Data Privacy Statement Saalmann medical GmbH & Co. KG & Co. KG
1. Information on the collection of personal data and supplier identification
(1) Thank you for visiting our homepage www. saalmann-medical.de and for your interest in our organization and its range of products. Protection of your personal data is an important issue for us. We at Saalmann medical GmbH & Co. KG conduct our whole range of web activities as well as the processing of personal data in accordance with the applicable regulations for the protection of personal data and data safety, particularly the DS-GVO (EU-Datenschutz-Grundverordnung / EU General Data Protection Regulation GDPR). This data protection directive informs you about the way we treat information collected during your visits on this website or which you submit to us for health care purposes. Personal data is any information that can be related to you personally, such as name, address, E-mail addresses and user behavior. .
(2) With regard to service provider and responsible party pursuant to the data protection law, we refer to company and contact information in our imprint. Our address is also contact address for our designated data protection representative.
2. Collection of personal data during an informative visit
(1) Personalized data is information that assists in identifying a person. Examples are name and E-mail-address, but also a person’s surf behavior on the Internet. If your visit to our website serves informative purposes, in other words if you do not register to use our website, log in or otherwise transmit information to us, we do not collect your personal data, with the exception of the data transmitted by your browser to facilitate your visit to the website (so-called log files, legal basis article 6 (1) 1 f) DS-GVO). The writing of log files is a technical requirement for us, in order for the website you called up to be sent to your computer and displayed there. Within 7 days after calling up the website, these files are erased. Log files contain the following information:
(2) The use of log files also supports statistical evaluations and improvement of the website (legal basis article 6 (1) 1 f) DS-GVO). They enable us to recognize potential errors like faulty links. In connection with your use of the website, we record, amongst other things, the IP-address of the computer you are using. The IP-address could possibly be used to identify users of the website. We do, however, not evaluate the IP-addresses recorded according to para. (1). Evaluation of the IP-addresses is conducted solely on a statistical basis in anonymized form.
3. Data processing while and for the purpose of making contact
(1) This website does not constitute an offer to users, to use it or any other electronic means for the purpose of entering into a contract with us. A “user“ is any natural person conducting business for purposes which predominantly can neither be attributed to their commercial nor their freelance professional activities. Besides the merely informative use of our website, we offer additional services which the interested user can take advantage of. In this instance, as a rule, additional personal data is required which we use to perform the according service. If additional voluntary information can be provided, this option is indicated accordingly.
(2) Person-related data beyond the scope of No. 2 is only collected if you voluntarily provide such data when completing contact forms or sending E-mails within the scope of ordering products or services, placing inquiries, requesting material or other such activities. In this case we capture the relevant information becoming available upon contact. This particularly applies to names and transmitted contact details, date and reason for contacting us as well as contents of the correspondence. We will use the personal data captured from you for the sole purpose of providing you with the desired products or services (legal basis article 6 (1) 1 b) DS-GVO), or alternately for other purposes for which you have granted approval (legal basis article 6 (1) 1 a) DS-GVO) and which are described in this Privacy Statement. You can, for example, give your consent for third party providers to set cookies or to facilitate web- tracking in the according technical settings of your browser. Other data not immediately harvested from you for aforementioned purposes are derived from various sources, also from publicly accessible sources like telephone directories.
(3) In cases where we finance an order with terms like partial payments or purchases on account, we can have the customers’ identity and credit rating checked by a service provider, e.g. a credit agency (legal basis article 6 (1) 1 f) DS-GVO).
4. Use of our fee-based offers, disclosure of data
(1) If you use our fee-based offers and want to place an order, we require your personal information for the processing of your order. Mandatory details required to process the order are marked separately, additional information is voluntary. We process the data provided by you to complete your order (legal basis article 6 (1) 1 b) DS-GVO). Once your order has been completed, address, payment and order details are stored for the duration of the statutory retention requirements, particularly the storage obligations laid down in fiscal and commercial law (legal basis article 6 (1) 1 c) DS-GVO). Later on, these are erased, unless you agreed to an extended time frame or if additional data processing is required for the establishment, exercise or defense of legal claims or contact for promotional purposes. We assess these latter facts at the end of the third calendar year, starting with the year following the initial storage activity.
(2) To facilitate processing of your order, we might pass your data on to our principle banker, as well as to the logistics and financial service provider of your choice (legal basis article 6 (1) 1 b) DS-GVO). Our service providers are only authorized to use or process your information for the purpose of fulfilling the service for which the data has been transmitted. The data is accessible for you anytime. As far as data is passed on to external service providers, we have implemented technical and organizational measures to ensure that the privacy protection guidelines are taken into consideration. We can also disclose personal data for debt collection purposes (legal basis article 6 (1) 1 f) DS-GVO).
(3) Sofern wir im Zusammenhang mit einer Bestellung in Vorleistung gehen, etwa bei Teilzahlungen oder Kauf auf Rechnung, können wir die Identität und Bonität von Kunden durch einen Dienstleister, z.B. eine Wirtschaftsauskunftei, prüfen lassen (Rechtsgrundlage Art. 6 (1) 1 f) DS-GVO).
(4) We would like to point out that - by order of the responsible authorities - we are entitled in individual cases to share information on data, as far as required for the purposes of law enforcement, for hazard prevention by the state police, to fulfill the statutory duties of the German federal and state constitution protection authorities, federal intelligence service or military counter intelligence or enforcement of intellectual property rights (legal basis article 6 (1) 1 c) DS-GVO).
5. Data processing for Healthcare purposes
(1) If you provide us with medical or private prescriptions for the supply of a Saalmann medical aid, we assist you and process your data to apply for reimbursement by your health insurer (federal health insurance) or to obtain a quote (private health insurance) as well as the supply and billing of the according medical aid (legal basis article 22 (1) 1 b) DS-GVO). The details containing application, approval, address and payment are stored for the duration of the statutory obligations. The retention requirements pertinent to fiscal and commercial law as well as retention requirements stipulated by the Medical Device Law (legal basis article 6 (1) 1 c) DS-GVO) are explicitly included in these obligations. Unless you agreed to an extended storage or if the additional processing of your data is required for the establishment, exercise or defense of legal claims or a promotional contacting, these details are erased. We assess the latter at the end of the third calendar year, starting with the calendar year following the initial storage.
(2) To process healthcare-related issues (application, delivery, billing), we share your data with your health insurance or specialized IT-service providers who cooperate with the health insurances (legal basis article 6 (1) 1 b) DS-GVO). These IT- service providers may only process or use your data to perform the task for which it was transmitted. You can access the data anytime. In cases where data is passed on to external service providers, we have put technical and organizational measures in place to make sure that the data protection guidelines are taken into account. We can share personal data also for collection purposes (legal basis article 6 (1) 1 f) DS-GVO).
6. Your right to object
(1) you can oppose the processing of your personal data for promotional purposes (legal basis article 6 (1) 1 f) and ErwG (47) DS-GVO) any time with effect for the future. This applies also to a related evaluation of certain features like a data analysis. You can informally object to the use of your data, e.g. by clicking on a link in the Newsletter or by directly getting in touch with us: see contact information listed in the imprint.
(2) Moreover, you have the right to object processing for other purposes for reasons resulting from your particular situation, based on a balancing of interests (article 6 (1) 1 f) DS-GVO). This may be the case if data processing is not particularly required to fulfill a contract with you. If you exercise such an appeal, we request an explanation of the reasons why we should not process your personal data as we have done. In case of your justified appeal we assess the situation and either cease to process your data or adjust or respectively demonstrate to you our compelling legitimate reasons why we continue our data processing activities.
7. Data Safety
(1) We take state of the art precautions to protect your data from loss, destruction, corruption, manipulation and unauthorized access. As far as your data is collected and captured, we store the information on especially protected servers. These are protected by technical and organizational measures against loss, destruction, access, changes or dissemination of your data by unauthorized persons. Only a few authorized persons are allowed access to your data. These are responsible for the technical, commercial or editorial maintenance of the servers. Our entire staff is bound by an obligation of confidentiality.
(2) We have put a service provider in charge of the technical operation (hosting) of the website who conducts data processing on our behalf. The collection, processing, and use of your data by the service provider takes place exclusively within the context of our instructions. Any statement made in this data protection declaration applies equally to the service provider.
(3) Transient cookies (legal basis article 6 (1) 1 f) DS-GVO) are automatically erased when you close your browser. In particular, this category includes the session cookies. They store a so-called session ID which can be associated with various inquiries of your browser in the joint session. This makes your computer recognizable when you return to the website. The session cookies are erased when you close the browser.
(4) Persistent cookies are exclusively used in context with the web analytical services (legal basis article 6 (1) 1 f) DS-GVO) we employ and only as long as required; they have a life span of not more than two years. You can erase the cookies from the hard drive of your computer anytime via your browser’s data protection functions. If you do, please be aware that functions and ease of use of our online offers could be limited.
9. Analytical Service etracker
(2) The data generated by etracker are processed and stored by etracker exclusively in Germany on behalf of the provider of this website and are thus subject to the strict German and European data protection laws and standards. etracker was independently audited, certified and awarded by the privacy seal ePrivacyseal.
(3) The processing of data is based on the legal basis of Art. 6 (1) (f) (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our justified interest lies in the optimization of our online offer and our website. Since the privacy of our visitors is particularly important to us, etracker's IP address is anonymized as early as possible and log-in or device identifiers are converted into a unique, but not individual-assigned key. Any other use, combination with other data or a transfer to third parties by etracker is excluded.
(4) You may refuse to the above-described data processing at any time, provided it is personal. Your refusal has no adverse consequences for you. (Click here for refusal)
(5) Further information on data protection by etracker can be found here.
10. Additional information according to DS-GVO / GDPR
(1) This declaration on data protection applies to our website and the healthcare-related services we provide. For your comprehensive information we provided links on our homepage which refer to pages of third party providers. As far as this is not immediately obvious, we inform you when you are dealing with an external link. The present privacy statement does not extend to these other providers. It is recommended that once you leave our website, you carefully read the data protection guideline of any website.
(2) Responsible party for processing your personal data is Saalmann medical GmbH & Co. KG, Südbahnstr. 34, 32547 Bad Oeynhausen, Germany. Additional contact information can be found in the imprint of our website.
(3) There is no intention to transmit your data to a recipient in a third country (not a member state of the EU or the European Economic Area) or an international organization. With regard to the possibility of disclosure of your data by third party providers in the USA, we refer to No. 9, 12. and 13. of this privacy statement.
(4) You can request information on the data we stored and have the right to request correction of incorrect data, to restrict data processing as well as to request erasure, as far as there is no conflict with statutory storage obligations. The right of erasure does not apply if additional processing is required for the establishment, exercise or defense of legal claims, like the compliance with objection to the use of personal data in advertising. With regard to the personal data you provided when filling out an input screen or a contact form, to obtain approval or to conduct an existing contract between us, you are entitled to data portability in a structured, common and machine-readable format.
(5) As far as your approval is required to process your data (legal basis article 6 (1) 1 a) DS-GVO), you have the right to revoke the approval anytime. The legality of the processing that took place before your revocation is not affected by this revocation. Statutory legal bases for approval remain unaffected by your revocation of approval.
(6) You have the right to appeal to a data protection authority, like the state commissioner for data protection and freedom of information Nordrhein-Westfalen, Kavalleriestr. 2 - 4, 40213 Düsseldorf, firstname.lastname@example.org, who is responsible for our organization.
11. Changes in the privacy statement
We will update the statement as required to adjust them to changes in the contents of our website as well as general legal changes.
Version: July 2019