We take the protection of your personal data very seriously. Therefore, we treat your personal data always and of course in accordance with the legal data protection obligations. We have appointed a qualified and reliable Data Protection Officer. The external commissioning of data protection will be conducted from UIMC Dr. Vossbein GmbH & Co KG.
In the following, we would like to inform you about the processing of personal data.
Collection and Processing of Personal Data
You can use our website based on a non-disclosure of your identity. Should we on our website ask for your personal data, e.g. in a contact form or by registering / login and if personal data are queried (in example name, address or email address), we state that this will be done on a voluntary basis.
You agree by sending these information that it can be used for our business purposes (sending of requested material / information, processing regarding advertisement and market research purposes) if you have not objected. Additional information may be given on a voluntary base. The personal data provided for the purpose of getting into contact with us is being handled according to article 6 (1) sentence 1 lit. a of the GDPR and is based on your voluntary acceptance.
Your personal data being given in our contact form will be deleted after providing the requested information to you and after the legal record retention periods have ended.
Your once given consent can be repealed at any time which will take effect in the future. The links shown in our newsletter or on our website may be used for that purpose.
Transfer of Data
A transfer to Third Parties for commercial or non-commercial purposes will not happen without your explicit consent. We will only transfer your personal data to third parties if this is permitted by law (for example based on article 6 GDPR) and/or necessary by law. In some cases we are using service providers for processing data provided by law; our website is hosted by engelmann soft.www.are UG (hfb) and serviced by CREATIVUM GmbH. Full responsibility for processing the data remains with us though. In certain cases we are using plugins from other providers on our website; details can be found further down.
This site uses “Cookies”. Cookies are text files that will be stored on your computer and allow analysis of the use of the website as well as recognize by your next visit of this website. You can prevent the installation of cookies through an appropriate setting in your browser. However, this could result that you will be unable to use some of the function of this website.
Every time accessing this website, protocols for statistical purposes will be created and processed whereby single users will remain anonymous:
- Referrer (site from the link you reached this website)
- Search terms (by search engines as referrer)
- IP is evaluated to determine the country of origin and the provider
- Browser, operation system, installed plug-ins and screen resolution
- Duration of the visit on the website.
We reserve the right to check this data subsequently if we have concrete indications of an illegal use.
Liability for own Content
The content of these sites has been created with the greatest accuracy. We cannot provide any guarantee for accuracy, completeness and topicality of the content. As a service provider, we are responsible for our own content on these sites according to the general laws.
Liability for Links (Content of Third Party Providers)
It is important to distinguish between our own content and references (“links”) that lead to other content from other providers. We have no influence on their content of the linked websites. Here, it is always the provider or the operator of these sites that is responsible for the content.
Right of Access, Erasure and Restriction
We hereby inform you that pursuant to Article 15 et seq. GDPR you have the right to obtain information on the personal data concerned, as well as rectification or deletion or limitation of processing or of a right to object to processing as well as of the personal data Right to have data portability. Likewise, under Article 77 of the GDPR, you have the right to complain to a data protection supervisory authority if you consider that the processing of your personal data in breach of the GDPR. If the processing is based on Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR (Consent), you also have the right to revoke the consent at any time without affecting the legality of the processing on the basis of the consent until the revocation.
Change of our Data Protection Regulations
If you have any questions regarding the processing of personal data you can contact our Data Protection Officer who is available with his team in the case of any requests of information, general requests or complaints.
Contact to the Data Protection Officer
External Data Protection Officer, Otto-Hausmann-Ring 113, 42115 Wuppertal
Tel: 0202 / 946 7726 200
To find us easily, we offer you the use of Google Maps where you can see maps and create routes. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These sites will be made visible accordingly.
Web analysis with Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called Cookies, text files that will be stored on your computer and allow an analysis of the use of the website. The information about the use of the website produced through Cookies (including your shortened IP address) is transferred and stored on a Google server in the US. Google will use this information to evaluate the use of the website, to prepare reports of website activities for the website provider and to deliver other services connected with the use of the website and the Internet. Additionally, Google may transfer this information to Third Parties if it is legally required or if Third Parties process these data on request of Google. Google will not in any case establish a combination between your IP address and other data from Google.
You can object to the use of your data through Google by installing a so-called add-on in your browser. Therefore, you can follow this link that leads you to the site of Google:
http://tools.google.com/dlpage/gaoptout?hl=de (external site).
We consider implementing further plugins to social networks in the future. In such cases we are going to handle your personal data as follows:
Facebook (Like Button)
On our website, we partly use so-called plug-ins (“like”-buttons) that are integrated from Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). By accessing the particular site on our website, Facebook will be notified which of our Internet sites you have visited with your IP address. This will be added to your Facebook user account if you are logged in as a member. A use of plug-in functions (e.g. clicking the “like”-buttons, submitting of a comment), will generate information added to your Facebook account. This could be prevented through a logout before this plug-in is used.
Our sites use functions of Google+. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. With the help of a Google+ -buttons you can publish information worldwide. The Google+ -buttons helps you and others to get personalised content from Google and our partners. Google stores both, information that you have given +1 and information about the site that you visited and clicked on +1. Your +1 can be displayed as notes together with your profile name and your photo in Google services such as search results or in your Google profile, or at other places and websites and Internet advertisements. Google records information of your +1 activities to improve the Google services for you and others. In order to use Google+ -buttons you need a worldwide visible public Google profile that uses at least the name for the profile chosen. This name will be used in all Google services. In some cases, this name can also be exchanged through another name that you used when sharing content through your Google account. The identity of your Google profile can be displayed to users that know your email address or have other identifiable information about you. In addition to this above-mentioned purpose of use, Google will use your information that has been made available according to the valid data protection regulations of Google. Google may share summarised statistics of the +1 activities of the user or may pass on this information onto users or partners such as publishers, advertisers or linked websites.
Following, we explain the "Right of Access, Erasure and Restriction" in detail. The following text is not yet translated an will soon be replaced with the english version.
Rights of data subjects
Right of access by the data subject (Article 15 GDPR)
On request, a data subject is entitled to confirmation as to whether or not their personal data are being processed. In addition, the data subject shall be provided with information on request.
That information shall include the following points:
- Purpose of the processing
- The categories of personal data concerned
- Where applicable, the recipient or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in other countries or international organisations
- The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
- The existence of rights
- The right to request information
- The right to request rectification or erasure of personal data or restriction of processing concerning the data subject
- The right to data portability
- The right to lodge a complaint with a supervisory authority
- Information to be provided where personal data have not been obtained from the data subject: any available information as to their source
- Where applicable, the existence of automated decision-making, including profiling, referred to in 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to 46 GDPR relating to the transfer.
The data subject shall be given free of charge a copy of all the personal data that are processed, taking into account the rights of third parties. When providing the copy, it is not permitted to infringe e.g. company secrets or intellectual property rights (copyright, trademarks). For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Rectification of data (Article 16 GDPR)
On request by the data subject, any inaccurate personal data shall be rectified without delay and any incomplete personal data completed. All recipients of the personal data affected by the rectification shall be notified unless this is impossible or if it would involve disproportionate effort. On request by the data subject, he or she is to be informed of the recipients.
Erasure of data (Article 17 GDPR)
Right to erasure
On request by the data subject, the personal data relating to that data subject shall be erased without delay, provided one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- The data subject withdraws his or her consent which formed the basis for the processing, and there are no other statutory grounds for the data to be processed.
- The data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for the purposes of direct advertising
- The personal data have been unlawfully processed
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- The personal data have been collected in relation to the offer of information society services (child's consent).
All recipients of the personal data affected by the erasure shall be notified unless this is impossible or if it would involve disproportionate effort. On request by the data subject, he or she is to be informed of the recipients.
The right to be forgotten
To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that a controller who has made the personal data public should be obliged to inform the controllers which are processing such personal data to erase any links to, or copies or replications of those personal data.
There shall be no right to erasure if the processing of the personal data is required in the following cases:
- For exercising the right of freedom of expression and information
- For the performance of a statutory requirement or task carried out in the public interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3)
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- For the establishment, exercise or defence of legal claims.
Restriction of processing (Article 18 GDPR)
The data subject shall have the right to obtain from the controller restriction of processing. ‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
- The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Where the restriction is cancelled, the data subject shall be notified in advance of the cancellation.
All recipients of the personal data affected by the restriction shall be notified unless this is impossible or if it would involve disproportionate effort. On request by the data subject, he or she is to be informed of the recipients.
Right to data portability (Article 20 GDPR)
The data subject is entitled to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format.
On request by the data subject, the personal data relating to that data subject shall be transmitted to another controller from the controller to which the personal data have been provided where the processing is based on consent or a contract and the processing is carried out by automated means.
Right to object (Article 21 GDPR)
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on one of the following provisions:
- If the processing is carried out in the public interest or in the exercise of official authority or
- If the processing is carried out on the grounds of the legitimate interests of the controller or a third party but without compelling legitimate grounds of the part of the data subject.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.
Automated individual decision-making (Article 22 GDPR)
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Automated decision-making is permitted in the following individual cases, where the exceptions are not permitted to apply to decisions based on special categories of personal data as defined in Article 9 GDPR:
- The decision is necessary for entering into, or performance of, a contract with the data subject
- The decision is authorised by legal provisions to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests or
- The decision is based on the data subject's explicit consent.
If automated individual decision-making is required for fulfilment of the contract or if it is based on consent, suitable measures are to be taken to guarantee the rights and freedoms and the legitimate interests of the data subject.