Privacy Policy


We take privacy seriously

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.

If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.

Responsible party:
medi GmbH & Co. KG
Medicusstr. 1
D-95448 Bayreuth
Germany
Telephone: +49 (0)921 912-0
E-Mail: info@medi.de

Personal data

Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.

When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.

Stored data

Server log files

Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us.
These are:

  • Data and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • the web browser and operating system used
  • complete IP address of the computer making the request
  • amount of data transmitted

This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.

More information

Customer account

We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.

The legal basis for this processing activity is art. 6 (1) (b) GDPR.

We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

For more information about the use of cookies on our site, please see the section "Cookies".

Newsletter

We use the service of Inxmail GmbH, Wentzingerstrasse 17, 79106 Freiburg, Germany, to send the newsletter.

We use the double opt-in procedure. The newsletter service will only be activated after you have expressly confirmed to us that you wish to receive it.

If you would like to receive the newsletter offered on the website, we require an e-mail address from you, which allows us to check that you are the owner of the e-mail address provided and that you agree to receive our newsletter. We will then send you a notification e-mail and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in that email.

When you subscribe to our newsletter, we will store your IP address and the date of registration. Further data will not be collected (or only on a voluntary basis). This storage serves solely as proof in the event that a third-party misuses your e-mail address to register you without your knowledge or your authorisation to receive the newsletter.

The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 [1a] GDPR).

You can revoke your consent to the storage of your data, e-mail address and its use for sending the newsletter at any time with effect for the future, for example, by clicking on the “unsubscribe” link in the newsletter. The legality of any and all data processing operations previously carried out shall not be affected by your revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and then deleted after you cancel the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the Member’s Area) shall remain unaffected.

For more information about privacy at Inxmail, please visit https://www.inxmail.com/data-conditions

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.

Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Data transfers to third countries

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

Storage period

We will store your data,

  • if you have consented to the processing thereof, only until you withdraw your consent;
  • if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
  • if statutory retention obligations exist, until the end of the retention periods.

Your rights

You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.

Right of access:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.

Right to erasure:

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.

Right to restrict processing:

You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
  • the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and that such processing is carried out using automated procedures. If technically feasible, you may request us to transfer your data directly to another representative.

Right to object:

If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to appeal:

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.

Privacy notice

Are you an applicant, customer, specialist dealer or supplier? You will find our privacy notice here.

Changes to this Privacy Policy

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure that you have the latest version. If substantial changes are made to this privacy statement, we will post them on our website.

All interested parties and visitors to our website can contact us with questions about privacy at:

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Germany
E-Mail: dataprotection@medi.de