Privacy Policy

Start | Privacy Policy

Content

Privacy policy

Content

Introduction

I. Collection of Personal Data

  1. Definition of Terms
  2. Hosting and handling of data when visiting our site
  3. Cookies
  4. Newsletter
  5. E-mail contact
  6. Use of social media plug-ins

II. Your rights (Rights of the Individual concerned)

  1. Right of information
  2. Right of rectification
  3. Right of removal („Right to be forgotten”)
  4. Right to restrict processing
  5. Right to be informed
  6. Right to data transferability
  7. Right to object
  8. Right to withdraw the declaration of consent under data protection law
  9. Automated decisions in individual cases including profiling
  10. Right to complain to the supervisory authority

III. Data protection and third-party websites

IV. Changes to this privacy policy

Introduction 

Medical Valley EMN e. V.
Henkestraße 91
91052 Erlangen

(hereinafter: “We”) as owner of the medical-valley-emn.de website is responsible for the personal user data (hereinafter: “you”) of the website within the terms of the General Data Protection Regulation (furthermore referred to as “GDPR”.  

We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of the data protection regulations and the applicable data protection regulations, accordingly to the GDPR. These data protection regulations determine which personal data we collect, process and use from you. Please read the following statements very carefully.

 

I. Collection of personal Data

1. Definition of Terms

The meaning of the term accordingly to the GDPR for:

  • Personal Data:

Regarding any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • Natural individual

Any identified or identifiable natural person whose personal data are processed by the responsible handler;

  • Handler

Any operation or set of operations carried out with or without the aid of automated means in relation to personal data, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making data accessible, alignment or combination, restriction, erasure or the

  • Restriction of Handling

The marking of stored personal data with purpose of limiting future processing;

  • Profiling

any form of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person. This, particularly, with a view to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person;

  • Pseudonymisation

Processing of personal data in such manner that the personal data cannot be related to a specific data subject without the inclusion of additional information. This, provided that additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data cannot be related to an identified or identifiable natural person;

  • Accountability

A natural or legal person, public authority, agency or any other body that stands alone or jointly with others determines the purposes and means of the processing of personal data. If such purposes and means of processing are determined by Union law or by the law of the Member States, arrangements may be made for the accountable person or for the specific criteria for his or her nomination under Union law or the law of the Member States;

  • Contractor

a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the responsible person;

  • Recipient

(1) A natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not that person is a third-party. (2) However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union law or the law of the Member States, shall not be considered as recipients. The processing of such data by the abovementioned authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the processing purposes;

  • Third-party

A natural or legal person, public authority, agency or body other than the data subject, the person responsible, the handler and the persons who, under the direct authority of the responsible person or the handler, are authorized to process the personal data;

  • Consent

a freely given specific, determined and unequivocal indication of the person concerned’s wishes in the form of a declaration or any other unequivocal affirmative act by which the person concerned indicates his or her consent to the processing of personal data relating to him or her;

2. Hosting

a) For the availability of our offer, we use hosting services (especially storage space, computing capacity, platform services). Within the scope of this, we or our hosting provider process personal data in accordance with this privacy policy. The legal basis for hosting services is Art. 6, §1 lit. f GDPR. We have concluded a contract with our hosting provider for commissioned data processing in accordance with Art. 28 GDPR.  

b) You can visit our site without giving any information about yourself, with exception of the (access) data that your Internet browser sends us, e.g.  

  • The name of your internet service provider
  • The date and time of your access to our website 
  • Your browser type
  • The browser settings
  • The operating system used
  • The last page you visited
  • Your IP address.

In addition, personal data is only collected if you provide it voluntarily, for example by placing an order, opening a customer account or subscribing to our newsletter.

c) Description and legal basis

The data is also stored in the log files of our system, whereby IP addresses are only stored in anonymised form. This is done by storing an IP address 123.123.123.XXX, where XXX is a random value between 1 and 254, instead of the actual IP address of the visitor, e.g. 123.123.123.123.123. Therefore, it is no longer possible to establish a personal reference. 

The legal basis for this temporary storage of data and log files is Art. 6, §1 letter f GDPR.

d) Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be forwarded to the user’s computer.

The storage in log files is to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes is not conducted in this context.

These purposes also cover our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f GDPR.

e) Storage Duration

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In respect of the collection of data for the provision of the website, this is only the case when the respective session has ended.

f) Objection and elimination options

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, there are no possibilities to object on the part of the user. 

3. Cookies

a) On various pages we use cookies to enable the use of certain functions. Cookies are small text files that are stored on your computer during your visit to our website. Some of them are deleted after leaving our website (session cookies). Other cookies remain on your computer so that your computer will be recognized on your next visit (so-called permanent cookies).
Opt-In
We inform every user about the use of cookies via an info banner when they visit our website. In this context, the user’s consent to the processing of the personal data used in this context is also obtained with reference to this data protection declaration.

b) The legal basis for processing related data using cookies is Art. 6 paragraph 1 lit. f GDPR.

c) The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. This applies, for example – to the shopping basket; the language settings – the search terms you entered.

d) Duration of storage, possibility of objection and removal – If you disapprove of cookies, you can set your browser to reject them. Already stored cookies can be deleted at any time. This can also be done automatically. However, this may mean that you cannot use our website to its full extent.

4. Newsletter

a) You have the possibility to order a free newsletter via our website. With this order the data requested in the input mask will be transmitted to us. The following data will be asked for:

  • E-Mail address

Within the scope of your registration the following data will be transmitted to us additionally:

  • Your IP address
  • Date and time of your order

Within the scope of the order, we will obtain your consent to process the above-mentioned data with reference to this privacy policy. The data will be used exclusively for the newsletter you have subscribed to. The data will not be passed on to third parties. We apply the so-called “Double-Opt-In-Procedure” in the context of the newsletter dispatch. Legally this means that an e-mail for confirmation is sent to the specified e-mail address before the first newsletter is sent. This serves to check whether the owner of the registered e-mail address has authorized the newsletter to be sent.

Mailchimp
For sending the newsletter we use “Mailchimp”, a service operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter “Mailchimp”). We will therefore forward the email address you provide to MailChimp. MailChimp stores its data on servers located in the USA. The Rocket Science Group LLC participates in the Privacy Shield as operator of the “Mailchimp” service:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.

MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of newsletters or for economic purposes to determine from which countries the recipients come. Please note that MailChimp does not use the data of our newsletter recipients to contact them, nor to pass them on to third parties.

The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy
The newsletters we send out include a possibility to analyze the behavior of the newsletter recipient. In particular to retrieve how many recipients have opened a newsletter and how often a certain link within a newsletter has been clicked on by the recipients. We have set up the service in such a way that the data relating to the recipients is presented to us in anonymized form so that we cannot draw any conclusions regarding the individual recipient. In addition, we have activated the option that the complete IP address is never collected or processed. 

b) The legal basis for the processing of the data which you have transmitted to us in the context of ordering the newsletter is Art. 6 para. 1 letter a GDPR (consent of the user).

c) The data is processed for sending you the newsletter.

d) Duration of storage, possibility of objection and removal
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The newsletter registration data will be deleted as soon as you cancel it. You can cancel the newsletter at any time. In each newsletter you will find a corresponding note or link to do so.

5. E-mail contact

a) On our website you will find an e-mail address which you could use to send us an e-mail. The personal data that you send with this e-mail will be stored. Specifically, the sender’s e-mail address will be stored. This data is used exclusively for communication with you. The data will not be passed on to third parties.

b) The legal basis for processing the data you sent us per e-mail is Art. 6 para. 1 lit f GDPR. If the e-mail refers to the conclusion of a contract, the legal basis is also Art. 6 para. 1 lit.b GDPR.

c) The data are processed solely for the purpose of communication.

d) Duration of storage, possibility of objection and removal – The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Regarding to contact by e-mail, it means when communication with the user has ended, i.e. when it can be concluded from the circumstances of the individual case that the matter has been resolved.

e)  At all times you can object to the processing of your personal data. In this case, however, communication with you can no longer be continued.

6. Use of Social Media Plug-Ins

We do not use social media plug-ins. If you see a note on the page about our appearances on different social media platforms, these are not plug-ins but links. In contrary to plug-ins, the operator of the platform does not receive information about your visit when you call our site. However, as soon as you click on the link, you will be forwarded to our corresponding social media account. Therefore, the operator of the platform can also process your data. As a rule, the operator will also set (analysis) cookies and assign your user behavior to your account.
Please find more detailed information on data processing on individual social media platforms under the following links:

II. Your rights (rights of the individual person)

If you wish to claim any of your rights listed below and/or require further information about them, please contact us at: team@medical-valley-emn.de

1. Right to information

You have the right to obtain confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to be informed about these personal data and to receive the following information:

  • the purpose of the processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • the intended duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
  • the existence of a right of rectification or deletion of personal data relating to them or of a right of objection to their processing by the person responsible for them;
  • the existence of a right to complain to a supervisory authority;
  • if the personal data are not held by the data subject, all available information on the origin of the data;
  • the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved and the scope and intended impact of such processing on the individual concerned.
  • You can also request information as to whether the personal data will be transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate warranties pursuant to Article 46 GDPR in connection with the transfer.

2. Right for rectification

You have the right to request the correction of incorrect personal data concerning you without delay. Considering the processing purposes, you also have the right to request the completion of incomplete personal data concerning you, even by means of a supplementary declaration.  

3. Right of removal („Right to be forgotten“)

a) You have the right to request that your personal data be deleted immediately, and we are obliged to delete such data immediately if one of the following reasons applies and the processing is not necessary:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR.
  • The personal data were processed improperly.
  • The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject.
  • The personal data was collected in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR.

b) Information to third-parties

If we made personal data public, we are obliged to delete them pursuant to paragraph a). We shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested that all links to such personal data or copies or replications of such personal data be deleted.

c) Exceptions
The above-mentioned rights of deletion do not apply if the processing is necessary:

  • – to exercise the right to freedom of expression and information;
  • – to comply with a legal obligation requiring processing under Union or national law under which we are established; or to perform a task carried out in the public interest; or in the exercise of official authority vested in us;
  • – for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i GDPR and Article 9 Ab. 3 GDPR;
  • – for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 para. 1 FADP, insofar as the law referred to a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
  • – to assert, exercise or defend legal claims.

4. Right to restrict processing

a) You have the right to request us to reduce the processing if one of the following conditions is met:

  • – the accuracy of your personal data can be challenged by you within a period. This time will enable us to verify the accuracy of your personal data,
  • – the processing is unlawful, and you oppose to the deletion of the personal data, but instead request a restriction on the use of the personal data
  • – we no longer need the personal data for the purposes of the processing, but you need the personal data to assert, exercise or defend legal claims; or
  • – You have lodged an objection to the processing under Article 21(1), but it is not yet clear whether our legitimate reasons outweigh yours.

b) In the event that processing has been restricted in accordance with (a), such personal data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If you have obtained the restriction of processing in accordance with a), you will be informed by us before the restriction is lifted.

5. Right to be informed

If you have asserted the right to rectification, deletion, or limitation of processing against us, we are obliged to notify those to whom your personal data has been revealed to. Unless this proves impossible or involves a disproportionate effort, we are obliged to inform you of this rectification, deletion, or limitation of processing. You have the right to be informed about these recipients.

6. Right to data transferability

You have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another person in charge without our interference, provided:

  • – the processing is based on a permission according to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, or on a contract according to Art. 6 para. 1 letter b GDPR and
  • – the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to request that your personal data be transferred directly from us to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons are not to be affected by this.

The right to data transferability does not apply to the process of personal data necessary for the performance of a task carried out for public interest purposes, nor in pursuit of official authority delegated to us.

7. Right to object

You have the right to object at any time, for reasons arising from your situation, to the processing of your personal data pursuant to Article 6 paragraph 1 letter e or f FADP, including profiling based on these regulations.

We will then no longer process your personal data unless we can prove compelling reasons for processing. These must be worthy of protection and outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct marketing, including profiling, insofar it is linked to this, you have the right to object at any time.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

In the context of the use of Information Society services, and without prejudice to Directive 2002/58/EC, you have the possibility to exercise your right of objection by means of automated procedures involving technical specifications.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your data protection declaration of agreement at any time. The withdrawal of consent does not affect the legality of the processing that has taken place based on the consent prior to the withdrawal.

9. Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that legally implicates you or significantly affects you in a similar way. This does not apply when the decision is necessary
• for the conclusion or fulfilment of a contract between you and us,
• when permitted by Union law or the law of the Member States, to which we are subject, and that law contains appropriate steps to safeguard your rights and freedoms and your legitimate interests; or has been made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA applies. Furthermore, appropriate measures must have been taken to protect your rights and freedoms, as well as your legitimate interests.
In the cases referred to in the indents above, we shall take appropriate action to safeguard your rights and freedoms, as well as your legitimate interests. This shall include, at least, the right to seek intervention by one of our representatives, to put forward one’s point of view and to challenge the decision.

10. Right to complain to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the country in which you are resident, your place of work or the place where the alleged infringement occurred, if you feel that the processing of personal data relating to you is contrary to the DPA.
The supervisory authority with which the complaint has been lodged, shall inform the complainant of the status and the results of the objection, including the possibility of a judicial remedy under Art. 78 of the GDPR.

III. Data protection and third-party websites

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility nor provide any guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you submit personal data to these websites.

IV. Modifications of this privacy policy

We reserve the right to modify these data protection regulations at any time with effect from now. A current version is available on the website. Please visit the website regularly and keep yourself informed about the applicable data protection regulations.