Privacy Statement

Data Protection Information for Visitors to Our Website

Thank you for visiting our website and for your interest in our company and our services. We respect your privacy and ensure the protection of your personal data by processing it in accordance with the contents of these data protection regulations and the applicable data protection laws.

You can visit our website without telling us who you are. For the purpose of displaying our websites, you are only obliged to provide the data transmitted by your browser to our server (see “Log Files”).

Further personal data will only be stored if you provide it voluntarily on the website or use corresponding functions, e.g., when using our contact forms or registering for our newsletter.

In the following, you will find our data protection regulations for visitors to our website:

Contact

You can enter your personal data on our website to contact us. Only data marked with an asterisk is mandatory. Providing further data may be helpful for the processing of your request, but it is not mandatory (optional). With your consent, the data is used and stored exclusively for the purpose of processing your message (Art. 6 para. 1 s. 1 lit. a GDPR). A use for other purposes or a passing on to third parties does not take place unless you explicitely agree (consent).

Cookies

Cookies are very small files used by web pages and stored on your device by your browser, which can provide us or a third party with certain information.

Transient cookies are automatically deleted when you close your browser. This includes, in particular, session cookies. These save a so-called session ID, which allows various requests from your browser to be alloated to a common session. This will allow your device to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In contrast to transient cookies, persistant cookies are not automatically deleted when the browser is closed. You can delete cookies at any time in the security settings of your browser.

We process cookies that are absolutely necessary to provide a service expressly requested by the user (“necessary cookies”) within the scope of our legitimate interest in providing and operating the website on the basis of Art. 6 para. 1 s. 1 lit. f GDPR and §25 para. 2 TDDDG.

Moreover, further information is stored on or accessed from your terminal device, that is not strictly necessary to provide the service explicitly requested by the user. The information is only stored or accessed if you give your consent (Art. 6 para. 1 s. 1 lit. a GDPR and §25 para. 1 TDDDG). For details on the type of information, purpose of processing, storage period of the information, and possible recipients of the data,please refer to the following section of this privacy statement.

You can adjust your browser settings to prevent it from accepting cookies or to only save or not save certain cookies. You can find more information on this in the help system of your browser. If your browser rejects all cookies, it is possible that not all functions of this website can be used.

You can call up our cookie banner at any time and correct your selection of cookies or make a new one.

Fan Pages

In order to provide customers, partners or otherwise interested parties with up-to-date information and to get in contact with them, we operate so-called “fan pages” on the following social networks in addition to our own website: LinkedIn and Youtube.

The data processing operations are carried out by the provider of the social media platform. Data processing outside the European Union cannot be ruled out. The provider of the platform may provide us with aggregated usage data, but we do not have access to personal data if you only visit the fan page.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. In the case of consent in the form of an opt-in (“tick checkbox”, “click button”) or any other form of obtaining consent, the legal basis is Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time without stating any reasons to the person to whom it was given, with effect for the future.

Since data processing is carried out by the provider of the platform, we recommend that you contact the respective provider of the platform for your rights to access, rectification, deletion, data portability, and objection regarding your visit to our fan page. Of course, we will support you in exercising your rights when needed.

In addition, cookies may be set on your device. For the purposes and legal basis for the use of cookies, please refer to “Cookies” in this privacy statement or to the privacy statement of the platform provider.

For further information, please refer to the following links:

  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; http://www.linkedin.com/legal/privacy-policy. If data is transferred to LinkedIn Corporation (USA), this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
  • YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de. If data is transferred to Google, LLC (USA), this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.

Log Files

Each time you access our website, we collect the following information about your computer: the IP address of your computer, the request from your browser, and the time of this request. In addition, the status and the amount of data transferred are recorded within the scope of this request, as well as product and version information about the browser used and the operating system of your computer. We further record the website from which our site was accessed. The IP address of your computer is only stored for the duration of your visit to the website and is then immediately deleted or made anonymous by shortening it. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors, determine the level of utilization of the website, and make adjustments or improvements (legal basis: Art. 6 para. 1 s. 1 f GDPR).

Withdrawal of Consent and Objection to Data Processing

If you have given us your consent, you can withdraw it at any time, with effect for the future.

You may object to our processing of your personal data wherever the processing is based on a balancing of interests. If you choose to exercise your right to object, we ask that you provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the situation and either cease or adjust our processing of data state our compelling reasons for continuing the processing that are worthy of protection.

You can object to the processing of your personal data for purposes of advertising and data analysis at any time.

You can send your revocation or objection using the contact details given under “Person Responsible”.

Your Rights

You are granted the following rights against us regarding personal data concerning you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of objection to processing
  • Right to data portability.

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.

Person Responsible

medavis GmbH, Bannwaldallee 60, D – 76185 Karlsruhe, Germany, Phone: +49 721 92910-0, Fax: +49 721 92910-99, Email: info@medavis.com

Data protection officer: Email: datenschutzanfragen@xdsb.de or to our postal address by adding “to the data protection officer”

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de

Data Protection Information According to Art. 13 and 14 GDPR for Customers and Suppliers

The following information is intended to provide you with an overview of the personal data we process and inform you of your rights under data protection laws.

Person responsible for data processing and contact information of the data protection officer

medavis GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany Phone.: +49 721 92910-0, Fax: +49 721 92910-99, Email: info@medavis.com

Data protection officer: Email: datenschutzanfragen@xdsb.de or at our postal address with the addition “the data protection officer”.

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de

What are the sources of personal data?

We process personal data that we have obtained from business relationships (e.g., with customers or suppliers) or from inquiries to our company. Normally, we receive this data directly from a contractual party or an inquiring person. However, personal data may also originate from public sources (e.g., commercial registers), provided that the processing of such data is permitted. Data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we also store our own information on this data (e.g., as part of an ongoing business relationship).

Depending on the individual case, this may include master data (e.g., name, address), contact information (e.g., telephone number, email address), contract and billing data for the fulfillment of our contractual obligations or necessary data for the processing of an inquiry, possibly also data on creditworthiness, advertising and sales data, and other data from comparable categories.

For what purposes and on what legal basis is the personal data processed?

We process personal data in accordance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 s. 1 lit. b GDPR). We process personal data primarily for the fulfillment of contractual obligations and the provision of related services, or in the context of a corresponding contract initiation (e.g., contract negotiations, preparation of offers). The specific purposes here are determined by the individual service or product to which the business relationship or contract initiation relates.

b.) In the context of fulfilling a legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR). In many situations, we are required by law to collect certain personal data from you and to disclose or make it available to certain, usually public, entities. For example, we provide the tax authorities with the personal data required for tax calculation in accordance with the relevant statutory provisions.

c.) In the context of the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). We also collect and process personal data to safeguard legitimate interests in the following situations:

  • Processing general inquiries about our products and services
  • Checking creditworthiness via respective credit agencies to assess the risk of default in business relationships
  • Advertising or market research
  • Video surveillance for the protection of domiciliary rights on our company premises or building
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT security and IT operation
  • Measures for building and plant security (e.g., access authorizations)
  • Measures to improve our internal business processes and product optimization measures
  • Furthermore, we may use systems for communication purposes (e.g., video conferencing systems, chats, etc.). Depending on the form of communication, we may process your contact information, messages and image and audio recordings. Recordings of images or audio transmissions will not be taken without your explicit consent. Please also note the respective privacy statements of the providers’ tools.

d.) In the context of consent (Art. 6 para. 1 s. 1 lit. a GDPR). In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we will inform you of this circumstance, in particular of the voluntary nature of the consent given and the possibility of withdrawal at any time with effect for the future. This is the case, for instance:

  • for certain processing of data via our website (see the privacy statement on our website),
  • in certain advertising situations (subject to permission of use, if required by law).

Recipients of the personal data

In general, the company only grants access to your data to entities that need to work with your data (“need-to-know principle”), i.e., need access to this data in order to fulfill a contractual or legal obligation. These may also include service providers and vicarious agents who act on behalf of the company and/or have been obligated to confidential processing of the data. In certain situations, we may transmit your data to

  • public authorities (e.g., tax authorities) when there’s a legal obligation,
  • other companies as part of the fulfillment of the contractual relationship, in the context of a balancing of interests, or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be, for instance, companies involved in the provision of our services, logistics partners, marketing service providers, credit bureaus, banks, tax consultants, or lawyers.

Is data transferred to a third country or to an international organization?

We may transfer personal data to other entities in countries outside the European Union (third country) insofar as it is necessary for the execution of the business relationship, if it is required by law, or if you have given us your consent to do so. In certain situations, we use or reserve the right to use service providers that may either have their registered office in a third country or, in turn,  may have service providers with a registered office in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in that country. In the absence of such a decision, a data transfer to a third country is permissible if the responsible entity has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective legal remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the listed criteria.

Storage period of the data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data is no longer required for the fulfillment of these obligations, it will be deleted, unless there are legal storage obligations, such as commercial and tax retention obligations under the German Fiscal Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory periods of limitation.

Data subject rights

You are granted the following rights against us regarding personal data concerning you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of objection to processing
  • Right to data portability.

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority. However, you also have the possibility of contacting our company’s data protection officer (also confidentially). If you have given us consent (Art. 6 para. 1 s. 1 lit. a GDPR), you can withdraw it at any time with effect for the future.

You may object to the processing of your personal data wherever the processing is based on the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). When exercising such an objection, we ask you to provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the merits of the case and either cease or adjust our processing of data or state our compelling reasons for continuing that are worthy of protection on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising purposes at any time.

Obligation to the provision of data

In the context of the fulfillment or initiation of a contract, you must provide the personal data necessary for the fulfillment of the contract or the implementation of pre-contractual measures and their associated obligations. Furthermore, you must provide the personal data that we are required to collect by law. We will not be able to conclude or fulfill a contract with you without this data. In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if you do not give consent, we will not be able to provide the services or benefits based on data processing by means of consent. You may withdraw your consent at any time with effect for the future, even after giving it.

Does automated decision-making or profiling take place?

No.