Privacy Policy

Website privacy policy and information for data subjects in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation

Protecting your privacy is our top priority. We therefore act in accordance with the applicable data protection laws and security regulations. In the following, we inform you about which data we collect, how it is processed and used and to which third parties it may be passed on.

1. General information

Details of the controller

Company: Medi-Globe Technologies GmbH

Legal representative: Martin Lehner, Marc Jablonowski, Markus Sommer

Adress: Medi-Globe-Str.1-5, 83101 Rohrdorf

Contact details data protection officer: datenschutz@medi-globe.de

 

2. General data processing information

Affected data:

Personal data is only collected if you provide it to us voluntarily. No other personal data is collected. Any processing of your personal data that goes beyond the scope of the statutory permissions will only take place on your explicit consent.

Purpose of processing: Contract execution

Categories of recipients:

  • Public authorities in the presence of overriding legal provisions
  • External service providers or other contractors
  • Other external entities, providing the data subject has given their consent or transmission is permissible due to overriding interest

Third country transfers:

Processors outside the European Union may also be used in the course of contract performance.

Duration of data storage:

The duration of data storage depends on the statutory retention obligations and is generally up to 10 years.

 

3. Privacy information for the use of the website

 

 3.1 Use of own “cookies” required for website display

This website uses its own “cookies” to save settings required for the website display (“cookies” are data records sent from the web server to the user’s browser and stored there for later retrieval). No personal data is stored in our own “cookies”. You can generally prevent the use of “cookies” by prohibiting the storage of “cookies” in your browser.

 

3.2 Utilization data

When you access our websites, your internet browser transmits data to our web server out of technical necessity. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
    Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • amount of data transferred

For technical security reasons, particularly to defend against attack attempts on our web server, this data is temporarily stored by us. It is not possible for us to trace these data back to individual persons. After a maximum of fifteen days, the data is anonymized by shortening the IP address to domain level, making it impossible to establish a link to individual users. The data is also processed in anonymized form for statistical purposes; there is no comparison with other data sets or transfer to third parties, even in excerpts.

(Source of the wording: Bavarian State Office for Data Protection Supervision)

 

3.3 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

 

3.4 Consent with Complianz

Our website uses the consent management technology from Complianz to obtain and document your consent for the storage of certain cookies on your device or the use of specific technologies in a manner compliant with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (hereinafter referred to as „Complianz“).

Complianz is hosted on our servers, so no connection to the servers of the Complianz provider is established. Complianz stores a cookie in your browser to associate the consents you have given or their withdrawal. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.

The use of Complianz is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

 

3.5 Contact form and other inquiries (via email, telephone or fax)

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

 

3.6 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables your use of our website to be analyzed.

By default, Google Analytics sets 4 cookies when you visit the website, which are stored as small text modules on your end device and collect certain information. The scope of this information also includes your IP address, which, however, is shortened by Google by the last digits to exclude direct personal identification.

The information is transferred to Google servers and processed there. Transmission to Google LLC, based in the USA, is also possible.

Google uses the information collected to evaluate the use of the website. These reports on website activities are compiled to provide further services related to website and internet usage. The data collected through the use of Google Analytics 4 is stored for a duration of two months and then deleted.

All processing described above, in particular the setting of cookies on the terminal device used, is only carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service using the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with Google. (Data Privacy Framework)

Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

 

3.7 Demographic characteristics

Google Analytics 4 uses the special function “demographic characteristics” to create statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing ads and information from third parties. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

 

3.8 User IDs

As an extension to Google Analytics 4, the “User IDs” function will be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.

Data transfers to the USA are based on the EU-US Data Privacy Framework.


3.9 Google Maps

This website uses the Google Maps API, a map service provided by Google Inc. („Google“), to display an interactive map and to create driving directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This website uses the Google Maps service based on your consent for Google Maps provided by Google Ireland Limited („Google“). Through your consent, so-called „cookies,“ which are text files, may be stored on your computer by Google, allowing for an analysis of your use of the website. The information generated by the cookie is usually transmitted to a Google server in the USA and stored there. You can find Google’s Privacy Policy & additional terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html.

 

4. Data protection information on further data processing procedures

 

4.1 Handling of business cards

When handing over or exchanging business cards, you provide us with personal data such as your phone number and email address.  We use this information solely to stay in contact with you. Additionally, we may send you further information about our services. If you do not purchase any products or services from our range, we will delete your contact details after 5 years.

You have the right to access, delete, or correct your data at any time.

 

4.2 Specific information on the application process

Affected data: Application details

Purpose of processing: Implementation of the application process

Categories of recipients:

  • Public authorities if there are overriding legal provisions
  • External service providers or other contractors, e.g. for data processing and hosting
  • Other external parties, provided the data subject has given their consent or transmission is permitted due to overriding interests

Third country transfers:

In the course of contract execution, processors outside the European Union may be used, including email providers.

Data Retention Period:

Application data is generally deleted 6 months after the decision is communicated, unless consent for longer storage is given (e.g., inclusion in the applicant pool). In such cases, data is deleted 12 months after being added to the applicant pool.

 

4.3 Specific information on the processing of customer data/prospect data

Affected data:

Data provided for contract execution; additional data based on your explicit consent.

Purpose of processing:

Contract execution, including offers, orders, sales, invoicing, and quality assurance

Categories of recipients:

  • Public authorities: When required by overriding legal regulations.
  • External service providers: For data processing, hosting, shipping, logistics, printing, and call centers.
  • Other external parties: With consent or if allowed by overriding interest, e.g., credit checks, electronic information delivery, quality assurance.

Third country transfers:  

Processors outside the European Union, including email providers, may also be used in the context of contract performance.

Duration of data storage:

The duration of data storage depends on the statutory retention obligations and is typically 10 years.

 

4.4 Specific information on the processing of employee data

Affected Data:

Data provided for contract execution. Additional data processed based on your explicit consent.

Purpose of Processing:

Contract execution within the scope of the employment relationship.

Categories of recipients:

  • Public authorities: When required by overriding legal regulations, e.g., tax office, social security agencies, professional associations, integration offices.
  • External service providers: For data processing, hosting, payroll, insurance services, vehicle usage.
  • Other external parties: With consent or if allowed by overriding interest, e.g., social counseling, insurance services.

Third country transfers:  

Processors outside the European Union, including email providers, may also be used in the context of contract performance.

Duration of data storage:

The duration of data storage depends on the statutory retention obligations and is typically 10 years.

 

4.5 Specific information on the processing of supplier data

Affected data:

Data provided for the performance of the contract; any additional data for processing on the basis of your express consent

Purpose of processing:

Contract execution, including inquiries, purchasing, and quality assurance

Categories of recipients:

  • Public authorities: When required by overriding legal regulations, e.g. tax office, customs authorities
  • External service providers: For data processing and hosting, accounting, payment processing
  • Other external parties: With constent or if allowed by overriding interest.

Third country transfers:  

Processors outside the European Union, including email providers, may also be used in the context of contract performance.

Duration of data storage:

The duration of data storage depends on the statutory retention obligations and is typically 10 years.

 

4.6 Specific information on the use of video conferencing/webinar software

Affected Data:

Data provided for using the video conferencing/webinar software (e.g., first name, last name, email address)

Optional: Audio transmission, video transmission, questions via chat functions.

System data necessary for establishing the connection with the conference software provider.

Purpose of Processing:

Conducting video conferences or webinars.

Categories of recipients:

  • Public authorities: When required by overriding legal regulations.
  • External service providers: For data processing and hosting.
  • Other external parties: With consent or if allowed by overriding interest.

Third country transfers:

Processors outside the EU: In this case, the United States. Standard contractual clauses have been agreed upon with the service provider.

Duration of data storage:

Video conferences are only recorded with the prior documented consent of the participants. The technical data is deleted as soon as it is no longer required. The duration of data storage is otherwise based on the statutory retention obligations and is typically 10 years.

 

5. Further information and contact details

In addition, you can assert your rights to information, rectification or erasure or to restriction of processing or the exercise of your right to object to processing as well as the right to data portability at any time. You can contact us by email or letter here. You also have the right to contact the data protection supervisory authority if you have a complaint.

 

21.08.2024