Privacy Policy

Start | Privacy Policy

Content

Privacy policy

Content

Introduction

I. Collection of Personal Data

  1. Definition of Terms
  2. Hosting and handling of data when visiting our site
  3. Cookies
  4. Newsletter
  5. E-mail contact
  6. Use of social media plug-ins

II. Your rights (Rights of the Individual concerned)

  1. Right of information
  2. Right of rectification
  3. Right of removal („Right to be forgotten”)
  4. Right to restrict processing
  5. Right to be informed
  6. Right to data transferability
  7. Right to object
  8. Right to withdraw the declaration of consent under data protection law
  9. Automated decisions in individual cases including profiling
  10. Right to complain to the supervisory authority

III. Data protection and third-party websites

IV. Changes to this privacy policy

Introduction 

Medical Valley EMN e. V.
Henkestraße 91
91052 Erlangen

(hereinafter: “We”) as owner of the medical-valley-emn.de website
is responsible for the personal user data (hereinafter: “you”) of the
website within the terms of the General Data Protection Regulation (furthermore referred to as “GDPR”).  

We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of the data protection regulations and the applicable data protection regulations, accordingly to the GDPR. These data protection regulations determine which personal data we collect, process and use from you. Please read the following statements very carefully.

 

I. Collection of personal Data

1. Definition of Terms

The meaning of the term accordingly to the GDPR for:

  • Personal Data:

Regarding any information relating to an identified or identifiable natural
person. An identifiable person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier, or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • Natural individual

Any identified or identifiable natural person whose personal data are processed by the responsible handler;

  • Handler

Any operation or set of operations carried out with or without the aid of
automated means in relation to personal data, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making data accessible, alignment or combination, restriction, erasure or the

  • Restriction of
    Handling

The marking of stored personal data with purpose of limiting future
processing;

  • Profiling

any form of automated processing of personal data consisting in using such
personal data to evaluate certain personal aspects relating to a natural
person. This, particularly, with a view to analyze or predict aspects relating
to work performance, economic situation, health, personal preferences,
interests, reliability, conduct, whereabouts or change of location of that natural person;

  • Pseudonymisation

Processing of personal data in such manner that the personal data cannot be related to a specific data subject without the inclusion of additional
information. This, provided that additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data cannot be related to an identified or identifiable natural person;

  • Accountability

A natural or legal person, public authority, agency or any other body that stands alone or jointly with others determines the purposes and means of the processing of personal data. If such purposes and means of processing are
determined by Union law or by the law of the Member States, arrangements may be made for the accountable person or for the specific criteria for his or her nomination under Union law or the law of the Member States;

  • Contractor

a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the responsible person;

  • Recipient

(1) A natural or legal person, public authority, agency or any other body
to whom personal data are disclosed, whether or not that person is a third-party.
(2) However, authorities which may receive personal data in the course of a
specific investigation, in accordance with Union law or the law of the Member States, shall not be considered as recipients. The processing of such data by the abovementioned authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the processing purposes;

  • Third-party

A natural or legal person, public authority, agency or body other than the data subject, the person responsible, the handler and the persons who, under the direct authority of the responsible person or the handler, are authorized
to process the personal data;

  • Consent

a freely given specific, determined and unequivocal indication of the
person concerned’s wishes in the form of a declaration or any other unequivocal affirmative act by which the person concerned indicates his or her consent to the processing of personal data relating to him or her;

2. Hosting

a) For the availability of our offer, we use hosting services (especially
storage space, computing capacity, platform services). Within the scope of
this, we or our hosting provider process personal data in accordance with this
privacy policy. The legal basis for hosting services is Art. 6, §1 lit. f GDPR.
We have concluded a contract with our hosting provider for commissioned data processing in accordance with Art. 28 GDPR.  

b) You can visit our site without giving any information about yourself,
with exception of the (access) data that your Internet browser sends us, e.g.  

  • The name of your internet service provider
  • The date and time of your access to our website 
  • Your browser type
  • The browser settings
  • The operating system used
  • The last page you visited
  • Your IP address.

In addition, personal data is only collected if you provide it voluntarily,
for example by placing an order, opening a customer account or subscribing to our newsletter.

c) Description and legal basis

The data is also stored in the log files of our system, whereby IP addresses are only stored in anonymised form. This is done by storing an IP address 123.123.123.XXX, where XXX is a random value between 1 and 254, instead of the actual IP address of the visitor, e.g. 123.123.123.123.123. Therefore, it is no longer possible to establish a personal reference. 

The legal basis for this temporary storage of data and log files is Art. 6,
§1 letter f GDPR.

d) Purpose of data processing

The temporary storage of the IP address by the system is necessary to
enable the website to be forwarded to the user’s computer.

The storage in log files is to ensure the functionality of the website. In
addition, the data is used to optimize the website and to ensure the security
of our information technology systems. An evaluation of the data for marketing purposes is not conducted in this context.

These purposes also cover our legitimate interest in data processing in
accordance with Art. 6 Para. 1 letter f GDPR.

e) Storage Duration

The data will be deleted as soon as they are no longer necessary for the
purpose for which they were collected. In respect of the collection of data for
the provision of the website, this is only the case when the respective session
has ended.

f) Objection and elimination options

The collection of data for the provision of the website and the storage of
the data in log files is mandatory for the operation of the website. Therefore,
there are no possibilities to object on the part of the user. 

3. Cookies

a) On various pages we use cookies to enable the use of certain functions. Cookies are small text files that are stored on your computer during your visit to our website. Some of them are deleted after leaving our website (session cookies).
Other cookies remain on your computer so that your computer will be recognized on your next visit (so-called permanent cookies).
Opt-In
We inform every user about the use of cookies via an info banner when they
visit our website. In this context, the user’s consent to the processing of the
personal data used in this context is also obtained with reference to this data protection declaration.

b) The legal basis for processing related data using cookies is Art. 6
paragraph 1 lit. f GDPR.

c) The purpose of using technically necessary cookies is to simplify the
use of websites for users. Some functions of our website cannot be offered
without the use of cookies. For these it is necessary that the browser is recognized even after a page change. This applies, for example, to the shopping basket, the language settings, the search terms you entered.

d) Duration of storage, possibility of objection and removal – If you disapprove of cookies, you can set your browser to reject them. Already stored cookies can be deleted at any time. This can also be done automatically. However, this may mean that you cannot use our website to its full extent.

4. Newsletter

a) You have the possibility to order a free newsletter via our website.
With this order the data requested in the input mask will be transmitted to us.
The following data will be asked for:

  • E-Mail address

Within the scope of your registration the following data will be transmitted
to us additionally:

  • Your IP address
  • Date and time of your order

Within the scope of the order, we will obtain your consent to process the
above-mentioned data with reference to this privacy policy. The data will be
used exclusively for the newsletter you have subscribed to. The data will not
be passed on to third parties. We apply the so-called “Double-Opt-In-Procedure” in the context of the newsletter dispatch. Legally this means that an e-mail for confirmation is sent to the specified e-mail address before the first newsletter is sent. This serves to check whether the owner of the registered e-mail address has authorized the newsletter to be
sent.

Mailchimp
For sending the newsletter we use “Mailchimp”, a service operated by
Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter “Mailchimp”). We will therefore forward the email
address you provide to MailChimp. MailChimp stores its data on servers located in the USA.
We have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you wish, you can review this data processing agreement at the following Internet address:

https://mailchimp.com/legal/data-processing-addendum/

In addition, MailChimp is certified under the US-European data protection agreement “Privacy Shield” and is thus committed to complying with EU data protection regulations.

MailChimp uses this information to send and evaluate the newsletter on our
behalf. Furthermore, MailChimp may use this data according to its own
information to optimize or improve its own services, e.g. for technical
optimization of sending and presentation of newsletters or for economic
purposes to determine from which countries the recipients come. Please note that MailChimp does not use the data of our newsletter recipients to contact them, nor to pass them on to third parties.

The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy
The newsletters we send out include a possibility to analyze the behavior of
the newsletter recipient. In particular to retrieve how many recipients have
opened a newsletter and how often a certain link within a newsletter has been
clicked on by the recipients. We have set up the service in such a way that the
data relating to the recipients is presented to us in anonymized form so that
we cannot draw any conclusions regarding the individual recipient. In addition, we have activated the option that the complete IP address is never collected or processed. 

b) The legal basis for the processing of the data which you have
transmitted to us in the context of ordering the newsletter is Art. 6 para. 1
letter a GDPR (consent of the user).

c) The data is processed for sending you the newsletter.

d) Duration of storage, possibility of objection and removal
The data will be deleted as soon as they are no longer necessary for the
purpose for which they were collected. The newsletter registration data will be deleted as soon as you cancel it. You can cancel the newsletter at any time. In each newsletter you will find a corresponding note or link to do so.

5. E-mail contact

a) On our website you will find an e-mail address which you could use to
send us an e-mail. The personal data that you send with this e-mail will be
stored. Specifically, the sender’s e-mail address will be stored. This data is
used exclusively for communication with you. The data will not be passed on to third parties.

b) The legal basis for processing the data you sent us per e-mail is Art. 6
para. 1 lit f GDPR. If the e-mail refers to the conclusion of a contract, the
legal basis is also Art. 6 para. 1 lit.b GDPR.

c) The data are processed solely for the purpose of communication.

d) Duration of storage, possibility of objection and removal – The data
will be deleted as soon as they are no longer necessary for the purpose for
which they were collected. Regarding to contact by e-mail, it means when
communication with the user has ended, i.e. when it can be concluded from the circumstances of the individual case that the matter has been resolved.

e)  At all times you can object to the processing of your personal data. In this case, however, communication with you can no longer be continued.

6. Use of Social Media Plug-Ins

We do not use social media plug-ins. If you see a note on the page about
our appearances on different social media platforms, these are not plug-ins but links. In contrary to plug-ins, the operator of the platform does not receive information about your visit when you call our site. However, as soon as you click on the link, you will be forwarded to our corresponding social media account. Therefore, the operator of the platform can also process your data. As a rule, the operator will also set (analysis) cookies and assign your user behavior to your account.
Please find more detailed information on data processing on individual social
media platforms under the following links:

II. Your rights (rights of the
individual person)

If you wish to claim any of your rights listed below and/or require further
information about them, please contact us at:
team@medical-valley-emn.de

1. Right to information

You have the right to obtain confirmation as to whether personal data
concerning you are being processed. If this is the case, you have the right to
be informed about these personal data and to receive the following information:

  • the purpose of the processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • the intended duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
  • the existence of a right of rectification or deletion of personal data relating to them or of a right of objection to their processing by the person responsible for them;
  • the existence of a right to complain to a supervisory authority;
  • if the personal data are not held by the data subject, all available information on the origin of the data;
  • the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved and the scope and intended impact of such processing on the individual concerned.
  • You can also request information as to whether the personal data will be transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate warranties pursuant to Article 46 GDPR in connection with the transfer.

2. Right for rectification

You have the right to request the correction of incorrect personal data concerning you without delay. Considering the processing purposes, you also have the right to request the completion of incomplete personal data concerning you, even by means of a supplementary declaration.  

3. Right of removal („Right to be forgotten“)

a) You have the right to request that your personal data be deleted immediately, and we are obliged to delete such data immediately if one of the following reasons applies and the processing is not necessary:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR.
  • The personal data were processed improperly.
  • The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject.
  • The personal data was collected in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR.

b) Information to third-parties

If we made personal data public, we are obliged to delete them pursuant to
paragraph a). We shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested that all links to such personal data or copies or replications of such personal data be deleted.

c) Exceptions
The above-mentioned rights of deletion do not apply if the processing is
necessary:

  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation requiring processing under Union or national law under which we are established; or to perform a task carried out in the public interest; or in the exercise of official authority vested in us;
  • for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i GDPR and Article 9 Ab. 3 GDPR;
  • for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 para. 1 FADP, insofar as the law referred to a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
  • to assert, exercise or defend legal claims.

4. Right to restrict
processing

a) You have the right to request us to reduce the processing if one of the
following conditions is met:

  • the accuracy of your personal data can be challenged by you within a period. This time will enable us to verify the accuracy of your personal data,
  • the processing is unlawful, and you oppose to the deletion of the personal data, but instead request a restriction on the use of the personal data
  • we no longer need the personal data for the purposes of the processing, but you need the personal data to assert, exercise or defend legal claims; or
  • you have lodged an objection to the processing under Article 21(1), but it is not yet clear whether our legitimate reasons outweigh yours.

b) In the event that processing has been restricted in accordance with (a),
such personal data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on
grounds of an important public interest of the Union or of a Member State. If
you have obtained the restriction of processing in accordance with a), you will be informed by us before the restriction is lifted.

5. Right to be informed

If you have asserted the right to rectification, deletion, or limitation of
processing against us, we are obliged to notify those to whom your personal
data has been revealed to. Unless this proves impossible or involves a
disproportionate effort, we are obliged to inform you of this rectification, deletion, or limitation of processing. You have the right to be informed about these recipients.

6. Right to data
transferability

You have the right to receive your personal data that you have provided to
us in a structured, common, and machine-readable format. You also have the right to transfer this data to another person in charge without our interference, provided:

  • the processing is based on a permission according to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, or on a contract according to Art. 6 para. 1 letter b GDPR and
  • the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to request that your personal data be transferred directly from us to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons are not to be affected by this.

The right to data transferability does not apply to the process of personal
data necessary for the performance of a task carried out for public interest
purposes, nor in pursuit of official authority delegated to us.

7. Right to object

You have the right to object at any time, for reasons arising from your situation, to the processing of your personal data pursuant to Article 6 paragraph 1 letter e or f FADP, including profiling based on these regulations.

We will then no longer process your personal data unless we can prove
compelling reasons for processing. These must be worthy of protection and outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct marketing, including profiling, insofar it is linked to this, you have the right to object at any time.

If you object to processing for direct marketing purposes, your personal
data will no longer be processed for these purposes.

In the context of the use of Information Society services, and without
prejudice to Directive 2002/58/EC, you have the possibility to exercise your
right of objection by means of automated procedures involving technical specifications.

8. Right to withdraw the
declaration of consent under data protection law

You have the right to withdraw your data protection declaration of
agreement at any time. The withdrawal of consent does not affect the legality
of the processing that has taken place based on the consent prior to the
withdrawal.

9. Automated decisions in
individual cases including profiling

You have the right not to be subject to a decision based solely on
automated processing, including profiling, that legally implicates you or significantly affects you in a similar way. This does not apply when the decision is necessary
• for the conclusion or fulfilment of a contract between you and us,
• when permitted by Union law or the law of the Member States, to which we are subject, and that law contains appropriate steps to safeguard your rights and freedoms and your legitimate interests; or has been made with your explicit consent.
However, these decisions may not be based on special categories of personal
data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA
applies. Furthermore, appropriate measures must have been taken to protect your rights and freedoms, as well as your legitimate interests.
In the cases referred to in the indents above, we shall take appropriate action
to safeguard your rights and freedoms, as well as your legitimate interests.
This shall include, at least, the right to seek intervention by one of our representatives, to put forward one’s point of view and to challenge the
decision.

10. Right to complain to the
supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in
the country in which you are resident, your place of work or the place where
the alleged infringement occurred, if you feel that the processing of personal
data relating to you is contrary to the DPA.
The supervisory authority with which the complaint has been lodged, shall
inform the complainant of the status and the results of the objection,
including the possibility of a judicial remedy under Art. 78 of the GDPR.

III. Data protection and
third-party websites

The website may contain hyperlinks to and from third-party websites. If you
follow a hyperlink to one of these websites, please note that we cannot accept any responsibility nor provide any guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you submit personal data to these websites.

IV. Modifications of this
privacy policy

We reserve the right to modify these data protection regulations at any time with effect from now. A current version is available on the website. Please visit the website regularly and keep yourself informed about the applicable data protection regulations.