Privacy policy

A) Introduction

We take the protection of your data very seriously and strictly comply with the applicable rules of data privacy laws. On this website, personal data will only be collected to the extent required from a technical and organizational point of view. Your data will never be shared with any third parties. The following statement gives you an overview on how we ensure the protection of your personal data and which data will be collected for a specific purpose.
We also employ SSL/TLS encryption processes in accordance with the latest technological standards to ensure the security of your data during the transfer process.

B) Data controller, data protection officer

The data controller within the meaning of the General Data Protection Regulation and other national data privacy laws of the member states as well as other data protection regulations is:

DEWIMED Medizintechnik GmbH
Unter Hasslen 14
78532 Tuttlingen
07462 92393-0
info@dewimed.de
https://www.dewimed.de

Represented by the managing director/s: Jobst von Dewitz und Christiane Schiller

C) General information about data processing

Scope of personal data processing

We principally process personal data only insofar as this is required for providing a functional website as well as our contents and services. The processing of our users’ personal data will only be carried out with the user’s consent, with the exception of cases in which obtaining the prior consent is not possible due to factual reasons and the processing of the data is permitted by legal provisions.

Legal basis for personal data processing

Insofar as we obtain a data subject’s consent for the processing of personal data, Art. 6 (1) (a) of the EU General Data Processing Regulation (GDPR) serves as a legal basis.
In the case of processing personal data which is required for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) serves as a legal basis. The same applies to processing operations which are required for the implementation of pre-contractual measures.
Insofar as the processing of personal data is required for the compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as a legal basis.
In the event that vital interests of the data subject or another individual require the processing of personal data, Art. 6 (1) (d) GDPR serves as a legal basis.
If the processing is required for the protection of a legitimate interest of our company or any third party, and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as a legal basis for the processing.

Data deletion and storage period

The data subject’s personal data will be deleted or blocked as soon as the purpose for storage is no longer applicable. Storage can also take place if this has been provided in Union regulations, laws or other rules by European or national legislators to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the above-mentioned rules expires, unless there is a requirement for the further storage of the data with regard to the conclusion or performance of a contract.

D) Creation of log files

Description and scope of data processing

Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer. The access logs of the web server record which page requests were made and when. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed host name. The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymised. The anonymised IP addresses are retained for 60 days. Details of the directory protection user used are anonymised after one day. Error logs, which record faulty page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.
This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

Purpose of data processing

The IP address is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

Duration of storage

In the case of storage of data in log files, this is the case after 90 days at the latest.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right of objection

E) Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
We also use cookies on our website that enable an analysis of the user’s surfing behavior. The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users. When calling up our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.
When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. (1) f DSGVO.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. (1) f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent in this regard, is Art. 6 para. (1) a DSGVO

Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. In these purposes also lies our legitimate interest in the processing of personal data pursuant to Art. 6 para. (1) f DSGVO.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Consent Management Platform

F) Contact form and email contact

Description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:
Last name, first name, company, e-mail address, telephone.
At the time the message is sent, the date and time are also stored.
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. Please note, however, that the confidentiality of e-mails or other electronic forms of communication on the Internet cannot be guaranteed as a matter of principle. For confidential information, we therefore recommend that you send it by post.
In this context, no data will be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO
if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Opportunity to opt out and possibility of deletion

The user has the possibility to withdraw his consent regarding the processing of personal data at any time. If the user contacts us by email, he may object to the storage of his personal data at any time. In this case, the conversation may not be continued. The user has also the possibility to object to the storage of his personal data by post. All personal data which has been stored during the establishment of contact will be deleted in these cases.

G) Application form

Description and scope of data processing

Our website contains an application form which can be used for the electronic transmission of application documents. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
Personal data: Gender, surname, first name, street/house number, postcode, town, e-mail address.
In addition, a covering letter, curriculum vitae and certificates can be sent as attachments. The following data will also be saved at the time the message is sent:
– Date and time of contact
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the application form, this is the case when the application process is completed.
Possibility of objection and removal
The user has the option of revoking his or her consent to the processing of personal data at any time. If this is the case, application processes cannot be continued.

H) Transfer of personal data to third parties

Website analysis

Google Analytics

General Procedure for the use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the Universal Analytics mode of operation. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
Google Analytics uses so-called cookies. text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
In the case of IP anonymization activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes.
The legal basis for the use of Google Analytics is § 15 para. 3 TMG or Art. 6 para. (1) f DSGVO. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading (https://tools.google.com/dlpage/gaoptout?hl=de) and installing the “Browser add-on to disable Google Analytics” provided by Google.
Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics

I) Deletion and administration of cookies

H) Rights of the data subject

Right of access

You may request a confirmation from the data controller as to if personal data relating to you is processed by us. If such a processing occurs, you may request information from the data controller regarding the following data:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data that are processed;
  3. the recipients or, respectively, the categories of recipients, to whom the personal data relating to you have been disclosed or will be disclosed;
  4. the planned storage period of the personal data relating to you, or, if concrete specifications cannot be given, the criteria for determining the storage period;
  5. the existence of a right to rectification or deletion of the personal data relating to you, a right to restriction of processing by the data controller or a right to object against this processing;
  6. the existence of a right of complaint to a supervisory authority;
  7. all available information regarding the origin of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making including profiling pursuant to Art. 22 (1 ) and 4 GDPR and – at least in these cases – meaningful information regarding the logic involved as well as the scope and the intended effects of such a processing on the data subject.

You have the right to request information on if the personal data relating to you is being transmitted to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification

You have the right to rectification and/or completion towards the data controller if the processed personal data relating to you is incorrect or incomplete. The data controller shall carry out the rectification immediately.

Right to restriction of processing

You may request the restriction of processing the personal data relating to you under the following conditions:

  1. if you contest the correctness of the personal data relating to you during a period of time that enables the data controller to review the correctness of the personal data;
  2. if the processing is unlawful and you refuse the deletion of the personal data and request the restriction of use of the personal data instead;
  3. if the data controller does no longer require the personal data for the purpose of processing, but you need them for the assertion, exercise or defence of legal claims; or
  4. if you have objected against the processing pursuant to Art. 21 (1) GDPR and it is uncertain if the legitimate reasons of the data controller override your reasons.

If the processing of the personal data relating to you has been restricted, this data may only be processed (except for its storage) with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a member state.
If the restriction of processing has been carried out according to the above-mentioned conditions, you will be informed by the data controller before the restriction is removed.

Right to deletion

Obligation to delete
You may request from the data controller that the personal data relating to you is immediately deleted, and the data controller is obligated to immediately delete such data, if one of the following reasons applies:

  1. The personal data relating to you is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent, on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR was based, and there is no other legal basis for the processing.
  3. You object pursuant to Art. 21 (1) GDPR to the processing, and there are no primary legitimate reasons for the processing, or you object pursuant to Art. 21 (2) GDPR to the processing.
  4. The personal data relating to you has been unlawfully processed.
  5. The deletion of the personal data relating to you is required for a legal obligation pursuant to Union law or the law of the member states, to which the data controller is subject.
  6. The personal data relating to you has been collected with regard to offered services of the information society pursuant to Art. 8 (1) GDPR.

Information to third parties
If the data controller has disclosed the personal data relating to you and if he is obligated to delete them pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the technology available and the cost of implementation, to inform data controllers responsible for the data processing who process the personal data about the fact that you as the data subject requested from them the deletion of all links to this personal data or of copies or replications of this personal data.

Exceptions
The right to deletion shall not apply, if the processing is required

  1. to exercise the right to freedom of speech and information;
  2. to fulfil a legal obligation which requires the processing pursuant to Union law or the law of the member states, to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
  4. for archiving purposes, scientific or historical research purposes or for statistical purposes in the public interest pursuant to Art. 89 (1) GDPR, insofar as the right mentioned under para. a) probably renders the realization of the purposes of this processing impossible or affects them seriously, or
  5. for the assertion, exercise or defence of legal claims.

Right to information

If you have exercised the rights to rectification, deletion or restriction of processing against the data controller, the data controller is obligated to inform all recipients, to whom the personal data relating to you has been disclosed, about this rectification, deletion of the data or restriction of processing, unless this proves to be impossible or involves disproportionate effort. You have the right to be informed about these recipients by the data controller.

Right to data portability

You have the right to receive the personal data relating to you, which you provided to the data controller, in a structured, common and machine-readable format. You have also the right to transmit this data to another data controller without any hindrance by the data controller to whom the personal data has been provided, as far as

  1. the processing is based on a consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
  2. the processing takes place by means of automated processes.

When exercising this right, you also have the right to effect that the personal data relating to you is transmitted directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby. The right to data portability does not apply to the processing of personal data which is required for the performance of a task in the public interest or in the exercise of official authority vested in the data controller.

Right to object

You have the right to object to the processing of personal data relating to you pursuant to Art. 6 (1) (e) or (f) GDPR at any time for reasons resulting from your specific situation; this also applies to any profiling based on these provisions. The data controller may no longer process the personal data relating to you, unless he is able to prove compelling legitimate reasons for the processing that override your interests, rights and freedoms, or the processing serves for the assertion, exercise or defence of legal claims. If the personal data relating to you is processed to undertake direct marketing you have the right to object to the processing of the personal data relating to you for the purpose of such direct marketing at any time; this also applies to profiling, insofar as this is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. You have the possibility to exercise your right to object in connection with the use of information society services – regardless of directive 2002/58/EC – by means of automated processes which use technical specifications.

Right to withdrawal of the declaration of consent

You have the right to withdraw your data protection declaration of consent at any time. Withdrawing the consent will not affect the lawfulness of the processing that has taken place until the withdrawal due to the consent.

Automated decision on an individual basis including profiling

You have the right not to be subjected to a decision based exclusively on automated processing – including profiling -, which has legal effects on you or significantly affects you in a similar way. This will not apply if the decision

  1. is required for the conclusion or performance of a contract between you and the data controller,
  2. is permitted pursuant to legal provisions of the Union or of the member states, to which the data controller is subject, and these legal provisions contain appropriate measures for the protection of your rights and freedoms as well as your legitimate interests or
  3. is taken with your explicit consent.

However, such decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures for the protection of the rights and freedoms as well as your legitimate interests have been taken. With regard to the cases mentioned under (1) and (3), the data controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, to which pertain at least the data controller’s right to obtain the intervention of a person, to express the own point of view and to contest the decision.

Right to complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

K) Updating of data protection information

This data protection information will be regularly adapted to the current functions, technologies and applicable law. This will occur at irregular intervals. The data privacy statement provided on the website at any one time shall be applicable.