DATA PROTECTION
BODY RESPONSIBLE FOR DATA PROCESSING
OTTO Medical Technologies GmbH
Rudolf-Diesel-Str. 2
40670 Meerbusch
Deutschland
Telefon: +49 2159-992-9933
Telefax: +49 2159-992-9935
E-Mail: [email protected]
Webseite: http://www.ottomedical.com
GENERAL INFORMATION ABOUT DATA PROCESSING
Extent of processing of personal data
In principle, we process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as it is necessary to process personal data in order to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) (d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interest, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, then Art. 6 (1) (f) of the GDPR serves as the legal basis for the processing.
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, it may be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfillment of the contract.
PROVISION OF THE WEBSITE AND CEATION OF LOG FILES
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
– Information about the browser type and version used
– Operating system of the user
– Internet service provider of the user
– IP address of the user
– Date and time of access
– Websites from which the user’s system accesses our website
– Websites that are accessed by the user’s system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) of the GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest lies in the processing of data according to Art. 6 (1) (f) of the GDPR.
Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
Opposition and removal possibility
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
USE OF COOKIES
Description and scope of data processing
We use “cookies” on our website, which serve to recognize you as a user and to make it easier for you to use our site. Cookies are small text files that your Internet browser installs on your device. Often these are “session cookies” that are deleted after the end of your session.
Other cookies remain installed on your device until you remove them. These installed cookies allow us to identify your web browser on the next visit.
You can also set your web browser to notify you about the installation of cookies. As part of the settings, you can choose whether cookies should only be allowed on a case-by-case basis, or may only be installed in certain cases, or are generally not accepted or automatically deleted after closing your web browser. If you choose to disable cookies, this may limit your use of the website.
On our website we use cookies to make them more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.
The following data are stored and transmitted in the cookies:
– Log-In information for input masks
– Cookie hint read and accepted
When you access our website, you will be informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.
Legal basis for data processing
The legal basis for the processing of your personal data using cookies is Article 6 (1) (f) of the GDPR.
Purpose of data processing
We use technically necessary cookies to optimize the use of the website for you. Otherwise, we can not offer you some features of our website, as they require that your web browser be recognized after a page break. In these purposes, our legitimate interest lies in the processing of your personal data.
The following application requires the use of cookies:
– Automatically hide the accepted cookie hint
– Make login information
We do not use the personal data collected by technically necessary cookies for the creation of user profiles. The analysis cookies are used to improve the quality of our website and its contents. Furthermore, they are used to constantly optimize our offer and thus improve the user comfort of our website.
In these purposes, our legitimate interest lies in the processing of your personal data.
Duration of storage, objection and disposal options
Cookies are stored on the computer of the user and transmitted by this to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all functions of the website to the full.
CONTACT FORM AND E-MAIL CONTACT
Description and scope of data processing
On our website is a contact form available, which can be used for electronic contact. If a user realizes this possibility, the data entered in the input mask is transmitted to us and stored. These data are:
– Name –
– E-mail address –
– Message
For the processing of the data, your consent is obtained during the transmission process and reference is made to this privacy policy.
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored. There is no disclosure of data to third parties in this context. The data will be used exclusively to process the correspondence.
Legal basis for data processing
The legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) (a) of the GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) (f) of the GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.
Purpose of data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the transmission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective correspondence with the user has ended. The correspondence is terminated when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the transmission process will be deleted at the latest after a period of seven days.
Opposition and removal possibility
The user has the opportunity to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the correspondence can not be continued.
You may revoke your consent, verbally or in writing, by using the above-mentioned contact details of the controller or object to the storage of your data.
All personal data stored in the course of contacting will be deleted in this case.
GOOGLE MAPS
Our website uses Google Maps to provide easy visualization of maps. Google Maps is powered by Google, Inc. Please note that external servers in the United States may be used by Google Maps to provide their services. We currently do not know if Google logs these server requests. However, we assume that the privacy policy of Google applies here (https://www.google.de/intl/de/policies/privacy/). Therefore, your IP address will always be stored for several months. The same applies to Java Script elements that can be downloaded from Google servers for browser compatibility. Our use of Google Maps is legally based on Art. 6 (1) (f) of the GDPR by pursuing our legitimate interest in the visualization of our site through a convenient representation on a map.
RIGHTS OF THE DATA SUBJEST
If personal data is processed by you, you are a victim within the meaning of the GDPR and you have the following rights to the person responsible:
Leagal
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
– the purposes for which the personal data are processed,
– categories of personal data that are processed
– the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
– the planned duration of the storage of personal data concerning you or, if specific details are not available, criteria for determining the duration of storage,
– the right of rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing,
– the existence of a right of appeal to a supervisory authority,
– available information about the origin of the data, if the personal data are not collected from the data subject and the existence of automated decision-making including profiling under Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this connection, you may request to be informed of the appropriate guarantees under Article 46 of the GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and completion to the controller, if the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.
Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
– if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
– the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of personal data;
– the person responsible no longer needs personal data for the purposes of processing, but you need them for the purposes of asserting, exercising or defending legal claims, or
– If you have objected to the processing pursuant to Art. 21 (1) of the GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest the EU or an EU Member State.
If the restriction on processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the person responsible before the restriction is lifted.
Their right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously affect the realization of the research or statistical purposes and the restriction is necessary for the performance of the research or statistical purposes.
Deletion of right
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
– The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
– They withdraw their consent, on which the processing was based, in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.
– In accordance with Art. 21 para. 1 DSGVO, you object to the processing and there are no legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) of the GDPR.
– The personal data concerning you were processed unlawfully.
– The deletion of personal data concerning you is required to fulfill a legal obligation under EU law or the law of the EU Member States to which the controller is subject.
– The personal data concerning you were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
If the person responsible has made the personal data relating to you public and is obliged to delete them in accordance with Article 17 (1) of the GDPR, he shall take appropriate measures, including technical ones, for data controllers, taking into account the available technology and the implementation costs who process the personal data, inform you that as the data subject you have requested the deletion of any links to such personal data or of copies or replications of such personal data.
The right to erasure does not exist if the processing is necessary
– to exercise the right to freedom of expression and information,
– for the fulfillment of a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller,
– for reasons of public interest in the field of public health pursuant to Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR,
– for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, to the extent that the law referred to in that section is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
– to assert, exercise or defend legal claims.
Right information
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
Data portability of right
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
– processing is based on a consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or a contract pursuant to Article 6 (1) (b) of the GDPR and
– processing using automated procedures.
In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one controller to another controller, as far as technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
Contradictory legal
You have the right, at any time for reasons arising out of your particular situation, to object to the processing of your personal data concerning you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.
Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
– is required for the conclusion or performance of a contract between you and the controller,
– permitted under EU or EU Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
– with your express consent.
However, these decisions may not be based on specific categories of personal data under Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) of the GDPR is applicable and appropriate measures are taken to protect the rights and freedoms of you legitimate interests were taken.
The controller shall take reasonable steps to safeguard your rights and freedoms, as well as your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his or her own position and to contest the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is against the DSGVO violates. The responsible authority for the seat of the person in charge is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Kavalleriestraße 2-4, 40213 Düsseldorf, E-Mail: [email protected], Phone: +49 211 384240, Telefax: +49 211 3842410).
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.