Responsible party:
HOLTSCH Medizinprodukte GmbH, In den Faltern 13, D-65232 Taunusstein, Germany,
Telephone +49-(0) 6128-917177, Fax +49-(0) 6128-44742, e-mail: info@holtsch-med.com.
1. Domain of applicability and legal framework
(1) This privacy statement informs you about the nature, scope and purpose of the processing of personal data within our website, the websites linked to it, functions and content.
(2) With respect to the terms used such as “personal data” or its “processing”, we refer to the definitions from Art. 4 of the General Data Protection Regulation (DS-GVO).
(3) The term “user” refers to all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors of our website.
(4) The personal data of the users processed in connection with this website includes
- master data (e.g. customer names and addresses),
- contact data (e.g. e-mail address, telephone number),
- contractual data (e.g. services used or products purchased, payment information),
- usage data (e.g. the web pages of our website that were visited, interest in our services and products), as well as
- technical data (e.g. IP addresses, device information)
(5) The personal data of users is processed particularly for the following purposes:
- provision of the website, its content and functions,
- provision of our contractual services,
- customer care,
- responding to contact requests and communicating with users,
- marketing as well as
- security of the website
(6) We only process the personal data of the users in compliance with applicable data protection provisions. This means that the data of the users is only processed if legal permission is in place. This is particularly the case if the data processing is necessary or required by law for the fulfillment of our contractual services (e.g. for processing contracts and orders) as well as our online services, the consent of the users is at hand or occurs on the basis of our legitimate interests. The analysis, optimization, security and cost-effective operation of our website are deemed legitimate interests.
(7) Please note that the legal basis for consent is Art. 6 para. 1 p. 1 lit. a) and Art. 7 DS-GVO, the legal basis for processing for the fulfillment of our services and the implementation of contractual measures is Art. 6 para. 1 p. 1 lit. b) DS-GVO, the legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 p. 1 lit. c) DS-GVO and the legal basis for processing to uphold our legitimate interests is Art. 6 para. 1 p. 1 lit. f) DS-GVO.
2. Security measures
(1) To ensure an appropriate level of protection with respect to a risk, we take suitable technical and organizational measures as prescribed by Art. 32 DSGVO and taking into account the state of the art, the costs of implementation, nature, scope, circumstances, purposes of processing, the varying probability of occurrence and the severity of the respective risk to the rights and freedoms of natural persons. Thus, the data we process shall be protected in particular against accidental or intentional manipulation, loss, deletion or against unauthorized access by third parties. The security measures also include the encrypted transfer of data between your browser and our server.
(2) Furthermore, we have implemented procedures to ensure that the rights of affected parties are exercised, the deletion of data occurs and the endangerment of data is duly responded to.
3. Forwarding of data to third parties and third-party providers
(1) To the extent we disclose data to other persons and companies (contract processors or third parties), transfer it to said parties or otherwise grant them access to the data, this shall only occur on the basis of legal permission. This applies e.g. with respect to the transfer of data in accordance with Art. 6 para. 1 p. 1 lit. b) DS-GVO to third parties if this is necessary for contractual fulfillment (e.g. for the purpose of shipping the goods or settling the payment of the purchase price) if you have consented to this, it is required by a legal obligation or on the basis of our legitimate interests (e.g. through the use of agents, web hosters etc.). Depending on which payment service provider you select during the order process, we forward the payment data collected for this purpose to the credit institute commissioned with the payment for the settling of payments and, if applicable, to the payment service provider we have commissioned. In some cases, the selected payment service providers also collect this information themselves if you create or have created an account with them. In this case, you must use your login data to log in to the payment service provider during the ordering process. The privacy statement of the respective payment service provider shall apply in this respect.
(2) To the extent we process data in a third country (that is, outside of the European Union or the European Economic Area) or this occurs through the use of services of third parties or the disclosure or transfer of data to third parties, this shall only occur if the special conditions of Art. 44 et seqq. DS-GVO are at hand. That is, processing shall occur e.g. on the basis of special guarantees such as the officially recognized assessment of a data protection level corresponding to that of the EU (e.g. the “Privacy Shield” in the USA) or through compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
(3) To the extent we engage third parties with the processing of data on the basis of a so-called “data processing contract”, this shall occur on the basis of Art. 28 DS-GVO.
4. Collection of access data and log files
(1) On the basis of our legitimate interests in the sense of Art. 6 para. 1 lit. f) DS-GVO, we collect data every time the server containing this service is accessed (so-called server log files). This data is technically required in order to display the respective website to you as well as to ensure stability and security. The access data includes the IP address of the requesting computer, data and time of access, name and URL of the file accessed, website from which access is occurring (referrer URL), the browser used and, if applicable, the operating system of the user’s computer as well as the name of the requesting access provider.
(2) The log file information is generated in anonymized form and saved in order to analyze system security and stability as well as for security reasons (e.g. to clarify any acts of misuse or fraud) for no more than seven days (the IP address is only saved for one day), after which time it is deleted. Data whose storage is necessary for the purpose of evidence is excluded from deletion until the respective incident has been fully investigated.
5. Contact
When contacting us via e-mail or telephone, the data of the user (your e-mail address, your name and, if applicable, your telephone number) will be processed in order to process the contact request and finalize it in accordance with Art. 6 para. 1 p. 1 lit. b) DS-GVO.
8. Your rights
(1) Users have the right to, at their request and at no charge, receive information regarding their personal data that we process.
(2) Furthermore, users have the right to the correction of incorrect data, the restriction of processing and deletion of their personal data and, to the extent applicable, the right to data portability and, if it is suspected that data is processed unlawfully, the right to complain to the competent regulatory authority.
(3) Likewise, users can revoke their consent with effect for the future.
9. Deletion of data
(1) The data saved at our location is deleted as soon as it is no longer required for the respective purpose and no legal retention requirements prevent its deletion. To the extent user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies e.g. in particular to the data of users, which must be kept for reasons relating to commercial or tax law.
(2) In accordance with legal provisions, data will be kept for 6 years pursuant to Section 257 para. 1 of the German Commercial Code (e.g. for commercial and business correspondence) and for 10 years pursuant to Section 147 para. 1 of the German Fiscal Code (e.g. for books of account and accounting records).
10. Right of objection
Users can at any time object to the future processing of their personal data in accordance with legal provisions. In particular, processing for purposes of direct advertising may be objected to.
11. Provision of personal data
We wish to inform you that the provision of personal data is in some cases prescribed by law (e.g. on the basis of tax regulations) or may result on the basis of contractual provisions (e.g. information regarding a contractual partner). In order to conclude a contract, a data subject must provide us with personal data that we must in turn process. There is no obligation to do so. However, failure to provide personal data would of course lead the contract to not be concluded with the user.
12. Automated decision making
Automated decision making or profiling in accordance with Art. 22 DS-GVO [General Data Protection Regulation] does not occur with us.
13. Changes to the privacy statement
The users are requested to inform themselves regarding the content of our privacy statement on a regular basis. We will amend our privacy statement as soon as this is required as the result of changes to the data processing we perform or to legal provisions. We will inform you immediately as soon as changes require cooperation on your part (e.g. consent) or any other individual notification.