Str. 40|
|City, ZIP Code, Country:||10437 Berlin, Deutschland|
|Business Registration No:||Amtsgericht Charlottenburg, HRB 163607 B|
|Managing director:||Michael Siewert|
|Telephone number:||+49 30 956 131 78|
Data Protection Officer:
|Name/Company:||medpirica GmbH – Datenschutzbeauftragter|
|Street/No:||Greifenhagener Str. 40|
|City, ZIP Code, Country:||10437 Berlin, Deutschland|
If confidentiality is desired, please contact our data protection officer by post with the words “personal/confidential.”
Types of Data Processed:
Inventory Data (e.g. names, addresses).
Contact Information (e.g. e-mail, phone numbers).
Meta/Communication Data (e.g. device information, IP addresses).
Processing of Special Categories of Data (Art. 9 para. 1 GDPR):
Generally no special categories of data are processed unless they are supplied by website users (e.g. via online forms).
Categories of Persons Affected by Data Processing:
Customers / Interested Parties / Suppliers.
Visitors and users of the online service.
Answering contact requests via email.
Purpose of Data Processing:
Providing the online service with its content and functions.
Service and customer care.
Marketing and advertising.
1. Relevant Statutory Foundations
1. In accordance with the provisions of Art. 13 GDPR, we will inform you of the legal basis for processing your data. If the legal basis is not named in the data protection policy, the following shall apply: The legal basis for obtaining consent is Art. 6 para. 1 item a and Art. 7 GDPR; the legal basis for processing data needed to fulfill our contractual measures, as well as answering queries, is Art. 6 para. 1 item b GDPR; the legal basis for processing data needed to fulfill our legal obligations is Art. 6 para. 1 item c GDPR; and the legal basis for processing needed to protect our legitimate interests is Art. 6, para. 1, item f GDPR. In the event that the vital interests of the affected person or other individual requires the processing of personal data, Art. 6 para. 1 item d GDPR serves as the legal basis.
2. Changes and Updates to this Data Protection Policy
We ask that you review the content of our data protection policy on a regular basis. We adjust the data protection policy as soon as changes to the data processing we carry out require it. We will notify you as soon as the changes require your participation (e.g. consent) or other individual notification.
3. Security Measures
3.1. In accordance with Art. 32 GDPR, and taking into account the state of technology, the cost of implementation, and the type, scope, circumstances, and purposes of processing as well as the differing probability and severity of risk to the rights and freedoms of individuals, we shall take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; these measures include, in particular, the assurance of confidentiality, integrity, and availability of data by controlling physical access to the data, as well as ensuring their relevant access, input, disclosure, availability and separation. In addition, we have established procedures to guarantee the detection of affected rights, deletion of data, and response to exposure of data. Furthermore, we take into account the protection of personal data in the development or selection of hardware, software, and procedures, according to the principle of data protection through technical design and through data protection-friendly technology (Art. 25 GDPR).
3.2 The security measures include, in particular, the encrypted transfer of data between your browser and our Server.
4. Collaboration with Processors and Third Parties
4.1. If, in the context of data processing, we disclose data to other persons and companies (contracted processors or third parties), transmit data to them or otherwise grant them access to the data, this will only be done on the basis of a legal permit (e.g. if the transmission of data to third parties, as required by payment service providers pursuant to Art. 6 para. 1 item b GDPR, is necessary to fulfill the contract), your consent, a legal obligation or based on our legitimate interests (e.g. the use of agents, web-hosters, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “job processing contract”, this is done on the basis of Art. 28 GDPR.
5. Data Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) or in the context of the use of third party services or disclosure/transmission of data to third parties, this will only be done to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only in the presence of the special conditions in Art. 44 et seq. GDPR. This means the processing is done, for example, on the basis of special guarantees, such as an officially recognized approval of an EU level of data protection (e.g. in USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
6. Rights of Affected Persons
6.1. You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data, as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. According to Art. 16 GDPR you have the right to demand the completion of data concerning you or the correction of incorrect data concerning you.
6.3. In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately, or alternatively to require a restriction in the processing of the data in accordance with Art. 18 GDPR.
6.4. According to Art. 20 GDPR you have the right to request a copy of the personal data you have provided to us, and to request their transmission to other responsible parties.
6.5. According to Art. 77 GDPR you also have the right to file a complaint with the competent supervisory authority.
7. Right of Revocation
According to Art. 7 para. 3 GDPR you have the right to revoke consent taking effect in the future.
8. Right of Objection
According to Art. 21 GDPR you can object to the future processing of your data at any time. The objection may in particular be made with regard to processing for direct marketing purposes.
9. Cookies and Right of Objection in the Case of Direct Advertising
We use temporary and permanent cookies, i.e. small files that are stored on user devices (for an explanation of the concept and its function, see the last section of this data protection policy). The cookies are used partly for security or are required for the operation of our online service (e.g. for the presentation of the website), or to save the user’s decision when confirming the cookie banner.
10. Deletion of Data
11.1. When contacting us (via e-mail), the information provided by the user is processed to handle the contact enquiry in accordance with Art. 6 para. 1 item b GDPR.
11.2. The information provided by the user can be saved in our Customer Relationship Management (“CRM”) System or similar organization system.
12. Collection of Access Data and Log Files
12.1. We collect data about every access to the server on which our service resides (so-called server log files) on the basis of our legitimate interests within the sense of Art. 6 para. 1 item f GDPR. Access data includes the name of the retrieved web page, accessed file, date and time of retrieval, amount of data transferred, notification of successful retrieval, web browser with version, user’s operating system, referrer URL (the page previously visited), IP address, and the requesting provider.
12.2. For security reasons (e.g. for the detection of abuse or fraud) log file information will be saved for a maximum of seven days and then deleted. Data which needs to be stored longer for evidential purposes is exempted from deletion until full clarification of the incident.
13. Cookies & Audience Measurement
13.1. Cookies are information, that our web server or third-party web servers transmit to the web browser of the user to be stored for later retrieval. Cookies can be small files or other types of stored information.
13.2. We use “session cookies”, which are only stored for the duration of the current visit to our online service. A session cookie contains a randomly generated, unique identification number called a session ID. A cookie also contains information on its origin and storage period. These cookies cannot contain other data. Session cookies are deleted when you have finished using our online service, for example when you log out or close your browser.
13.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the browser’s settings. Excluding cookies can restrict the functions of this online service.
14. Integration of Services and Content of Third Parties
14.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website within the sense of Art. 6 para. 1 item f GDPR), we insert content or services offered by third-party providers into our website in order to provide their content and services, such as videos or fonts (collectively referred to as “content”). This always presupposes that the third-party provider of this content detects the IP address of the user, since they cannot send content to the user’s browser without the IP address. The IP address is therefore required for the presentation of this content. We strive only to use content from providers who limit their use of IP addresses for the delivery of their content. Third-party developers can also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical and marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Furthermore, the pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, visiting time, and other information about using our website, as well as linking to such information from other sources.
14.2. The following depiction provides an overview of third-party providers and their content, along with links to their respective data protection policies, which include more information about the processing of data and (as already partially mentioned) possibilities for opting out:
Maps provided by “Google Maps” from the third-party service provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
External fonts from Adobe Typekit, https://typekit.com/. The integration of Adobe Typekits is delivered by a call to the server of Adobe Typekit. Data protection policy of Adobe Typekit: https://www.adobe.com/de/privacy/policies/typekit.html, opt-out: https://www.adobe.com/de/privacy/opt-out.html.
15. Links to Other Internet Sites
We occasionally refer to the websites of third parties. Although we carefully select these third parties, we cannot guarantee or assume liability for the accuracy or completeness of the content and data security of third party websites. The respective provider or operator of the linked site is always responsible for its content. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognizable at the time of linking. This data protection policy also does not apply to linked websites of third parties.
The contents of our pages were created with great care. However, we cannot take any responsibility for the correctness, completeness, and relevance of the contents. We are not obliged to monitor transmitted or stored third party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. A liability in this regard begins when a specific violation of the law becomes known. If we become aware of such legal infringements, we will immediately remove this content.
The content and works created by these pages’ site operator and used on these pages are subject to German copyright law. The reproduction, editing, distribution, and any kind of use outside the limits of copyright law require the written consent of the respective copyright holder (usually the author or creator). Downloading and copying this page is permitted neither for private nor commercial use. If the content on this page is not created by the operator, the copyrights of third parties are respected. Third party content in particular is marked as such. Should you nevertheless become aware of a copyright violation, we ask that you notify us. If we become aware of such legal infringements, we will immediately remove this content.
18. Prohibition Against Advertising
The use by third parties of published contact data within information requirements or prescribed by the data protection regulation’s duty to inform for sending unsolicited advertisements and informational materials is hereby expressly excluded. The same applies to advertising phone calls, calls for the purpose of market and opinion research, and calls for customer satisfaction studies. The operators of these pages expressly reserve the right to take legal steps in case of unsolicited sending of advertising information, whether by spam mails or advertising phone calls.
If you are not satisfied with the data protection measures presented here, or if you have any questions regarding your personal data, we would be pleased to hear from you. We will answer your questions as quickly as possible and implement your suggestions.
Court of jurisdiction is Berlin.
Here you can find our data protection notice for
· (potential) customers, (potential) service providers, and other interested parties [http://medpirica.de/wp-content/uploads/2018/07/Datenschutzhinweise-für-Kunden-Dienstleister-und-andere.pdf],
· for applicants [http://medpirica.de/wp-content/uploads/2018/07/Datenschutzinformation-für-Bewerber.pdf],
· and respondents [http://medpirica.de/wp-content/uploads/ 2018/07/Datenschutzhinweise-für-Befragte.pdf].