Information about the collection of personal data

We appreciate you visiting our website and your interest in the services of pro med instruments GmbH.

We take the protection of your personal data extremely seriously in our role as the data processing controller. Internet sites can only be displayed if data of the visitor (the IP address as a minimum) is transferred first. Therefore, in this data protection policy, we wish to comprehensively inform you about the processing of your personal data when you visit this website. We are legally obliged to provide you with this information as the data processing controller. You can contact us via the following address:

pro med instruments GmbH

Bötzingerstr. 86, 79111 Freiburg im Breisgau, Germany

info@blackforestmedical.com

The Internet presence of pro med instruments GmbH is subject to the GDPR and the German Federal Data Protection Act (BDSG) in data protection law terms and the German Telemedia Act (TMG) in media law terms. Therefore, we are obliged to protect all information and recorded data of the visitors to this website and to keep this confidential. The data which is saved during your visit to this website is only processed in the manner described in this data protection policy. It is not intended that personal data will be used beyond the extent described above or passed on to third-parties.

 

Personal data

Personal data is information relating to the personal or objective relationships of a specific or definable person. This includes your name and your contact information, such as your address, telephone number, email address and also sensitive data, for example information relating to your health status, as well as use data, such as your IP address.

 

Scope of the processing of personal data

As a rule, pro med instruments GmbH only gathers and uses personal data of visitors to this Internet presence where this is necessary in order to provide a functional website, as well as our content and services. The gathering and use of personal data of our users generally only takes place with their consent. An exception applies in cases where it is not possible to obtain prior consent for objective reasons and the processing of the data is permitted by statutory regulations.

 

Purpose and legal basis of the data processing, duration of the saving of data

Should you use our website solely for information purposes and not provide us with information elsewhere (for example by email), we will only gather the data which your browser transfers to our server (so-called “server logfiles”). The processing of this data takes place in accordance with Article 6 Paragraph 1 Letter f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our homepage. This data is not used elsewhere or disclosed. However, we reserve the right to subsequently analyze the logfiles, should indicators of unlawful use be present. The saved data will be regularly deleted.

Should you get in touch with us by email, personal data will be gathered. This data will only be saved and used for the purpose of processing your matter and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in processing your matter in accordance with Article 6 Paragraph 1 Letter f) GDPR. Once your query has been finally processed, your data will be deleted. This is the case if the matter concerned has been fully and finally clarified and no statutory retention obligations prevent the deletion. We use service providers for the operation of our website and the processing of the data which is saved or transferred by the system (for example for computer center services, the processing of payments or IT security). The legal basis for the disclosure is then Article 6 Paragraph 1 Letter b) or Letter f) GDPR, unless this relates to an order processor. It may be the case that persons and institutions who are involved in supporting our business operations (for example auditors, banks, insurance companies, legal advisors, supervisory authorities, participants involved in corporate acquisitions or the founding of partnership companies) may obtain access to your data to the necessary extent. The legal basis for the disclosure is then Article 6 Paragraph 1 Letter b) or Letter f) GDPR. Should we obtain the consent of the data subject to the processing procedures relating to personal data, the legal basis is Article 6 Paragraph 1 Letter a) GDPR.

We process personal data of our suppliers and services providers, as well as of their employees in order to negotiate and perform our contractual relationships on the basis of Article 6 Paragraph 1 Sentence 1 Letter b) GDPR and Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.

We process employee data in order to enter into, perform and terminate employment relationships (Article 88 GDPR and Section 26 of the German Federal Data Protection Act – BDSG).

We process applicant data in order to carry out the application process and to take a decision as to whether to enter into an employment relationship or not (Article 88 GDPR and Section 26 of the German Federal Data Protection Act – BDSG). The documents of unsuccessful applicants are deleted four months after the end of the application process.

Should we gather personal data in order to implement measures to guard against Coronavirus (SARS-CoV-2) in accordance with Federal laws (for example the Law to Prevent and Combat Infectious Diseases in Humans – BIfSG) and State laws, we only process this within the framework of the respectively applicable statutory regulations. For example, there may be an obligation to pass personal data, in particular health data, on to competent authorities.

When processing personal data which is necessary in order to fulfill another contract where the contracting party is the data subject, the legal basis is Article 6 Paragraph 1 Letter b) GDPR. This also applies to the processing procedures which are necessary in order to perform pre-contractual measures.

Should the processing of personal data be necessary to fulfill a legal obligation to which our company is subject, the legal basis is Article 6 Paragraph 1 Letter c) GDPR.

In case that key interests of the data subject or of another natural person make the processing of personal data necessary, the legal basis is Article 6 Paragraph 1 Letter d) GDPR.

Should the processing be necessary in order to safeguard a legitimate interest of our company or of a third-party and should the interests, basic rights and basic freedoms of the data subject not outweigh such legitimate interests, the legal basis of the processing is Article 6 Paragraph 1 Letter f) GDPR.

 

Processing of data in case of communication in accordance with Article 6 Paragraph 1 Letter a) to Letter f) GDPR

Should you provide us with information by email or via a contact form, the data provided by you (your email address, if applicable also your name and telephone number) will be saved by us in order to respond to your query. For this purpose, your information will be read within pro med instruments GmbH and passed on to the responsible department. The personal data will be saved and processed for this purpose. The data which is obtained during this process will be deleted by us, once the saving is no longer necessary or we will restrict the processing, should statutory retention obligations exist.

Should you send us an application by email, we will then only process the data you have provided us with in order to carry out the application process. Should we enter into an employment relationship with an applicant, we will save the data which has been provided in order to carry out the necessary activities in connection with the employment relationship. Only our employees who are responsible for personnel matters will receive access to such applicant data. Should no employment relationship come into existence, we will generally delete the application documents two months after we have sent you our rejection notice, unless a legitimate interest prevents the deletion.

Should we use engaged service providers for individual functions of our service or should we wish to use your data for advertising purposes, we will inform you below in detail of the respective processes. In such a case, we will, where possible, name the determined criteria for the duration of the saving.

 

Gathering of general information when our website is accessed

Should you use our website solely for information purposes, i.e. without registering or otherwise transferring information, we will only gather the personal data which your browser transfers to our server (so-called “server logfiles”).

To this extent, information is automatically recorded by us and/or the webspace provider at the time of each access. This information, also referred to as server logfiles, is of a general nature and does not allow us to trace your person.

 The following are recorded amongst others: Name of the website, language, requested data, date and time of the query, time zone difference to Greenwich Mean Time (GMT), the respective data quantity transferred, web browser and web browser version, operating system and its version, the domain name of your Internet provider, the so-called referrer URL (the site from which you accessed our service – where transferred. Users can turn this on and off in the browser), access status/HTTP status code and the IP address.

Without this data, it would be partly impossible in technical terms to deliver and display the content of the website. Therefore, the recording of the data is absolutely necessary. We also use the anonymous information for statistical purposes. This helps us optimize the service and technology. We also reserve the right to subsequently inspect the logfiles in case of suspicion of the unlawful use of our service.

 

Cookies

In addition to the data referred to above, cookies will be saved on your computer when you use our website. As the operator of this website, we are deemed to be the provider of a telemedia service in accordance with the German Telecommunication-Telemedia-Data Protection Act (TTDSG). In particular, when using cookies, we comply with the rules of consent set out in Section 25 TTDSG in order to guarantee the protection of the private sphere of the visitors to this website. We always obtain consent if this is required under Section 25 TTDSG. However, consent in accordance with Section 25 Paragraph 2 TTDSG is not required in the following cases:

  • the sole purpose of saving information in the terminal equipment or the sole purpose of accessing information already saved in the terminal equipment is to carry out the transmission of a message via a public telecommunications network; or
  • the saving of information or accessing information that has already been saved is absolutely necessary so that we, as the provider of this website, can provide the content accessed by you as the user and expressly requested in this respect.

 

General information relating to cookies

Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information is obtained by the location setting the cookie (in this case, this is carried out by us). As examples, this information can contain user settings, session information relating to the visit to the website or language settings.

The purpose of cookies is to make the Internet service more user friendly and more effective as a whole. This data will not be passed on to third-parties by us or combined with personal data without your agreement. Cookies have two primary purposes. They help us make your navigation through our service easier and enable the website to be displayed correctly.

Cookies cannot launch any programs or transfer viruses to your computer and therefore cannot cause any damage. However, cookies may contain data which enables the device used to be recognized once again. However in part, cookies only contain information relating to certain settings, which do not allow a person to be traced. Cookies cannot identify a user directly.

There is a difference between session cookies which are deleted once you close your browser and permanent cookies which are saved beyond the individual session. In relation to the function of cookies, there is in turn a difference between:

  • Technical cookies: These are mandatory in order to navigate our website, to use basic functions and to guarantee the security of the website. They do not gather information relating to you for marketing purposes and they do not save information as to which websites you have visited.
  • Performance cookies: These gather information relating to your use of a website, which pages you visit and, for example, whether errors occur during the use of the website. These do not gather any information which is capable of identifying you - all information that is collected is anonymous and is only used to improve our website and to find out what interests our users.
  • Advertising cookies, targeting cookies: The purpose of these is to provide the website user with advertising or third-party services that are targeted to his or her needs and to measure the effectiveness of these services.
  • Sharing cookies: The purpose of these is to improve the interactiveness of a website with other services (for example social networks).

Any use of cookies which is not absolutely technically necessary is classed as data processing, which is only permitted with your express and active consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR and Section 25 TTDSG. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we only pass your personal data which has been processed using cookies on to third-parties if you have issued your express consent to such in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR.

 

Data transfer

We wish to point out that when using our online service, personal data may be transferred in part to the USA. Data transfers to the USA are no longer permitted for further notice following the ruling of the European Court of Justice EU-US-PRIVACY SHIELD/SCHREMS-II-JUDGEMENT of 07/16/2020.

Up until this point, data transfers to the USA were permitted if the company to whom the data was to be transferred was certified under the EU-US Privacy Shield. This certification does continue to exist, however since the European Court of Justice EU-US-PRIVACY SHIELD/SCHREMS-II-JUDGEMENT, it is no longer sufficient alone in legal terms. The European Court of Justice has declared the Privacy Shield Treaty to be insufficient to this extent.

Since then, the USA is no longer considered to be a secure third country in accordance with the GDPR. The fact that US companies are obliged to hand over personal data to the American security authorities on request is considered to be particularly critical. However, there is no effective legal protection for non-US citizens. Therefore, the European Court of Justice considers the US Privacy Shield to be insufficient when it comes to protecting the rights of Internet users. The problem here is that it cannot be ruled out that authorities in the USA, for example intelligence services, investigating authorities, etc will use your data stored on servers in the USA for surveillance, as an example, and will store the data or knowledge gained from this permanently. We have no influence over this processing and these procedures.

Therefore, we have taken further protective measures in order to ensure a level of data protection that meets European standards. Providers from the USA whose services we use and who transfer personal user data have been asked directly how they are responding to the European Court of Justice ruling. We have contacted the provider with the aim of concluding directly binding agreements in this respect. In doing so, we are guided by the standard data protection clauses in accordance with Article 46 Paragraph 2 Letter c) GDPR and we use these by working towards ensuring that the companies concerned guarantee reasonable handling of personal user data. In such clauses, data recipients in the USA are obliged to process the data in accordance with the level of protection in Europe. Should it not have been possible for agreements of this nature to be concluded at this time, we will continue to seek appropriate arrangements and commitments from all data recipients in the USA. As long as the legal situation has not been conclusively clarified, we obtain consent for all applications on our website which transfer data to the USA by using a consent tool.

Further information concerning the companies in the USA to whom personal data is transferred by us can be found in the Section “data processing within the framework of this website”.

 

Recipients or categories of recipients

In order to implement and comply with our contractual and legal obligations, we use in part external service providers, such as IT and telecommunications companies or companies who support us with archiving and destroying documents. There is no disclosure to other recipients who are not listed in this data protection policy.

 

Information relating to profiling and scoring

We do not carry out any automated decision making in the individual case, including profiling.

 

Your rights as a data subject

Data protection legislation provides you with a large number of rights as a data subject, which we are required to inform you of. Depending on the reason for and type of processing of your personal data, you are entitled to the following rights:

  • Your right of information, Article 15 GDPR

You have the right to be informed by us whether we process personal data relating to you and if so, what data. You have the right to request that we provide you with copies of your personal data. This right exists at all times. There are a small number of exceptions in relation to the personal data to be disclosed. This means that you will not always receive all of the information which we process.

  • Your right of rectification, Article 16 GDPR

You have the right to request that we immediately correct the personal data relating to you that you consider to be incorrect. You also have the right to request that we complete such personal data that you consider to be incomplete. This right exists at all times.

  • Your right of erasure, Article 17 GDPR

Subject to certain requirements, you have the right to request that we erase your personal data.

  • Your right to have the processing restricted, Article 18 GDPR

Subject to certain requirements, you have the right to request that the processing of your personal data be restricted.

  • Your right of data portability, Article 20 GDPR

You are only entitled to this right in relation to such personal data that you have provided to us yourself. You have the right to request that this personal data be transferred by us directly to another controller or another organization. Alternatively, you have the right to request that we provide the data to you yourself in a machine-readable format. However, this only applies if we process your personal data in accordance with your consent, under a contract or in the course of contractual negotiations and the processing takes place with the assistance of automated procedures.

  • Your right to object to the processing, Article 21 GDPR

Should we process your personal data due to the processing being part of our public duties or if we process your data on the basis of a legitimate interest, you have the right to object to the processing.

You are not required to pay a fee in connection with the exercising of your rights. The claiming of your rights as a data subject is free-of-charge. Should you claim your rights as a data subject, we have one month in which to respond to you.

In order to be in a position to take a data block into account at any time, it is necessary to retain the data in a blocking file for control purposes. Should no legal archiving obligation exist, you can also request that the data be deleted. Otherwise, we will block the data, should you so request.

We wish to inform you that in certain cases, we may request additional information from you in order to verify your identity. For example, when exercising the right to receive information, we can ensure that information is not disclosed to unauthorized persons.

 

Supervisory authority

You also have the right to complain to the competent data protection supervisory authority in connection with the processing of your personal data by us.

The contact details for the competent supervisory authority are as follows:

The State Officer for Data Security and Freedom of Information (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit)

of the State of Baden-Württemberg

Lautenschlagerstr. 20

70173 Stuttgart, Germany

Email: poststelle@lfdi.bwl.de

Telephone: +49 (0)711 / 61 55 41 – 0

Website: https://www.baden-wuerttemberg.datenschutz.de/

 

Data protection officer

You have the option of contacting our data protection officer:

 

Mr Jörg Leuchtner (lawyer)

Freiburger Datenschutzgesellschaft mbH, Luisenstr. 5. 79098 Freiburg, Germany

Email:

info@freiburger-datenschutzgesellschaft.de

Website:

www.freiburger-datenschutzgesellschaft.de

 

Data minimization and limits to data saving

We only save personal data in accordance with the principles of data minimization and limiting its saving for as long as is necessary of for as long as this is prescribed by the legislator (legal saving period). Therefore, the personal data saved by us will be deleted in accordance with the statutory regulations. We will delete the data, once this is no longer necessary for the processing purpose, if consent that has been issued is withdrawn or if permits no longer apply. Data which must be retained further, for example due to reasons under commercial law or tax laws or whose saving remains necessary in order to assert, exercise or defend legal claims will be deleted, once this is no longer the case.

 

Changes to the data protection notice

Due to the constant development of new Internet technologies and changes to applicable data protection provisions, our data protection policy will be updated to the necessary extent. The data protection policy which can be accessed at the time of the respective visit to the Internet site of pro med instruments GmbH will always be applicable.

 

Data processing within the framework of this website

Within the framework of the information service and the use of our website by our visitors, we use functions of external service providers. We wish to make the visit to our website as informative and comfortable as possible for you. We also have our own interest in using functions which enable you to get involved, to interact with us or other Internet users and to monitor and improve the functionality and effectiveness of our website. When selecting and using such services, we make a responsible choice and take aspects of data protection laws into account. In particular, in order to guarantee that the processing of data takes place in accordance with data protection provisions, we have concluded an order processing contract with the respective providers.

The data processing within the framework of the services listed below takes place on the basis of our legitimate interests. Website operators regularly have a legitimate interest in relation to the following aspects in particular: the most comprehensive visibility in social media as possible, analysis of user behavior, consistent and appealing display of content, error free and secure provision of the web service, easy finding of the locations indicated on the website and others. Should relevant consent have been requested, the processing takes place on the basis of this consent, which can be withdrawn at any time.

 

Integration of third-party services and content

Google Analytics

We use functions of the web analysis service Google Analytics on our website. These services are provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the behavior of the users of our website to be evaluated. In this respect, we receive various user data, such as site access, duration of the session, operating systems used and origin of the users. This data may be summarized by Google in a profile and assigned to the respective user and/or his or her end device. Google Analytics also uses technologies which enable the user to be identified once again for the purpose of analysis of the user behavior (for example cookies or device fingerprinting). The information collected by Google concerning the use of this website is also transferred to Google servers in the USA and processed there. The data transfer to the USA is based on standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

Your IP address may be sent to a Google server in the USA and shortened there. On our behalf, Google will use this information in order to evaluate your use of the website, for example in order to compile reports concerning website activities, and to provide the further use of the website and associated services. The IP address transferred by your browser within the framework of Google Analytics will not be combined with other data by Google. It is possible to prevent the recording and processing of your data by Google by downloading and installing a browser plugin which can be obtained via the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Further information concerning the handling of user data by Google Analytics can be found in the data protection policy of Google: https://support.google.com/analytics/answer/6004245?hl=de

Data saved by Google on a user and event level that is linked to cookies, user identifiers (for example user ID) or advertising ID’s (for example double click cookies, Android advertising ID) will be anonymized or deleted after 14 months. Further information can be obtained via the following link: https://support.google.com/analytics/answer/7667196?hl=de

 

Google Web Fonts

In order to display fonts in a uniform manner, this site uses so-called web fonts which are provided by Google. When you access a site, your browser loads the required web fonts into your browser cache, in order to correctly display texts and fonts. For this purpose, it is necessary for the browser used by you to establish a connection with the servers of Google. As a result, Google is informed that this website has been accessed via your IP address. The use of Google Web Font stakes place on the basis of Article 6 Paragraph 1 Letter f) GDPR. The website operator has a legitimate interest in the standardized display of the typeface on its website. Should corresponding consent have been requested (for example agreement to the saving of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a) GDPR. The consent can be withdrawn at any time. Should your browser not support Web Fonts, a standard font will be used by your computer. Further information concerning Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in the data protection policy of Google: https://policies.google.com/privacy?hl=de

 

Google Maps

We use the map service Google Maps on this website, in order to make it possible to locate relevant places within the framework of our information service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. For this purpose, Google saves your IP address and transfers data to servers of Google in the USA. We have no influence over this data transfer or any further processing of the data. The legal basis for the data transfer to USA are the standard contractual clauses of the EU Commission:

https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

Further information concerning the data processing by Google can be found here: https://policies.google.com/privacy?hl=de

 

Twitter Plugin

We use functions of the service Twitter on our website. The provider is the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. When you use Twitter and the “re-tweet” function, the websites visited by you will be connected to your Twitter account and made accessible to other users. Data will also be transferred to Twitter. We have no knowledge of the transferred data and its use by Twitter. Further information can be obtained via the following link: https://twitter.com/de/privacy

The data transfer to the USA takes place on the basis of the standard contractual clauses of the EU Commission: https://gdpr.twitter.com/en/controller-to-controller-transfers.html

You can adjust your data protection settings at Twitter in your Twitter account settings: https://twitter.com/account/settings