DATA PROTECTION for website and webshop
As of: March 2024
Introduction:
We, MEDlight GmbH, Address: Füllenbruchstraße 201, 32051 Herford, (hereinafter collectively: “the company”, “we”
or “us”), place a high priority on the protection of your personal data. In the following information, we provide an overview of how your
personal data is handled when you make purchases through our online shop at www.medlight.eu.
In accordance with our data protection obligations, we are required to comply with the EU General Data Protection Regulation GDPR (Regulation (EU) 2016/679), to safeguard the personal data of the individual being processed (we will also address you as the data subject hereinafter as “customer”, “user”, “you” or data subject, you are entitled to certain rights and protections under the GDPR.
In accordance with our responsibility as data controllers, we are committed to providing transparent information regarding the processing of personal data. This includes informing you about the type, extent, purpose, duration, and legal basis of data processing (as outlined in Articles 13 and 14 of the GDPR). Through this Data Protection Notice, we aim to provide clear insight into how your personal data is handled by us.
Our data protection information is structured in a modular format, consisting of a general section covering all instances of personal data processing, as well as specific sections that address individual processing situations, such as accessing our websites. The details provided in the special section pertain solely to the processing activities associated with the specific offer or product named therein, including website visits and the utilization of additional features (II. Use of our websites).
I. General
1. Definitions
1.1.“Personal data" (Art. 4 No. 1 GDPR) relating to an identified or identifiable natural person (‘data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Identifiability may also exist through the combination of such information with other data or additional knowledge. The way the information is created, recorded, or stored is immaterial (including photos, video, or audio recordings that may contain personal data).
1.2. "processing" (Art. 4 No. 2 GDPR) means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means such as recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or other provision Matching, linking, restricting, deleting or destroying personal data as well as changing a goal or purpose on which data processing was originally based.
1.3. “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.4. "Third-party" (Art. 4 No. 10 GDPR) means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data; This also includes other legal entities belonging to the group.
1.5. "Processor" (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular in accordance with his instructions (e.g. IT service providers). In the sense of data protection law, a processor is not a third party.
1.6. "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and contact details of the data controller
We are responsible for processing your personal data:
MEDlight GmbH
Füllenbruchstrasse 201
32051 Herford
Telephone: +49 5221
/ 994 29 0
Email: info@medlight.eu
For further information about our company, please see the legal notice at www.medlight.eu under Legal Notice.
3. Name and contact details of the data protection officer
Our data protection officer is available at any time if you have any inquiries or concerns you may have regarding data protection. Please
feel free to reach out to him at the following contact details:
ISiCO Data Protection GmbH
Mr. Axel DreyerUerdinger Straße
62
40474 Düsseldorf
Email: dreyer@isico-datenschutz.de
4. Legal basis for data processing
Processing shall be lawful only if and to the extent that at least one of the following applies:
4.1. Art. 6 paragraph 1 S. 1 letter. a GDPR ("Consent"): the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
4.2. Art. 6 Paragraph 1 S. 1 letter. b GDPR: processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract.
4.3. Art. 6 Paragraph 1 S. 1 letter. c GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject. (e.g. a statutory retention obligation).
4.4. Art. 6 Paragraph 1 S.1 letter. d GDPR: processing is necessary to protect the vital interests of the data subject or of another natural person.
4.5. Art. 6 Paragraph 1 Page 1 letter. e GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4.6. Art. 6 Paragraph 1 Page 1 letter. f GDPR ("Legitimate Interests"): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
5. Data deletion and storage duration
5.1. For the processing operations carried out by us, we will indicate below how long the data will be stored with us and when it will be deleted or blocked. If no specific storage period is mentioned below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data is generally only stored on our servers within the European Union ("EU") and the European Economic Area ("EEA"), subject to any subsequent transfer in accordance with the provisions in Sections I. 7. and I. 8.
5.2. However, storage beyond the specified time may occur in the event of an (impending) legal dispute with you or any other legal proceedings, or if storage is required by legal regulations to which we, as the data controller, are subject (for example, § 257 HGB, § 147 AO). When the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for it.
6. Data Security
6.1. We employ suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the risks of a data protection breach (including their likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological advancements.
6.2. For further information on this topic, please feel free to contact us upon request. To reach us, please use the contact details provided under sections I.2. and I.3.
7. Collaboration with processors
To process our business transactions, we work with external domestic and foreign service providers (for example in the areas of IT, logistics, telecommunications, sales, and marketing). They only act according to our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
8. Transfer of personal data to third countries
The use of certain Services may require us to transfer your personal data to a country outside the EEA (“Third Countries”). Such transfers to third countries are classified as risky and in particular, require an independent basis for transfer in accordance with Art. 44 sentence 1 GDPR. In the special part (II.) of this data protection information, you will be informed separately below whether and to what extent transfers to a third country are carried out for a specific service we use. The following constellations can be important:
8.1. No transfer to a third country
If and to the extent that we do not transfer your personal data to countries outside the EEA (“third countries”), the requirements under Art. 44 sentence 1 GDPR are not relevant.
8.2. Transfer to a third country.
If and to the extent that we transfer your personal data to countries outside the EEA, this is only permitted in compliance with the special requirements under Art. 44 S. 1 GDPR. The legal bases for the transfer presented below are important. We will specifically state the relevant legal basis at the relevant points in the special part (II.) of this data protection notice.
8.3. As part of our business relationships, your personal data may be passed on or disclosed to third parties. These can also be located outside the EEA, i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the details of the transfer in the relevant places below.
8.4. The European Commission certifies that some third countries have data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/ international-transfers/adequacy/index_en.html).
8.5. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal regulations. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding corporate regulations, European Commission standard contractual clauses for the protection of personal data, certificates, or recognized codes of conduct. Please contact us using the contact details under Sections I. 2. and I. 3. if you would like to receive further information.
9. No automated decision-making (including profiling)
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
10. No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you first providing us with personal data. There is generally no legal or contractual obligation for you as a customer to provide us with your personal data; However, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this is exceptionally the case within the scope of the products and services we offer under Section II, you will be informed of this separately at the relevant point.
11. Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a special statutory or legal obligation to make lawfully processed personal data available to third parties, in particular public bodies (Art. 6 Paragraph. 1 S.1 Letter c GDPR).
12. Your rights as a data subject
You can assert your rights as a data subject with regard to your processed personal data at any time using the contact details provided at the beginning of Sections I. 2. and I. 3. As a data subject, you have the following rights:
12.1. The right to information: According to Art. 15 GDPR, you can request information about your data processed by us. In particular, you can obtain information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period of the data, or, if this is not possible, the criteria for determining the storage period The existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about the details.
12.2. The right to rectification: According to Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your data stored by us. To request data.
12.3. The right to deletion: According to Art. 17 GDPR, you can request the deletion of your data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert rights, exercise or defense of legal claims is necessary.
12.4. The right to restrict processing: According to Art. 18 GDPR, you can request the restriction of the processing of your data if you dispute the accuracy of the data or if the processing is unlawful.
12.5. The right to data portability: According to Art. 20 GDPR, you can request to receive the data you have provided to us from us in a structured, common, and machine-readable format or request the unrestricted transmission of this data to another person responsible.
12.6. The right to object: According to Art. 21 GDPR, you have the right to object to the processing if the processing takes place based on Art. 6 Paragraph 1 S. 1 Letter e or letter f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, when exercising such an objection we ask you to explain the reasons why we should not process your data as we do. In the event of your justified objection, we will examine the situation and will either stop or adjust data processing or show you our compelling legitimate reasons on the basis of which we continue processing.
12.7. The right to revoke consent: Right to withdraw consent: According to Article 7(3) of the General Data Protection Regulation (GDPR), you have the right to withdraw your consent at any time. This means that you have the right to revoke any consent you have previously given - that is, your voluntary, informed, and unambiguous expression of will, by means of a statement or any other clear affirmative action, indicating your agreement to the processing of your personal data for one or more specific purposes. If you have given such consent, you may withdraw it at any time by notifying us. As a result, we may no longer process the data based on that consent in the future. However, this does not affect the lawfulness of any processing carried out based on the consent prior to its withdrawal.
12.8. The right to complain: According to Art. 77 GDPR, you have the right to complain to the responsible supervisory authority about the processing of your personal data in our company.
13. Changes to the privacy policy
As data protection law develops and technological or organizational changes occur, our data protection information is regularly checked for any need for adjustments or additions.
II. Use of our websites
The specific data processing we carry out and which can be carried out when using our websites are presented and explained below.
1. Informational use of our websites
1.1. Explanations and functionYou can find information about our company and the services we offer at www.medlight.eu including the associated subpages (hereinafter collectively: “websites”). When you visit our websites, your personal data may be processed.
1.2. Personal data processed
You can visit our websites without providing any personal information. When you access our website, the browser on your device automatically only transmits the following information to us, namely access data, and we temporarily record and store it in a so-called server log file until it is automatically deleted:
• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• amount of data
transferred, if applicable,
• Website from which access is made (referrer URL),
• browser used,
• if applicable, the operating
system of your computer and the name of your provider.
We process this data with a legitimate interest on the basis of Article 6 Paragraph 1 S.1 Letter f of the GDPR,
• a trouble-free connection to our website,
• comfortable use of our website,
• system security and stability as well
• the
feasibility of further administrative purposes
to be able to guarantee this, but under no circumstances to draw conclusions about your identity.
Failure to provide the above-mentioned data could result in you either not being able to access our websites via your web browser or the websites being displayed incorrectly.
The personal data collected when placing your order may include:
• First and last name,
• address,
• tax number,
• email address,
• telephone number,
• fax number,
• Content of the
order,
• Order date,
• Order total,
• Payment status,
• Your delivery and billing address,
• bank details,
• IP
address,
• as well as other personal data voluntarily provided by you when placing the order.
1.3. Purpose and legal basis of data processing
We process the personal data specified above in accordance with the provisions of the GDPR and other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Article 6 Paragraph 1 S. 1 Letter f of the GDPR, the purposes mentioned also represent our legitimate interests. The processing of the log data serves statistical purposes and to improve the quality of our website, in particular, its stability and the security of the connection (legal basis is Article. 6 Paragraph. 1 S. 1 Letter f GDPR).
Contact form data is processed to process customer inquiries (legal basis is Article. 6 Paragraph. 1 S. 1 Letter b or f GDPR).
1.4. Duration of data processing
Your data will only be processed for as long as necessary to achieve the processing purposes mentioned above; The legal bases specified
in the context of the processing purposes apply accordingly. Regarding the use and storage period of cookies, please note Section I.
5.
Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of
services for us in accordance with the respective order. You can find further information on the storage period under Section I. 5.
1.5. Transfer of personal data to third parties; legal basis
Categories of recipients, who are usually processors (see Section I. 7.), may have access to your personal data:
1.5.1 Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Article 6 Paragraph 1 S. 1 Letter b or Letter f of the GDPR unless it concerns contract processors;
1.5.2 Government bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Article 6 Paragraph 1 S. 1 Letter c GDPR;
1.5.3 Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions, or the establishment of joint ventures). The legal basis for the transfer is then Article 6 Paragraph 1 S.1 Letter b or Letter f GDPR.In addition, we will only pass on your personal data to third parties if you have given your express consent to this in accordance with Article 6 Paragraph 1 S. 1 Letter a GDPR.
2. Use of cookies
2.5 Explanation, function, and purpose
We use cookies on our websites. Cookies are small text files that are assigned and stored on your hard drive in the browser you are using
a characteristic character string, and through which certain information flows to the place that sets the cookie. Cookies cannot run
programs or transmit viruses to your computer and therefore cannot cause any harm. They serve to make the Internet offering more
user-friendly and effective overall, also more pleasant for you. Cookies can contain data that makes it possible to recognize the device
used. In some cases, cookies only contain information about certain settings that are not personally identifiable. However, cookies cannot
directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your internet browser,
and permanent cookies, which are stored beyond the individual session. In terms of their function, cookies are differentiated between:
Required cookies: These are essential to move around the website, use basic functions, and ensure the security of the website; They do not collect information about you for marketing purposes or remember which websites you have visited. If such cookies are not active, this can lead to malfunctions when using a website;
Analytics cookies: These collect information about how you use our website, which pages you visit and e.g. B. whether errors occur when using the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
Third-Party Cookies: These cookies are created by domains other than the one you are actively visiting. They are used by advertising networks or analytics providers to track user behavior and, for example, display personalized advertising.
Advertising cookies, Targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
Sharing Cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
2.6 Legal basis and storage period
Any use of cookies that is not absolutely technically necessary (the legal basis here is Article. 6 Paragraph. 1 S. 1 letter. f GDPR (legitimate interest)) represents data processing that can only be carried out with your express and active consent in accordance with. Art. 6 Paragraph 1 Sentence 1 Letter a GDPR is permitted. This applies in particular to the use of advertising, targeting, or sharing cookies. In addition, we only pass on your personal data processed through cookies to third parties if you have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR.
2.7 Cookie management and overview
For more information about which cookies we use and how you can manage your cookie settings and opt out of certain types of tracking, please see our Cookie Manager Cookie Policy.
3. Use of Plugins
We do not use social media plugins on our websites. If our websites contain symbols from social media providers (e.g. [name of social media provider with symbols on the company's website]), we only use these for passive linking to the respective provider's pages.
4. Newsletters
4.5 Explanation and Personal Data Processed
In addition to the purely informational use of our website, we offer a subscription to our newsletter, with which we inform you about current developments in commercial law and events. If you register for our newsletter, the following “newsletter data” will be collected, stored, and further processed by us:
• the page from which the website was requested (so-called referrer URL),
• the date and time of the call,
• the description of the
type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration
and confirmation.
We would like to point out that we evaluate your user behavior when we send the newsletter. For this evaluation, the emails sent contain so-called Web-beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the above-mentioned data and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected pseudonymously, i.e. The IDs are therefore not linked to your other personal data, and direct personal reference is excluded.
4.6 Purpose, storage period, and legal basis for data processing
The newsletter data is processed for the purpose of sending the newsletter. When you register for our newsletter, you consent to the
processing of your personal data (legal basis is Article. 6 Paragraph. 1 letter. a GDPR).
To register for our newsletter, we use the
so-called double option-in procedure. This means that after you register, we will send you an email to the email address you provided, in
which we will ask you to confirm that you would like to receive the newsletter. The purpose of this procedure is to be able to prove your
registration and, if necessary, to clarify any possible misuse of your personal data. You can revoke your consent to receive the
newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every
newsletter email, by sending an email to info@medlight.eu, or by sending a message to the contact details provided in the legal notice. We
generally only store the data you provide until you have unsubscribed from the newsletter. You can find further information on the storage
period under Section I. 5.
5. User Account
5.5 Explanation and Personal Data Processed
You can register a user account on our website www.medlight.eu. If you would like to create a user account, you must enter an email address, a password of your choice, and a username of your choice into the fields provided as part of the registration process (“access data”). There is no requirement to use a real name, so pseudonymous use is possible. We use the so-called double option-in procedure for registration, which means your registration is only complete if you have previously confirmed your registration in a confirmation email sent to you for this purpose by clicking on the link contained therein. You can voluntarily create a customer account through which we can save your data for future purchases. When you create an account under “My Account”, the data you provide will be stored revocably. You can always delete all other data, including your user account, in the customer area.
5.6 Purpose, storage period, and legal basis for data processing
The purpose of the processing is to provide the functions of the user account and to grant access. The legal basis is Article 6 Paragraph 1 S.1 Letter b GDPR. If you have successfully registered your user account, we will store your access data until the user account is deleted from our database. You can find further information on the storage period under Section I. 5.
6. Orders from our webshop
6.5 Explanation and Personal Data Processed
If you would like to order from our webshop, to conclude the contract it is necessary that you provide your personal data, which we need to process your order. Mandatory information required to process the contracts is marked separately; further information is voluntary. We process the data you provide to process your order. To do this, we can pass on your payment details to our house bank.
6.6 Purpose, storage period, and legal basis for data processing
The legal basis for processing is Article 6 Paragraph 1 S.1 Letter b GDPR. Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, we restrict processing after two years, which means your data will only be used to comply with legal obligations.
7. Payment Services
7.1 General
We process your payment information for the purpose of payment processing, e.g. if you purchase a product via www.medlight.eu. Depending on the payment method, we forward your payment information to third parties (e.g., if you pay by credit card, to your credit card provider).
7.2 PayPal; Explanation and processed personal data
When paying via PayPal, your payment details will be sent to PayPal (Europe) S.à r.l. as part of payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" via PayPal. PayPal uses the result of the credit check regarding the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
8. Contact Us
8.1 Explanations, function, and scope of data processing
If you contact us using the email address provided, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request - without it, we cannot answer your request or at best respond to a limited extent. In this context, the data will not be passed on to third parties. The data is used exclusively for processing contact maintenance.
8.2 Purpose and legal basis of data processing
The data processing serves to process and answer your request. The legal basis for the processing of the data transmitted while sending an email, if consent has been given, is Article 6 Paragraph 1 letter a GDPR, and Article 6 Paragraph 1 letter f GDPR. The legitimate interest here lies in processing the contact with you. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 letter b GDPR.
8.3 Duration of data processing
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be seen from the circumstances that the matter in question has been finally clarified.
9. Tools and Miscellaneous
9.1 Google Analytics
This website uses the Google Analytics service, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St,
Dublin, D04 E5W5, Ireland (“Google” or “Google Analytics”). The use includes the Google Analytics operating mode. This makes it possible
to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across
devices.
Google Analytics uses cookies that enable your use of the website to be analyzed. The information generated by the cookie
about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is
activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other
contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a
Google server in the USA and shortened there. We would like to point out that Google Analytics has been expanded to include IP
anonymization on this website in order to ensure the anonymous collection of IP addresses (so-called IP masking). The IP address
transmitted by your browser as part of Google Analytics is not combined with other Google data. Further information on terms of use and
data protection can be found at:https://www.google.com/analytics/terms/de.htmlhttps://policies.google.com
We have concluded an order
processing agreement with Google, with which we oblige Google to protect our customers' data and not to pass it on to third parties. For
the transfer of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission,
which are intended to ensure compliance with the European data protection level in the USA.
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
Recipients/categories of recipientsThe recipient of the data collected is Google.
Legal basis
All processing described above will only be carried out if you have given us your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR. Without this consent, Google Analytics will not be used during your visit to the site. The legal basis for the use of Google Analytics is Article 6 Paragraph 1 Letter a GDPR.
Rights of those affected
You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by visiting https://tools.google.com /dlpage/gaoptout?hl=de Download and install add-on. Opt-out cookies prevent your data from being collected in the future when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt out of all systems used. If you click here, the opt-out cookie will be set: https://tools.google.com/dlpage/gaoptout/eula.html?hl=de
Further information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
Google Tag Manager
Our website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used, and no personal data is collected. Google Tag Manager triggers other tags, which in turn can collect data. However, Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in effect for all tracking tags if they are implemented with the Google Tag Manager.
9.2 Microsoft Clarity
The Microsoft Clarity service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”) is used on this website. It is used for statistical analysis of user behavior and for optimization and marketing purposes; Various user information is collected and stored. This information, for which personal reference is always excluded, includes, among other things, time zone setting, operating system and platform, the geographical origin of the page view, the origin of the redirect if you are redirected to our site, and the duration of visits to certain pages. and information about website interaction (e.g. scrolling, clicks). Pseudonymized usage profiles can be created and evaluated from this data for the same purpose. Cookies are used for collection and evaluation. The data collected using Microsoft technologies will not be used to personally identify the visitor to this website without the separate consent of the person concerned and will not be combined with personal data about the bearer of the pseudonym.
Collected information may be transmitted to Microsoft servers in the USA and stored there. We have concluded an order processing agreement with Microsoft, with which we oblige Microsoft to protect our customers' data and not to pass it on to third parties.
Purposes of processing
Anonymization and creation of statistics, statistical analysis of user behavior, and optimization and marketing purposes.
Recipients/categories of recipientsThe recipient of the collected data is Microsoft.
Legal basis for processing
All processing described above will only be carried out if you have given us your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR. Without this consent, Microsoft Clarity will not be used during your visit to the site. Your consent in accordance with Article 6 Paragraph 1 letter. a GDPR is the legal basis for the data transfer to Microsoft.
Rights of those affected
You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
For more information about Microsoft Clarity's privacy policy, please visit: https://clarity.microsoft.com/terms
9.3 Google Ads (Google Ad Words), and Google AdSense
We use the offer of Google Ads (formerly Google Adwords) from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google” or “Google Ads”) to use advertising materials (so-called Google Adwords). to make external websites aware of our attractive offers. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. Our interest is to show you advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs.
We continue to use the offer of Google AdSense, an online advertising service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google” or “Google AdSense”). Google AdSense uses so-called “cookies”, text files that are stored on the user's computer and enables the use of the website to be analyzed. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on the pages of this offer. The information generated by cookies and web beacons about the use of this website (including the user's IP address) and delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to Google's contractual partners. However, Google will not combine your IP address with other data stored about you.
These advertising materials are delivered by Google via so-called “ad servers”. To do this, we use ad server cookies, through which certain parameters can be measured to measure success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The analysis values for this cookie are the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user is no longer addressed and wants to be saved).
These cookies enable Google to recognize your internet browser. If a user visits certain pages on a customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each customer is assigned a different cookie. Cookies cannot therefore be tracked via customer websites. We do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular, we cannot identify users based on this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you based on our knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website accessed or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address
Information collected is transmitted to Microsoft servers in the USA and stored there. Further information on terms of use and data protection can be found at https://policies.google.com/privacy?hl=de. We have concluded an order processing agreement with Google, with which we oblige Google to protect our customers' data and not to pass it on to third parties to pass on. For the transfer of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
Purposes of processing
The purpose of the processing is to enable advertisements to be placed in search results.
Legal basis for processing
All processing described above will only be carried out if you have given us your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR. Without this consent, Google Ads and/or Google AdSense will not be used during your visit to the site. Your consent is in accordance with Article 6 1 letter. a GDPR is the legal basis for the data transfer to Google.
Rights of those affected
You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
Google's general data protection declaration can be found here: https://policies.google.com/privacy?hl=de
9.4 DATEV eG
To carry out accounting, we use the cloud-based accounting software service from the provider DATEV eG, Paumgartnerstraße 6-14, 90429 Nuremberg, Germany (“DATEV”). DATEV processes incoming and outgoing invoices as well as, if applicable, our company's bank transactions to automatically record invoices, compare them with the transactions, and create financial accounting from them in a semi-automated process. If personal data is also processed in connection with this, the processing takes place in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.
Further information about DATEV's data protection regulations can be found at: https://www.datev.de/web/de/m/ueber-datev/datenschutz/
9.5 Optadata Egeko
For the smooth processing of cost estimates as part of our business activities, we use the egeko eKV system from Opta Data Finance GmbH (Berthold-Beitz-Boulevard 461, 45141 Essen). This enables us to forward cost estimates to the responsible health insurance companies and thus ensure a smooth process. The necessary data for processing the cost estimates is transmitted to the egeko eKV system.
The processing of data when using the egeko eKV system is carried out in accordance with the applicable data protection regulations and in particular the EU General Data Protection Regulation (GDPR). The legal basis for processing arises from our legitimate interest in the efficient processing of cost estimates and the fulfillment of our contractual obligations to health insurance companies.
Further information on data protection in connection with the use of the egeko eKV system can be found on the provider's website at: https://www.optadata.de/datenschutz