I. Privacy Policy

We are pleased that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. With this data protection declaration we would like to inform you to what extent data is collected when using our website and for what purposes we use this data. We would also like to inform you about your rights in this regard.

We treat your data very carefully. The collection, processing and use of your data is carried out exclusively within the framework of the statutory provisions. This data protection declaration applies exclusively to the use of the websites offered by us. It does not apply to the websites of other service providers, to which we only refer by a link.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

If vital interests of the person concerned or of another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 paragraph 1 letter f DSGVO serves as the legal basis for the processing.

You will remain anonymous when using our websites unless you voluntarily provide us with personal data of your own accord. Personal data is only collected if this is necessary for the use of the services offered on the website, in particular forms.

We treat the data provided by you as strictly confidential. We will not pass on any personal data without your express consent, unless we are legally obliged to do so. However, we would like to point out that when data is transmitted over the Internet, it is always possible that third parties may take note of or falsify your data.

We would like to point out that there are security gaps in Internet-based data transmission; complete protection against access by third parties cannot be guaranteed.

II. Data security

The personal data of every individual who has a contractual, pre-contractual or other relationship with our company deserves special protection. We aim to maintain our level of data protection at a high standard. For this reason, we are committed to the continuous further development of our data protection and data security concepts. We are therefore committed to protecting your privacy and treating your personal data confidentially. In order to prevent the manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational security precautions which are regularly checked and adapted to technological progress. These include the use of recognised encryption procedures (SSL or TLS). However, we would like to point out that due to the structure of the Internet it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions not within our area of responsibility. In particular, data disclosed in unencrypted form - e.g. when sent by e-mail - may be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data provided by him or her against misuse by means of encryption or in any other way.

III. Responsible in terms of the DSGVO

MedTec Medical Technology GmbH
35578 Wetzlar
Germany
telephone (+49) 6441 679180
info@mbst.de
Register court: Wetzlar
Registration number: HRB No. 2171

IV. Contact form

a. Nature and purpose of the processing

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to specify a valid contact option as well as your name and title. This serves the purpose of allocating the enquiry and the subsequent response to it. The specification of further data is optional.

b. Legal basis of the processing

The data entered in the contact form is processed on the basis of a legitimate interest (Art. 6 para. 1 letter f DSGVO). By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions. If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).

c. Data categories

E-mail address | enquiry text | any information that you have voluntarily provided

d. Recipient

Recipients of the data are internal employees of MedTec Medizintechnik GmbH and, if applicable, ALL-INKL.COM.

e. Storage periods

Data will be deleted at the latest 6 months after processing the request. If there is a contractual relationship, we are subject to the legal retention periods according to HGB and delete your data after these periods have expired.

f. Legal / contractual requirements

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, a contact option and the reason for the request.

g. Transfer to third countries

Processing will not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time by using the contact option provided at the beginning of this data protection notice.

i. Automated decision making and profiling

As a responsible company, we do not use automatic decision making or profiling in this data processing.

V. Social media

a. Nature and purpose of the processing

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. There we inform about our products and current special offers. When you visit our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called user profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The visitor behaviour and interests of the users are stored in these cookies. This serves to safeguard our legitimate interests, which outweigh any other interests, in an optimised presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO. The detailed information on the processing and use of data by the providers on their pages as well as a contact option.

Facebook: https://www.facebook.com/about/privacy/

YouTube: https://support.google.com/youtube/answer/2801895?hl=en

Twitter: https://twitter.com/en/privacy

b. Legal basis of the processing

The processing is carried out in accordance with Art. 6 Par. 1 lit. f. DSGVO on the basis of our legitimate interest in the functionality of our website and the contact possibilities with our customers and in accordance with Art. 6 para. 1 lit. a DSGVO on the basis of the user's consent in the respective social media platform.

c. Data categories

Information provided by you

d. Recipient

The recipients of the data are internal employees of MedTec Medizintechnik GmbH and the respective operator and employees of the social media platform.

e. Storage periods

The data collected in this context will be deleted after the end of the purpose and use of the social media platform by us.

f. Legal / contractual requirements

The provision of your personal data is voluntary, solely based on your consent. Without the provision of your personal data, we cannot grant you access to our offered contents and services.

g. Transfer to third countries

As far as the aforementioned social media platform has its headquarters in the USA, the following applies: Currently there is no guarantee that your rights will be guaranteed in the USA. We would like to point out that it is not necessary to use social media platforms to contact MedTec Medizintechnik GmbH and that you can contact us at any time via our website https://www.mbst.de, e-mail, telephone or fax.

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time by using the contact option provided at the beginning of this data protection notice. Please refer to the provider's data protection information linked below for your rights and setting options for the protection of your privacy, in particular the option to object (opt-out). Should you nevertheless require assistance in this regard, you can contact us.

Possibility of objection (Opt-Out):

Facebook: https://www.facebook.com/settings?tab=ads

YouTube: https://myaccount.google.com/data-and-personalization

Twitter: https://twitter.com/settings/

i. Automated decision making and profiling

As a responsible company, we do not use automatic decision making or profiling in this data processing.

VI. Contract processor

If, in the course of our processing, we disclose data to other persons and companies (processors, jointly responsible parties or third parties), transfer it to them or grant them access to the data in any other way, this will only be done on the basis of a legal authorisation (e.g. if it is necessary to transfer the data to third parties, such as payment service providers, in order to fulfil a contract), if users have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, moreover, on a basis that complies with the legal requirements.

The following organisations, companies or persons have been commissioned by the operator of this website to process data:

Processors within the EU / EEA:

ALL-INKL.COM| Network Concept GMBH

Contractors outside the EU / EEA:

No processors

VII Routine deletion and blocking of personal data

We process and store personal data of the person concerned only for the period of time necessary to achieve the purpose of storage or, if provided for by the European Directive and Regulation Giver or any other legislator in laws or regulations to which the person responsible for processing is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

VIII. Your rights

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she is resident, at his or her place of work or at the place where the suspected infringement is committed, if he or she considers that the processing of personal data relating to him or her is contrary to the DPA. The supervisory authority to which the complaint has been lodged will inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the DPA.

Contact details of the competent Land data protection authority

The Hessian Commissioner for Data Protection and Freedom of Information

PO box 3162

65021 Wiesbaden

phone +49 611 1408-0

poststelle@datenschutz-hessen.de

www.datenschutz-hessen.de

If personal data is processed by you as a user, you are considered to be the data subject in accordance with the DSGVO. Data subjects are entitled to the following rights vis-à-vis the person responsible:

(a) Right to information

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the data controller information on the personal data stored about him or her and a copy of this information. In addition, the European Data Protection Supervisor has granted the data subject access to the following information:

The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

To exercise this right of access, the data subject may at any time contact a member of the controller's staff.

b) Right of rectification

Any person affected by the processing of personal data has the right, granted by the European legislator, to request the immediate rectification of incorrect personal data concerning him. The data subject also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, having regard to the purposes of the processing.

If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.

c) Right of deletion (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the controller the immediate erasure of personal data relating to him/her, where one of the following reasons applies and where the processing is not necessary:

If one of the above reasons applies and a data subject wishes to have personal data stored by us deleted, he/she may at any time contact an employee of the data controller. The employee will ensure that the request for deletion is complied with immediately.

If the personal data have been made public by us and our company, as the data controller, is obliged to delete the personal data in accordance with Art. 17 para. 1 of the DSGVO, we will take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary. Our employee will take the necessary steps in individual cases.

d) Right to limit processing

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to restrict the processing if one of the following conditions is met:

the accuracy of the personal data is contested by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data the processing is unlawful, the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted. The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend his rights. The data subject has lodged an objection to the processing in accordance with Art. 21 Para. 1 DSGVO and it is not yet clear whether the justified reasons of the controller outweigh those of the data subject.

If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored with us, he or she may contact an employee of the data controller at any time. Our employee will arrange for the processing to be restricted.

e) Right to data transferability

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her, which have been provided by the data subject to a data controller, in a structured, common and machine-readable format. He/she also has the right to have these data communicated to another controller without hindrance by the controller to whom the personal data have been made available, provided that the processing is based on the consent pursuant to Art. 6 paragraph 1 letter a DPA or Art. 9 paragraph 2 letter a DPA or on a contract pursuant to Art. 6 paragraph 1 letter b DPA and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data transfer pursuant to Art. 20 para. 1 FADP, the data subject has the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

In order to assert the right to data transfer, the person concerned can contact one of our employees at any time.

f) Right to object

Every person affected by the processing of personal data has the right, granted by the European legislator for directives and regulations, to object at any time, for reasons arising from his or her particular situation, to the processing of personal data relating to him or her that is carried out on the basis of Art. 6, paragraph 1, letters e or f of the DPA. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

Where we process personal data for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it relates to such direct marketing. If the data subject objects to us processing for the purposes of direct marketing, we will no longer process the personal data for those purposes.

In addition, the data subject has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her which is carried out by us for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 para. 1 DPA, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right of objection, the data subject may contact any of our employees directly. The data subject is also free to exercise his/her right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving technical specifications.

g) Automated decisions in individual cases, including profiling

Every person concerned by the processing of personal data has the right, granted by the European Directives and Regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or national legislation to which the controller is subject and such legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the data subject, or (3) is taken with the explicit consent of the data subject.

Where the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is taken with the express consent of the data subject, appropriate measures shall be taken to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of the controller, to put forward his point of view and to challenge the decision.

If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact a member of the controller's staff.

h) Right to withdraw data protection consent

Every person affected by the processing of personal data has the right granted by the European Directive and Regulation Giver to revoke his or her consent to the processing of personal data at any time.

If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time contact a member of staff of the controller.

IX. Definition

The data protection declaration of our company is based on the terms used by the European guideline and regulation authorities when the basic data protection regulation (DSGVO) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this data protection declaration, among others:

(a) personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(b) data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(c) processing

Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

(e) profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location.

(f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

(g) Controller or data controller

Controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, provision may be made for the controller to be designated in accordance with Union law or the law of the Member States.

(h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(i) recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, are not considered to be recipients.

(j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

(k) Consent

Consent is any freely given, informed and unequivocal expression of will by the data subject in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her. X. Right to amend

As changes in the law or changes in our internal company processes may make it necessary to adapt this data protection declaration, we ask you to read this data protection declaration regularly. The data protection declaration can be accessed at any time at https://www.impressum-imprint-medtec-medizintechnik-gmbh.de/privacy-cookies-medtec-medizintechnik-gmbh-35578-wetzlar.html. We therefore reserve the right to change these guidelines at any time in compliance with data protection regulations.

XI. Use of Matomo

a. Nature and purpose of the processing

This website uses Matomo, an open source software for statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo uses so-called cookies, i.e. text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website is stored on a server in Germany. The IP address is anonymised immediately after processing and before it is saved. You have the option of preventing the installation of cookies by changing the settings of your browser software. You can decide whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyse various statistical data. You can find more detailed information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

b. Legal basis of the processing

The data is processed on the basis of the user's consent (Art. 6 para. 1 letter a DSGVO).

c. Data categories

anonymised usage data

d. Recipient

Recipients of the data are our employees and the operator of the website as the processor of the order. For this purpose we have concluded a corresponding contract of processing.

e. Storage periods

The data will be deleted as soon as they are no longer required for our recording purposes. In our case, this happens after the following period: 366 days.

f. Legal / contractual requirements

The provision of your personal data is voluntary, solely based on your consent.

g. Transfer to third countries

Although Matomo is based in New Zealand, all data is hosted by Matomo on our own servers located in Germany and transferred to our own databases. Therefore, processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future.

i. Automated decision making and profiling. Automated decision making and profiling

We refrain from automated decision making and profiling with non-pseudonymised data.

XII. Further cookies

a. Nature and purpose of the processing

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system and your connection to the Internet. Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our websites to be displayed correctly. In no case will the data we collect be passed on to third parties or linked to personal data without your consent. Of course, you can always view our website without cookies. Browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called transient cookies or session cookies). Other cookies remain on your end device and enable us to recognise your browser the next time you visit us (persistent cookies). You can see the duration of storage in the cookie settings of your browser. We have listed the storage duration of our used cookies in this point under "e. Storage periods". Basically we divide cookies into the following categories:

b. Legal basis of the processing

The use of cookies takes place exclusively with your express consent and is based on Art. 6 para. 1 sentence 1 lit. a DSGVO.

c. Data categories

Technically necessary cookies

Performance cookies

d. Recipient

Recipients of the data are internal employees of MedTec Medizintechnik GmbH and possibly contract processors, such as the company/companies ALL-INKL:COM, who act as contract processors for the operation and maintenance of our website.

e. Storage periods

If you allow us to use cookies through your browser settings or consent, cookies may be used on our websites:

Insofar as these cookies can (also) affect personal data, we have informed you of this in the previous sections. You can delete individual cookies or the entire cookie inventory via your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/how-clear-firefox-cache

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome: https://support.google.com/accounts/answer/61416?hl=en

Opera: http://www.opera.com/en/help

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

f. Legal / contractual requirements

The provision of the aforementioned personal data is not required by law or contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

g. Transfer to third countries

Processing will not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time by using the contact option provided at the beginning of this data protection notice.

i. Automated decision making and profiling

As a responsible company, we do not use automatic decision making or profiling in this data processing.

In the following you will find a list of all cookies used:

MBSTCookie - technically necessary cookie - maximum age: 30 days

_pk_id.1.1fff - Performance cookie - Maximum age: 30 days

_pk_ses.1.ffff - Performance cookie - Maximum age: 30 minutes

mtm_consent - Performance cookie - Maximum age: 30 days


Updated

08.2020