Data Protection Declaration (as of May 2018)
We appreciate your interest in our website www.admedicum.com and in our company as well as our services. We understand that protecting your privacy when using our websites is important to you. Therefore, it is of utmost priority for us to comply with the legal regulations on data protection. It is also important for us that you as a customer know at all times when and how we collect, store and use information about you.
In the following, we will inform you about the collection and other processing (e.g. storage, retrieval, modification, disclosure) of personal data when using our website. Personal data is all data that is personally relatable to you, e.g. your name, address, e-mail address, user behaviour.
Insofar as we process personal data as part of the use of our website or rely on contracted service providers for certain functions, offers or services of our website with regard to data processing or if we wish to use your data for advertising purposes, we provide you with detailed information on the respective processes below, in particular, which data will be processed. We also inform you of the intended storage duration or, at least, the specified criteria for storage duration as well as the relevant legal basis for the respective processing.
I. Name and address of the Responsible Person
The Responsible Person within the framework of the EU General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
admedicum® Business for Patients GmbH & Co KG,
represented by the Data Protection Officer Ulrike Nowak
An der Wachsfabrik 3, 50996 Cologne
Tel .: +492236 / 94733-60
Fax: +492236 / 94733-69
II. Collection and storage of personal data as well as the nature, purpose, legal basis and duration of their use
§ 1 When visiting the website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal access data in so-called server log files, which your browser transmits to our server. As part of the server log files, the following data is collected:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete web page)
- Access Status / HTTP status code
- The transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
These data are evaluated solely in order to ensure trouble-free operation of the website in terms of stability and security and to improve our offer and then discarded. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is derived from the aforementioned purposes of data collection.
The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow for the data to be assigned to a user. This data is not stored together with other personal data of the user.
The collection of data for the provision of the website and the storage of the data in log files is indispensable for the operation of the website. There is consequently no right to object on the part of the user.
The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case data collected for providing the website, the data is deleted when the respective session is closed.
§ 1 Scope of data processing
In order to make the visit to our website user-friendly and effective and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are saved on your device and which store certain settings and data used for exchange with our system via your browser. Through cookies, the body setting the cookies (in this case us) receives certain information. Cookies cannot execute programme files and cannot transmit viruses to your computer.
Cookies contain no personal data and can therefore not be directly assigned to a user. Please note that certain cookies are already set as soon as you enter our website.
This website uses the following types of cookies:
- Required/Functional Cookies: These cookies are required to enable the operation of our website. They include e.g. cookies that allow you to log in to the customer area or to put something in the shopping cart.
- Transient cookies: These cookies are automatically deleted when you close the browser. They include in particular the session cookies which store a so-called session ID that allows requests from your browser to be assigned to the common session. This will enable us to recognize your computer when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies: These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete these cookies in the security settings of your browser at any time.
IV. Google Maps
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allows you to conveniently use the map feature.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This is done regardless of whether you are logged in to a Google user account, or whether a user account does not exist. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for users who are not logged in) to provide adequate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, and you have to execute this right directly towards Google.
For more information on the purpose and scope of data collection and its processing by the plug-in provider Google, please refer to the provider's Data Protection Declaration. There you will find further information on your rights and settings to protect your privacy:
http://www.google.com/intl/en/policies/privacy. Google processes your personal data also in the United States and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Third Party Information: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
V. Google Analytics
With your consent, Google Analytics, a web analysis service of Google LLC is used on this website. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user's activities across devices.
Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
The legal basis for the use of Google Analytics is your consent in accordance with https://gdpr-info.eu/art-6-gdpr
Art. 6 para. 1 lit. a GDPR
Recipients or Categories of Recipients
The recipient of the collected data is Google.
Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision.
You can download the certificate https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-ons. https://tools.google.com/dlpage/gaoptout?hl=en.
VI. Your rights
You have the following rights with respect to the processing of personal data relating to you through us:
Right to information, Art. 15 GDPR:
You are entitled to receive a confirmation from the Responsible Person on whether or not he processes your personal data.
If such processing is conducted, the Responsible Person is obliged to inform you about:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed, in particular regarding recipients in third countries or international organizations; in the latter cases you may ask to be informed about the appropriate guarantees in accordance with. Art. 46 GDPR related with the data transfer;
- the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the Responsible Person or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the sources of the data in case the personal data were not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and impact of such processing on the data subject.
Right to rectification, Art. 16 GDPR:
You have a right to rectification and/or completion towards the Responsible Person, if the personal data processed about you is incorrect or incomplete. The Responsible Person has to make the correction without delay.
Right to cancellation, Art. 17 GDPR:
a) Duty of deletion
You may require the Responsible Person to delete your personal information without delay, and the Responsible Person is obliged comply with that request immediately if one of the following is true:
- Your personal data are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent to the processing pursuant to Art. 6 (1) lit. a or Art. (2) lit. a GDPR and there is no other legal basis for processing.
- You object to the processing pursuant to Art. 21 (1) GDPR (see VI.) and there are no prioritized justifiable reasons for processing, or you object to the processing pursuant Art. 21 (2) GDPR.
- Your personal data has been processed unlawfully.
- The deletion of your personal data is required to fulfil a legal obligation under the law of the European Union or the law of the Member States to which the Responsible Person is subject.
- Your personal data was collected in relation to services of the information society pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the Responsible Person has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 (1) of the GDPR, he shall take appropriate measures, including technical means, taking into account available technology and implementation costs, to inform other Responsible Persons who process your personal data that you demanded deletion of the personal data concerning you as well as deletion of any links to such personal data or of copies or replications of such personal data.
The right to deletion is precluded if the processing is required
- To exercise the right to freedom of expression and information;
- In order to fulfil a legal obligation requiring data processing under the law of the European Union or of the Member States to which the Responsible Person is subject, or in order to perform a task of public interest or in the exercise of public authority delegated to the Responsible Person;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the execution of the law referred to in subparagraph a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims.
Right to restriction of processing, Art. 18 GDPR:
You may request the restriction of the processing of your personal data under the following conditions:
- if you deny the accuracy of your personal data for a period of time that enables the Responsible Person to verify the accuracy of your personal information;
- if the processing is unlawful and you object to the deletion of your personal data and instead demand the restriction of the use of your personal data;
- if the Responsible Person no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing pursuant to Art. 21 (1) GDPR (see VI.) and it is yet uncertain whether justifiable reasons of the Responsible Person prevail over your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used – except for storage – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
If you have gained a restriction of processing under the abovementioned conditions, you will be informed by the Responsible Person before the restriction is lifted.
Right to information, Art. 19 GDPR:
If you have executed the right to rectification, deletion or restriction of processing towards the Responsible Person, he is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or of the restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right towards the Responsible Person to be informed about these recipients.
Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data you provided to the Responsible Person in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another Responsible Person without interference by the Responsible Person to whom the personal data were originally provided, if
- the processing is based on a consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and
- the processing is conducted using automated procedures.
In exercising this right, you are further entitled to demand that your personal data be transmitted directly from one Responsible Person to another, provided that this is technically feasible. Freedoms and rights of other persons may not be infringed.
Your right to cancellation remains unaffected.
The right to data portability does not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of official authority delegated to the Responsible Person.
Right to object, Art. 21 GDPR
You have an individual case-based right to object as well as a right to object to the processing of data for advertising purposes. For more information, see Section VI. of this Data Protection Declaration.
Right to revoke the declaration of consent regarding data protection laws
Any given consent to the processing of your personal data can be revoked at any time towards the Responsible Person. Please note that the revocation will be effective only for the future. The lawfulness of data processing on the basis of the consent prior to the revocation remains unaffected.
Automated decision on a case-by-case basis, including profiling, Art. 22 GDPR:
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which will have a legal effect on you or will significantly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the Responsible Person,
(2) is lawful under European Union or Member State legislation to which the Responsible Person is subject, and this legislation provides appropriate measures to protect your rights and freedoms as well as your legitimate interests or
(3) is made with your express consent.
In cases (1) and (3), the Responsible Person takes appropriate measures to uphold the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the Responsible Person, to expressing your own point-of-view and the right to appeal the decision.
Moreover, decisions based solely on automated processing must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Article 9 (2) lit. a or g GDPR is applicable and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
Right to complain to a supervisory authority, Art. 77 GDPR:
You also have the right to complain to a supervisory authority for data protection about the processing of your personal data. Your complaint can be submitted to the supervisory authority in the Member State of your residence, of your place of work or of the place of the alleged infringement. The supervisory authority to which the complaint has been submitted will inform you as the complainant of the status and results of the complaint, including the possibility to pursue judicial remedy pursuant to Art. 78 GDPR.
VII. Right to object according to Art. 21 GDPR
Individual case-based right to object:
You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data which is conducted on the grounds of Art. 6 (1) lit. e GDPR (data processing in the public interest) and Art. 6 (1) p. 1 lit. f GDPR (data processing in order to safeguard legitimate interests of the Responsible Person or a third party); this right also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the data is processed for the purposes of asserting, exercising or defending legal claims.
Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to conduct direct advertising. You have the right at any time to object to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the data processing for direct advertising purposes, we will no longer process your personal data for these purposes.
There are no formal requirements for submitting your objection in the aforementioned cases, it should be addressed by phone or possibly by email with the subject "Objection" to:
admedicum® Business for Patients GmbH & Co KG,
represented by the Data Protection Officer Ulrike Nowak
An der Wachsfabrik 3, 50996 Cologne
Tel .: 02236/94733 -60 Fax: 02236 / 94733-69
VIII. Data Security
We strive to store your personal data in a way to make it inaccessible to third parties by taking all technical and organizational measures available. When communicating by e-mail, we cannot guarantee complete data security, so we recommend you send confidential information by post.