Privacy Policy
Privacy and medical confidentiality are issues of particular concern in the health sector. Everyone wants their personal data – and especially their health data – to be treated confidentially. Data represents an important basis for the care and treatment of our patients for us, too. Modern data processing systems help us to manage patient data and especially medical records. Our most important asset, however, is the trust our patients have in us and our professional capacity. We justify this trust, among other things, by protecting patient data effectively and only using it in the way our patients expect us to.
We attach great importance to adhering to legal data protection regulations and, because of professional ethics in medicine, we go even further. To ensure confidentiality and privacy we continuously subject ourselves to review. We train and instruct our staff and those in positions of responsibility and motivate them to be diligent about privacy. We only allow authorised employees access to patient data. We never transfer patient data to external bodies unless within the legal framework of billing or reporting regulations or with the knowledge of the person concerned.
Along with the quality of our medical services, another important thing is secure: your data.
As a matter of principle, you can use the GERMEDIC International Department website without providing any personal data. However, if a data subject wishes to use the specific services of our company over our website, we may need to process personal data. If we need to process personal data and no legal basis exists for doing so, we generally seek the consent of the data subject.
Processing a data subject’s personal data, such as their name, address, email address or telephone number, always take place in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to GERMEDIC International Department. Through this privacy policy, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs Data Subjects about their rights.
As Data Controller, GERMEDIC International Department has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, data transfers over the Internet can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to submit personal data to us by alternative means, for example by telephone.
1. Definitions
This Privacy Policy from GERMEDIC International Department is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and comprehensible for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance. Among others, we use the following terms in this Privacy Policy:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (referred to in the following as ‘Data Subject’); a natural person is considered identifiable when he can be identified directly or indirectly, in particular by means of assignment to an identifier, such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data Subject
Data Subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing refers to any operation or set of operations which are performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, the alignment or combination, restriction, deletion or destruction.
d) Restriction on processing
Restriction on processing involves flagging stored personal data with the aim of restricting its future processing.
e) Profiling
Profiling refers to any type of automated personal data processing which consists of using said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to said natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
f) Pseudonymisation
Pseudonymisation refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or Data Controller
The Controller or Data Controller is the natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for their designation may be provided for under Union or Member State law.
h) Data Processor
Data Processor refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller
i) Recipient
Recipient refers to a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party. However, authorities that may receive personal data under a specific mandate to investigate under Union or Member State law are not considered recipients.
j) Third Party
Third Party refers to a natural or legal person, public authority, agency or other body other than the Data Subject, Controller, Data Processor and the persons authorised to process the personal data under the direct responsibility of the Controller or Data Processor.
k) Consent
Consent refers to any freely given and unambiguous expression of will in the form of a declaration or other unambiguous affirmative action on the part of the Data Subject for the specific case in question, by which the Data Subject indicates that they consent to having personal data which relates to them processed.
2. Name and address of the Data Controller
Controller within the meaning of the EU General Data Protection Regulation, other data protection laws applicable within the Member States of the European Union and other statutory provisions with data protection character is:
GERMEDIC International Department
c/o PTC Service Group GmbH
Emil-Ueberall-Straße 43
01159 Dresden/Germany,
Phone: +49 351 2130 3260
Email: info@germedic-healthcare.de
Website: www.dzsp.de
3. Name and address of the data protection officer
The data protection officer for the Data Controller is: Every data subject can contact our data protection officer directly at any time with any questions or suggestions they may have about data protection.
4. Cookies
This website use cookies. Cookies are text files that are deposited and stored on a computer system over an Internet browser. Numerous websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string which allows web pages and servers to be assigned to the specific Internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual’s browser from other Internet browsers that contain other cookies. The unique cookie ID can be used to recognize and identify a particular Internet browser. By using cookies, GERMEDIC International Department can provide its website users with more user-friendly services which would not be possible without setting cookies. Using a cookie allows the information and offerings on our website to be optimised for the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this is to facilitate their use of our website. For example, the user of a website that uses cookies does not have to enter their credentials again every time they visit the website because the website and the cookie stored on the user’s computer system does this for them. Another example is the cookie in a shopping cart in an online shop. The online shop uses a cookie to remember the items a customer has placed in the virtual shopping cart. The data subject can prevent cookies being set through our website at any time by make a corresponding setting in the respective Internet browser thus permanently rejecting cookies being set. The user can also delete cookies at any time that have already been set through an internet browser or other software programs. This is possible in all standard Internet browsers. It may not be possible to use all the functions of our website in full if the Data Subject deactivates cookies being the set in the Internet browser used.
5. Collection of general data and information
The GERMEDIC International Department website collects an array of general data and information every time a Data Subject or automated system calls up the website. This general data and information is stored in the log files on the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the system accessing our website, (3) the website from where an accessing system accesses our website (referrer website), (4) the sub-pages accessed over an accessing system on our website, (5) the date and time access is made to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider for the accessing system and (8) other similar data and information that serve to avert threats in the event of attacks on our information technology systems.
GERMEDIC International Department does not draw any conclusions about the data subject when using this general data and information. Instead, this information is needed (1) to deliver the content on our website correctly, (2) to optimise the content on our website and the publicity for it, (3) to ensure the long-term functionality of our information technology systems and the technology on our website, and (4) to provide law enforcement authorities with the information required for prosecution in the event of a cyber attack. GERMEDIC International Department primarily analyses anonymously collected data and information for statistical purposes therefore and secondly for the purpose of enhancing data protection and data security within our enterprise, with the ultimate aim of ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separate to all personal data submitted by a data subject.
6. Options for establishing contact over the website
Legal regulations state that the GERMEDIC International Department website has to contains information that enables quick electronic contact to be established with our company as well as direct communication, which also includes a general address for what is referred to as electronic mail (email address). If a data subject contacts the Data Controller by email or over a contact form, the personal data provided by that data subject is automatically saved. This personal data, which is transmitted voluntarily by an individual to the Data Controller, is stored for the purpose of processing or contacting the data subject. We do not share personal data with third parties without your consent.
7. Routine deletion and blocking of personal data
The Data Controller processes and stores personal data pertaining to the data subject only for the time necessary to achieve the purpose of storage or where provided for in laws or regulations by the European legislator or other legislators to which the Data Controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
8. Rights of the data subject
a) Right to confirmation
The European legislator grants every data subject the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this confirmation right, they may, at any time, contact any of the Data Controller’s employees.
b) Right to information
The European legislator grants any data subject affected by personal data processing the right to obtain information about the personal data stored on their person from the Data Controller free of charge at any time and obtain a copy of that information. Furthermore, the European legislator has granted the Data Subject access to the following information:• the purposes of processing• the categories of personal data processed• the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly in the case of recipients in third countries or international organisations• if possible, the storage duration envisaged for the personal data, or, if this is not possible, the criteria for determining this duration• the existence of a right to rectify or delete personal data which concerns them or to have the Data Controller restrict its processing or to object to such processing• the existence of a right of appeal to a supervisory authority• if the personal data is not collected from the Data Subject: All information available about the origin of the data• the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, in these cases at least, sound information on the logic involved, and the scope and intended impact of said processing on the data subject. Furthermore, the data subject has a right to information concerning whether personal data has been transmitted to a third country or international organisation. In this case, the data subject also has the right to obtain information on the appropriate safeguards in place in connection with the transfer. If a data subject wishes to exercise this right to information, they may, at any time, contact any of the Data Controller’s employees.
c) Right to rectification
The European legislator grants every data subject affected by personal data processing the right to demand rectification of inaccurate personal data concerning them without delay. Furthermore, the data subject has the right to demand the completion of incomplete personal data, also by means of supplementary declaration, taking into account the purposes of processing. If a data subject wishes to exercise this right to rectification, they may, at any time, contact any of the Data Controller’s employees.
d) Right to deletion (right to be forgotten)
The European legislator gives any Data Subject affected by personal data processing the right to obtain the deletion of personal data concerning them from the Data Controller without delay, where one of the following reasons applies and to the extent that processing is no longer required:• the personal data was collected or otherwise processed for purposes which the data is no longer needed.• the Data Subject revokes their consent on which processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and no other legal basis for processing exists.• The data subject objects to data processing pursuant to Art. 21 (1) GDPR and no overriding legitimate grounds for processing exists, or the data subject objects to processing pursuant to Art. 21 (2) GDPR.• The personal data have been processed unlawfully.• deletion of the personal data is required to comply with a legal obligation under Union or Member State law to which the Data Controller is subject.• the personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR. If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by GERMEDIC International Department, they may contact any of the Data Controller’s employees at any time. The employee in the GERMEDIC International Department will arrange for the request for deletion to be complied with immediately. If DZSP GmbH has made the personal data public and our company as the Controller is obliged to delete the personal data pursuant to Art. 17 (1) GDPR, the GERMEDIC International Department will undertake reasonable measures, including technical measures, to compensate other Data Controllers for processing the personal data published, taking into account the technology available and the implementation cost, in order to inform the Data Subject that they have asked these other Data Controllers to delete all links to the personal data or copies or replications of the personal data, unless processing of the date is required. The employee in the GERMEDIC International Department will arrange for the necessary action to be taken in individual cases.
e) Right to restrict processing
The European legislator grants every data subject the right to obtain from the Controller the restriction of processing where one of the following conditions is met:- The data subject contests the accuracy of the personal data for a period that enables the Controller to verify the accuracy of the personal data. – Processing is unlawful, the data subject objects to the personal data being deleted and instead demands its restriction in use.- The Controller no longer needs the personal data for processing purposes, but the data subject needs it for establishing, exercising or defending legal claims.- The data subject has objected to processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the Controller has sufficient legitimate grounds to override those of the data subject. If one of the aforementioned conditions is met, and a data subject wants to request that the personal data stored by DZSP GmbH is restricted, they may contact any of the Data Controller’s employees at any time. The employee at the GERMEDIC International Department will arrange for processing to be restricted.
f) Right to data portability
European legislation grants data subjects the right to obtain personal data concerning them in a structured, standard and machine-readable format, that the data subject has make available to a controller. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was made available, insofar as the processing is based on consent pursuant to 6 (1) (a) or Art. 9 (2) (a) GDPR 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated procedures, insofar as processing personal data is required to perform a task that is in the public interest or in exercising an official power which has been delegated to the data controller. Furthermore, when exercising their right to data portability pursuant to Art. 20 (1) GDPR, you have the right to effect that the personal data is transferred directly from one Data Controller to another Data Controller, insofar as this is technically feasible and it this does not affect the rights and freedoms of other persons. In order to assert their right to data portability, the data subject may contact any Germedic International Department employee at any time.
g) Right to object
The European legislator grants any data subject affected by personal data processing the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. If you object, the GERMEDIC International Department we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh the interests, rights and freedoms of the data subject, or its processing for purposes of asserting, exercising or defending against legal claims. If the GERMEDIC International Department processes personal data for direct marketing purposes, the data subject has the right to submit an objection at any time against their personal data being processed for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct marketing. If the data subject objects to the GERMEDIC International Department processing their personal data for direct marketing purposes, GERMEDIC International Department will no longer process their personal data for these purposes. In addition, the data subject has the right, on grounds relating to their particular situation, to object to personal data concerning their person being processed by the GERMEDIC International Department for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for performing a task carried out in the pursuit of public interest. In order to exercise the right to object, the data subject may contact any employee in the GERMEDIC International Department directly or another employee. In the context of the use of information society services, and regardless of Directive 2002/58/EC, the Data Subject has the option to exercise their right to object using automated procedures that use technical specifications.
h) Automated decision-making in individual cases including profiling
The European legislator grants any Data Subject affected by personal data processing the right to not be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning them or similarly significantly affects them, provided that the decision (1) is not required for entering into, or fulfilling a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the Controller is subject and that such law lays down appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is made with the data subject’s explicit consent. If the decision (1) is required for entering into or fulfilling a contract between the Data Subject and the Controller, or (2) it is made with the data subject’s explicit consent, the GERMEDIC International Department will implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the Controller side, to express their point of view and to contest the decision. If the data subject wishes to rights relating to automated decision making, they may, at any time, contact any of the Data Controller’s employees.
i) Right to withdraw consent under data protection law
The European legislator grants every data subject affected by personal data processing the right to withdraw consent to personal data being processed at any time. If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact any of the Data Controller’s employees.
9. Legal basis for processing
Art. 6 (I) (a) GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If personal data needs to processed to fulfil a contract to which the Data Subject is a party, as is the case, for example, with processing operations required for delivering goods or providing any other service or consideration, processing takes placed based on Art. 6 (I) (b) GDPR. The same applies to processing operations required for fulfilling pre-contractual measures, for example in the case of enquiries concerning our products or services. If our company is subject to a legal obligation which requires personal data to be processed, such as for fulfilling tax obligations, processing takes place based on Art. 6 (I) (c) GDPR. In rare cases, processing personal data may become necessary to protect the vital interests of the Data Subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result their name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or other third party. Processing would then taken place based on Art. 6 (I) (d) GDPR. Ultimately, processing operations could also take place based on Art. 6 (I) (f) GDPR. Processing operations that are not covered by any of the aforementioned Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is required to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the Data Subject do not prevail. We are permitted to perform such processing operations in particular because the European legislator has specifically mentioned them. In this respect, the legislator took the view that a legitimate interest could be assumed if the Data Subject is a customer of the Controller (Recital 47 (2) GDPR).
10. Legitimate interests in the processing that is pursued by the Controller or a third party
If personal data is processed on the basis of Art. 6 (I) (f) GDPR, our legitimate interest lies in conducting our business for the benefit of all our employees and shareholders.
11. Duration for which the personal data is stored
The criterion for the duration of personal data storage is the respective statutory retention period. The corresponding data is routinely deleted once the period has expired, if it is no longer required to fulfil or initiate a contract.
12. Legal or contractual provisions for providing the personal data; need for concluding the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, a Data Subject may need to provide us with personal data that we subsequently need to process. For example, the Data Subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide this personal data would mean that the contract with the Data Subject could not be concluded. Before the Data Subject provides personal data, they must contact one of our employees. Our employee informs the Data Subject on a case-by-case basis whether the provision of the personal data is required by law or contract, or whether it is necessary for concluding a contract, whether there is an obligation to provide personal data and what consequences the failure to provide personal data would have.
13. Existence of automated decision-making. As a responsible company, we do not make use of automated decision-making or profiling.
This Privacy Policy was created by the Privacy Policy Generator from DGD Deutsche Gesellschaft für Datenschutz GmbH, which functions as the External Data Protection Officer Berlin, in cooperation with the data protection (GDPR) lawyers from the law firm WILDE BEUGER SOLMECKE | Lawyers.
We attach great importance to adhering to legal data protection regulations and, because of professional ethics in medicine, we go even further. To ensure confidentiality and privacy we continuously subject ourselves to review. We train and instruct our staff and those in positions of responsibility and motivate them to be diligent about privacy. We only allow authorised employees access to patient data. We never transfer patient data to external bodies unless within the legal framework of billing or reporting regulations or with the knowledge of the person concerned.
Along with the quality of our medical services, another important thing is secure: your data.
As a matter of principle, you can use the GERMEDIC International Department website without providing any personal data. However, if a data subject wishes to use the specific services of our company over our website, we may need to process personal data. If we need to process personal data and no legal basis exists for doing so, we generally seek the consent of the data subject.
Processing a data subject’s personal data, such as their name, address, email address or telephone number, always take place in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to GERMEDIC International Department. Through this privacy policy, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs Data Subjects about their rights.
As Data Controller, GERMEDIC International Department has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, data transfers over the Internet can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to submit personal data to us by alternative means, for example by telephone.
1. Definitions
This Privacy Policy from GERMEDIC International Department is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and comprehensible for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance. Among others, we use the following terms in this Privacy Policy:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (referred to in the following as ‘Data Subject’); a natural person is considered identifiable when he can be identified directly or indirectly, in particular by means of assignment to an identifier, such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data Subject
Data Subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing refers to any operation or set of operations which are performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, the alignment or combination, restriction, deletion or destruction.
d) Restriction on processing
Restriction on processing involves flagging stored personal data with the aim of restricting its future processing.
e) Profiling
Profiling refers to any type of automated personal data processing which consists of using said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to said natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
f) Pseudonymisation
Pseudonymisation refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or Data Controller
The Controller or Data Controller is the natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for their designation may be provided for under Union or Member State law.
h) Data Processor
Data Processor refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller
i) Recipient
Recipient refers to a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party. However, authorities that may receive personal data under a specific mandate to investigate under Union or Member State law are not considered recipients.
j) Third Party
Third Party refers to a natural or legal person, public authority, agency or other body other than the Data Subject, Controller, Data Processor and the persons authorised to process the personal data under the direct responsibility of the Controller or Data Processor.
k) Consent
Consent refers to any freely given and unambiguous expression of will in the form of a declaration or other unambiguous affirmative action on the part of the Data Subject for the specific case in question, by which the Data Subject indicates that they consent to having personal data which relates to them processed.
2. Name and address of the Data Controller
Controller within the meaning of the EU General Data Protection Regulation, other data protection laws applicable within the Member States of the European Union and other statutory provisions with data protection character is:
GERMEDIC International Department
c/o PTC Service Group GmbH
Emil-Ueberall-Straße 43
01159 Dresden/Germany,
Phone: +49 351 2130 3260
Email: info@germedic-healthcare.de
Website: www.dzsp.de
3. Name and address of the data protection officer
The data protection officer for the Data Controller is: Every data subject can contact our data protection officer directly at any time with any questions or suggestions they may have about data protection.
4. Cookies
This website use cookies. Cookies are text files that are deposited and stored on a computer system over an Internet browser. Numerous websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string which allows web pages and servers to be assigned to the specific Internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual’s browser from other Internet browsers that contain other cookies. The unique cookie ID can be used to recognize and identify a particular Internet browser. By using cookies, GERMEDIC International Department can provide its website users with more user-friendly services which would not be possible without setting cookies. Using a cookie allows the information and offerings on our website to be optimised for the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this is to facilitate their use of our website. For example, the user of a website that uses cookies does not have to enter their credentials again every time they visit the website because the website and the cookie stored on the user’s computer system does this for them. Another example is the cookie in a shopping cart in an online shop. The online shop uses a cookie to remember the items a customer has placed in the virtual shopping cart. The data subject can prevent cookies being set through our website at any time by make a corresponding setting in the respective Internet browser thus permanently rejecting cookies being set. The user can also delete cookies at any time that have already been set through an internet browser or other software programs. This is possible in all standard Internet browsers. It may not be possible to use all the functions of our website in full if the Data Subject deactivates cookies being the set in the Internet browser used.
5. Collection of general data and information
The GERMEDIC International Department website collects an array of general data and information every time a Data Subject or automated system calls up the website. This general data and information is stored in the log files on the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the system accessing our website, (3) the website from where an accessing system accesses our website (referrer website), (4) the sub-pages accessed over an accessing system on our website, (5) the date and time access is made to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider for the accessing system and (8) other similar data and information that serve to avert threats in the event of attacks on our information technology systems.
GERMEDIC International Department does not draw any conclusions about the data subject when using this general data and information. Instead, this information is needed (1) to deliver the content on our website correctly, (2) to optimise the content on our website and the publicity for it, (3) to ensure the long-term functionality of our information technology systems and the technology on our website, and (4) to provide law enforcement authorities with the information required for prosecution in the event of a cyber attack. GERMEDIC International Department primarily analyses anonymously collected data and information for statistical purposes therefore and secondly for the purpose of enhancing data protection and data security within our enterprise, with the ultimate aim of ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separate to all personal data submitted by a data subject.
6. Options for establishing contact over the website
Legal regulations state that the GERMEDIC International Department website has to contains information that enables quick electronic contact to be established with our company as well as direct communication, which also includes a general address for what is referred to as electronic mail (email address). If a data subject contacts the Data Controller by email or over a contact form, the personal data provided by that data subject is automatically saved. This personal data, which is transmitted voluntarily by an individual to the Data Controller, is stored for the purpose of processing or contacting the data subject. We do not share personal data with third parties without your consent.
7. Routine deletion and blocking of personal data
The Data Controller processes and stores personal data pertaining to the data subject only for the time necessary to achieve the purpose of storage or where provided for in laws or regulations by the European legislator or other legislators to which the Data Controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
8. Rights of the data subject
a) Right to confirmation
The European legislator grants every data subject the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this confirmation right, they may, at any time, contact any of the Data Controller’s employees.
b) Right to information
The European legislator grants any data subject affected by personal data processing the right to obtain information about the personal data stored on their person from the Data Controller free of charge at any time and obtain a copy of that information. Furthermore, the European legislator has granted the Data Subject access to the following information:• the purposes of processing• the categories of personal data processed• the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly in the case of recipients in third countries or international organisations• if possible, the storage duration envisaged for the personal data, or, if this is not possible, the criteria for determining this duration• the existence of a right to rectify or delete personal data which concerns them or to have the Data Controller restrict its processing or to object to such processing• the existence of a right of appeal to a supervisory authority• if the personal data is not collected from the Data Subject: All information available about the origin of the data• the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, in these cases at least, sound information on the logic involved, and the scope and intended impact of said processing on the data subject. Furthermore, the data subject has a right to information concerning whether personal data has been transmitted to a third country or international organisation. In this case, the data subject also has the right to obtain information on the appropriate safeguards in place in connection with the transfer. If a data subject wishes to exercise this right to information, they may, at any time, contact any of the Data Controller’s employees.
c) Right to rectification
The European legislator grants every data subject affected by personal data processing the right to demand rectification of inaccurate personal data concerning them without delay. Furthermore, the data subject has the right to demand the completion of incomplete personal data, also by means of supplementary declaration, taking into account the purposes of processing. If a data subject wishes to exercise this right to rectification, they may, at any time, contact any of the Data Controller’s employees.
d) Right to deletion (right to be forgotten)
The European legislator gives any Data Subject affected by personal data processing the right to obtain the deletion of personal data concerning them from the Data Controller without delay, where one of the following reasons applies and to the extent that processing is no longer required:• the personal data was collected or otherwise processed for purposes which the data is no longer needed.• the Data Subject revokes their consent on which processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and no other legal basis for processing exists.• The data subject objects to data processing pursuant to Art. 21 (1) GDPR and no overriding legitimate grounds for processing exists, or the data subject objects to processing pursuant to Art. 21 (2) GDPR.• The personal data have been processed unlawfully.• deletion of the personal data is required to comply with a legal obligation under Union or Member State law to which the Data Controller is subject.• the personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR. If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by GERMEDIC International Department, they may contact any of the Data Controller’s employees at any time. The employee in the GERMEDIC International Department will arrange for the request for deletion to be complied with immediately. If DZSP GmbH has made the personal data public and our company as the Controller is obliged to delete the personal data pursuant to Art. 17 (1) GDPR, the GERMEDIC International Department will undertake reasonable measures, including technical measures, to compensate other Data Controllers for processing the personal data published, taking into account the technology available and the implementation cost, in order to inform the Data Subject that they have asked these other Data Controllers to delete all links to the personal data or copies or replications of the personal data, unless processing of the date is required. The employee in the GERMEDIC International Department will arrange for the necessary action to be taken in individual cases.
e) Right to restrict processing
The European legislator grants every data subject the right to obtain from the Controller the restriction of processing where one of the following conditions is met:- The data subject contests the accuracy of the personal data for a period that enables the Controller to verify the accuracy of the personal data. – Processing is unlawful, the data subject objects to the personal data being deleted and instead demands its restriction in use.- The Controller no longer needs the personal data for processing purposes, but the data subject needs it for establishing, exercising or defending legal claims.- The data subject has objected to processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the Controller has sufficient legitimate grounds to override those of the data subject. If one of the aforementioned conditions is met, and a data subject wants to request that the personal data stored by DZSP GmbH is restricted, they may contact any of the Data Controller’s employees at any time. The employee at the GERMEDIC International Department will arrange for processing to be restricted.
f) Right to data portability
European legislation grants data subjects the right to obtain personal data concerning them in a structured, standard and machine-readable format, that the data subject has make available to a controller. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was made available, insofar as the processing is based on consent pursuant to 6 (1) (a) or Art. 9 (2) (a) GDPR 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated procedures, insofar as processing personal data is required to perform a task that is in the public interest or in exercising an official power which has been delegated to the data controller. Furthermore, when exercising their right to data portability pursuant to Art. 20 (1) GDPR, you have the right to effect that the personal data is transferred directly from one Data Controller to another Data Controller, insofar as this is technically feasible and it this does not affect the rights and freedoms of other persons. In order to assert their right to data portability, the data subject may contact any Germedic International Department employee at any time.
g) Right to object
The European legislator grants any data subject affected by personal data processing the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. If you object, the GERMEDIC International Department we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh the interests, rights and freedoms of the data subject, or its processing for purposes of asserting, exercising or defending against legal claims. If the GERMEDIC International Department processes personal data for direct marketing purposes, the data subject has the right to submit an objection at any time against their personal data being processed for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct marketing. If the data subject objects to the GERMEDIC International Department processing their personal data for direct marketing purposes, GERMEDIC International Department will no longer process their personal data for these purposes. In addition, the data subject has the right, on grounds relating to their particular situation, to object to personal data concerning their person being processed by the GERMEDIC International Department for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for performing a task carried out in the pursuit of public interest. In order to exercise the right to object, the data subject may contact any employee in the GERMEDIC International Department directly or another employee. In the context of the use of information society services, and regardless of Directive 2002/58/EC, the Data Subject has the option to exercise their right to object using automated procedures that use technical specifications.
h) Automated decision-making in individual cases including profiling
The European legislator grants any Data Subject affected by personal data processing the right to not be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning them or similarly significantly affects them, provided that the decision (1) is not required for entering into, or fulfilling a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the Controller is subject and that such law lays down appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is made with the data subject’s explicit consent. If the decision (1) is required for entering into or fulfilling a contract between the Data Subject and the Controller, or (2) it is made with the data subject’s explicit consent, the GERMEDIC International Department will implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the Controller side, to express their point of view and to contest the decision. If the data subject wishes to rights relating to automated decision making, they may, at any time, contact any of the Data Controller’s employees.
i) Right to withdraw consent under data protection law
The European legislator grants every data subject affected by personal data processing the right to withdraw consent to personal data being processed at any time. If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact any of the Data Controller’s employees.
9. Legal basis for processing
Art. 6 (I) (a) GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If personal data needs to processed to fulfil a contract to which the Data Subject is a party, as is the case, for example, with processing operations required for delivering goods or providing any other service or consideration, processing takes placed based on Art. 6 (I) (b) GDPR. The same applies to processing operations required for fulfilling pre-contractual measures, for example in the case of enquiries concerning our products or services. If our company is subject to a legal obligation which requires personal data to be processed, such as for fulfilling tax obligations, processing takes place based on Art. 6 (I) (c) GDPR. In rare cases, processing personal data may become necessary to protect the vital interests of the Data Subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result their name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or other third party. Processing would then taken place based on Art. 6 (I) (d) GDPR. Ultimately, processing operations could also take place based on Art. 6 (I) (f) GDPR. Processing operations that are not covered by any of the aforementioned Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is required to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the Data Subject do not prevail. We are permitted to perform such processing operations in particular because the European legislator has specifically mentioned them. In this respect, the legislator took the view that a legitimate interest could be assumed if the Data Subject is a customer of the Controller (Recital 47 (2) GDPR).
10. Legitimate interests in the processing that is pursued by the Controller or a third party
If personal data is processed on the basis of Art. 6 (I) (f) GDPR, our legitimate interest lies in conducting our business for the benefit of all our employees and shareholders.
11. Duration for which the personal data is stored
The criterion for the duration of personal data storage is the respective statutory retention period. The corresponding data is routinely deleted once the period has expired, if it is no longer required to fulfil or initiate a contract.
12. Legal or contractual provisions for providing the personal data; need for concluding the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, a Data Subject may need to provide us with personal data that we subsequently need to process. For example, the Data Subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide this personal data would mean that the contract with the Data Subject could not be concluded. Before the Data Subject provides personal data, they must contact one of our employees. Our employee informs the Data Subject on a case-by-case basis whether the provision of the personal data is required by law or contract, or whether it is necessary for concluding a contract, whether there is an obligation to provide personal data and what consequences the failure to provide personal data would have.
13. Existence of automated decision-making. As a responsible company, we do not make use of automated decision-making or profiling.
This Privacy Policy was created by the Privacy Policy Generator from DGD Deutsche Gesellschaft für Datenschutz GmbH, which functions as the External Data Protection Officer Berlin, in cooperation with the data protection (GDPR) lawyers from the law firm WILDE BEUGER SOLMECKE | Lawyers.
0049 351 2130 3260
0049 351 2130 3266
Adresse:
GERMEDIC International Department
c/o PTC Service Group GmbH
Emil-Ueberall-Straße 43
01159 Dresden / Germany