Privacy policy
We welcome your visit to our website. Your privacy and the associated protection of personal data are matters of great importance to us. Accordingly, our business activities are conducted in accordance with the applicable legal provisions on data protection and data security. Our aim is to ensure that you feel safe with us. For this reason, we and our data protection officer are committed to compliance with data protection regulations.
We are aware of the importance of the data you have entrusted to us and in the text below we would like to inform you of the following points:
- The purposes for which your (personal) data is collected, processed and used
- How we handle your data and protect it
- Who we share the data with
- How you can exercise your rights
When you visit our website, we collect certain data about you. You can find further information about this in this text.
Please read the following carefully.
Definitions of terms
Data protection is a complex matter. When visiting and using our website, data traces of your visit remain on our servers for technical reasons.
Some data is transmitted to our servers by your Internet browser and gathered in so-called log files, which we will be happy to explain to you below.
We have put together an explanation of some of the key terms in order to make it easier for you to understand this privacy policy.
In simple terms, ‘processing’ within the meaning of Art. 28 of the General Data Protection Regulation (GDPR) is understood to mean a service which involves the gathering, processing and/or use of personal data by a service provider on behalf of and in accordance with the instructions of the so-called controller. Before a service provider is instructed with such a task, we conclude a special contract with the service provider and ensure further measures are in place to protect your personal data.
‘Cookies’ are small text files that are stored on your device (e.g. computer or smartphone) and store certain settings and data that are exchanged with our system via your browser.
A cookie usually contains the name of the visited website from which the cookie data was sent, information about the age of the cookie and an alphanumeric identification code.
Cookies allow the systems to recognise the user’s device and make any presets instantly available.
A ‘third party’ is any natural or legal person or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data, see Art. 4(10) GDPR.
Accordingly, a third party is deemed to be not involved if personal data is given to a service provider in the course of processing as per Art. 28 GDPR.
IP addresses are digit sequences that can be assigned to individual IT devices or a group. The IP address makes it possible to assign data to the right recipient, in a similar way to postal addresses. In addition, the browser type/version and the operating system being used are also recorded.
‘Personal data’ means any information relating to an identified or identifiable natural person, particularly the first name and surname, date of birth, email address, physical address, bank and payment details and health data, see Art. 4(1) GDPR.
The ‘controller’ as per Art. 4(7) GDPR is any person or body which, alone or jointly with others, determines the purposes and means of the processing of personal data (in this case: the website operator).
A. Controller
Who is responsible for data processing and who can I contact?
The body responsible for data processing is:
Medperion GmbH
Horbeller Str. 11
50858 Cologne
Tel.: +49 (0)2234 20360
Fax: +49 (0)2234 203 661
If any other body than the one stated above is the ‘controller’ within the meaning of the General Data Protection Regulation, you will be explicitly and separately informed of this, unless this is obvious.
You can contact our data protection officer using the following email address: datenschutz@sanvartis.de
B. The purposes and scope of data processing when visiting the website
How is personal data processed when visiting our website?
Each time a user accesses a page on our website and each time a file is retrieved, access data relating to this process is stored in a log file on our server.
Each data set consists of the following:
• The page from which the file was requested (the so-called referrer URL)
• The name of the file
• The date and time of the request (the so-called ‘time stamp’)
• The amount of data transmitted
• The access status (file transmitted, file not found, etc.)
• A description of the type of web browser used (‘browser’ for short; e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Apple Safari, Opera, etc.)
If you visit our website, information of a general nature will be automatically gathered. This information (server log files) includes the operating system used, the domain name of your Internet service provider and similar details. This is solely information that does not allow any inferences to be drawn about your identity. This information is technically necessary for correctly delivering the website content requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimise our website and the technology behind it.
The legal basis for this is Art. 6(1)(f) GDPR. We do not share your data with third parties unless you have given us your consent to do so. However, for certain areas (e.g. the hosting of our website), we rely on service providers, who we require to comply with the legal provisions when processing data.
C. Email contact
It is possible to contact us via the email address provided. In such cases, the user’s data sent with the email will be stored and to some extent shared with our external service provider for processing.
In each case, the data will be used solely for processing the conversation.
The legal basis for processing data that is transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the aim of the email correspondence is to conclude a contract, the additional legal basis for the processing of data is Art. 6(1)(b) GDPR.
Contact by email also constitutes the necessary legitimate interest in the processing of data. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was acquired.
D. Sending newsletter emails via CleverReach
Our emails are sent via the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany (‘CleverReach’), with whom we share the data you provided when registering for the mailing list.
The legal basis for the sharing of this data is Art. 6(1)(f) GDPR and serves our legitimate interest in using an informative, secure and user-friendly email communication system. The data you enter (e.g. email address) will be stored on the servers of CleverReach in Germany or Ireland.
CleverReach uses this information for sending emails and for statistically evaluating the email distribution list on our behalf.
To enable evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether an email sent via the distribution list has been opened.
Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system).
The data is collected solely in pseudonymised form and is not linked to your other personal data. It is impossible to link the data directly to a specific individual.
This data is used solely for the purpose of statistical analysis.
The results of these analyses can be used to better tailor future emails to your interests.
If you wish to opt out of data analysis for statistical evaluation purposes, you can unsubscribe from receiving the emails.
We have concluded a data processing agreement with CleverReach, in which we require CleverReach to protect the data of our customers and not share it with third parties.
You can find out more about the data analysis performed by CleverReach here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
You can view the CleverReach privacy policy here: https://www.cleverreach.com/de/datenschutz/.
E. Personal data that we receive from other sources – social media
You can contact us via our presence on external sources such as LinkedIn and XING. However, this can only be done if you ‘join our network’ on LinkedIn or XING.
linkedin privacy policy / xing privacy policy
Here, too, we only collect the personal data from you that is required for communicating and making further contact with you.
The legal basis for processing your data in the context of making contact as set out above is Art. 6(1)(a) GDPR. If we do not have your consent, Art. 6(1)(f) GDPR additionally applies.
F. Embedding of external services and media (iframes)
Third-party services are embedded in our website. These are not directly playable from our website, you must first agree to access them. By visiting the website, these providers receive the information that you have accessed the corresponding subpage of our website. In addition, further data is transmitted. This occurs regardless of whether you have a user account there, via which you are logged in, or whether there is no user account. If you do not want the assignment to your profile, you must log out before activating the respective button. You have the right to object to the creation of these user profiles, whereby you must contact the respective providers to exercise this right. With the embeddings, we pursue the interest of showing you content that is of interest to you in order to make our website more interesting for you. The legal basis for the processing of your data is Art. 6 (1) f) DSGVO. You can remove your consent at any time via the cookie banner.
G. Personal information automatically collected by us – session cookies
Our website uses so-called session cookies as standard. These make it possible to designate several requests of a page visit as belonging together.
For technical reasons, it is necessary to allow session cookies in order to use the full range of functions on our website. The session cookies are deleted as soon as you end your browser session. The following session cookie is used: CraftSessionId
H. Cookie consent tool
We use a specially programmed cookie consent tool that enables the user to allow or reject different cookie categories. Information about the use of individual tools is detailed in the privacy policy. The settings of the cookie consent tool are also stored in a cookie: Medperion.cookieConsent
Categories:
Necessary
Session cookie
Cookie consent tool
Marketing
Google Analytics
The legal basis for processing the described data – insofar as it is personal – is Art. 6(1)(f) GDPR. Our legitimate interest lies in offering you an appealing, user-friendly and technically functional website.
I. SSL encryption
We use state-of-the-art encryption methods (e.g. SSL) via HTTPS in order to protect the security of your data during transmission.
For the purpose of information security, your IP address as well as the date and time of the visit are also logged.
J. YouTube videos
We embed YouTube videos on some pages of our website. The operator of the corresponding plug-in is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. YouTube will then be informed of the pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this from happening by logging out of your YouTube account beforehand. If a YouTube video is started, the provider uses cookies that collect information about user behaviour. Anyone who has disabled the storage of cookies for the Google Ads platform will also not have any such cookies stored when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser. Further information on data protection at YouTube can be found in the provider’s privacy policy at: YouTube and Google privacy policies
K. The use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (‘Google’).
Google Analytics uses so-called ‘cookies’, text files that are stored on your computer and make it possible to analyse how you use the website.
The information generated by the cookies relating to how you use the website is generally transmitted to a Google server in the USA where it is stored.
In the event that IP anonymisation has been activated on this website, however, your IP address will be shortened beforehand within the member states of the European Union or other signatory states to the European Economic Area Agreement.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on behalf of the operator of this website to evaluate how you use the website, to compile reports on website activity and to offer the website operator further services related to the use of the website and Internet.
The IP address transmitted from your browser within the scope of the Google Analytics service will not be merged with other data by Google.
You can prevent the storage of cookies by setting your browser software accordingly. By doing so, however, we wish to point out that you may not be able to use all the functions of this website in their entirety.
You can also prevent Google from collecting the data that is generated by the cookie and relates to your use of the website (including your IP address) and further prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
L. The purposes and scope of data processing when visiting the website
Collecting further data
When using the contact form, we collect your personal data (title, first name, surname, company, street, house number, postcode/city, telephone, fax, email address) only to the extent provided by you. The data is processed for the purpose of establishing contact. The legal basis for processing the data is Art. 6(1)(f) GDPR. We only use your email address to process your enquiry. Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was acquired. This is usually the case if it can be inferred from the circumstances that the matter in question has been conclusively resolved.
M. hcaptcha
We use hCaptcha (hereinafter referred to as “hCaptcha”) on this website. The provider is Intuition Machines, Inc, 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter referred to as “IMI”). The purpose of hCaptcha is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics.
This analysis begins automatically as soon as the website visitor enters a website with activated hCaptcha. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Data processing is based on standard contractual clauses contained in the data processing addendum to IMI's General Terms and Conditions or the data processing contracts.
Further information on hCaptcha can be found in the privacy policy and terms of use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/list.
N. The sharing of personal data
We collect and use your data in accordance with the legal requirements and only for our own purposes.
The data is not shared with so-called third parties, unless there is a legal obligation to do so or you have consented to the data being shared.
Your personal data may be shared with the following categories of recipients.
Companies within the group:
- Employees of Careforce GmbH (The information you provide will be treated confidentially at all times.)
- Employees of Sanvartis GmbH (The information you provide will be treated confidentially at all times.)
O. The duration of data use
The personal data of the data subject will be erased or blocked as soon as the purpose for which it was stored no longer applies.
The data may be stored beyond this point if provision has been made for its storage by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject.
The data will then be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purposes of concluding or fulfilling a contract.
P. Rights of the data subject
Each data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object under Art. 21 GDPR as well as the right to data portability under Art. 20 GDPR, insofar as this is not precluded by any legal requirements (in particular pursuant to Art. 15, 17 GDPR).
The right to lodge a complaint / supervisory authority
If you believe that your personal data is being unlawfully processed, you can contact the relevant data protection supervisory authority with your complaint (Article 77 GDPR)
LDI NRW
If you wish to exercise your rights as a data subject, including your right to erasure or blocking, please contact datenschutz@medperion.de, stating your full name and email address.
The right of access
Under the legal requirements of Art. 15 GDPR, you can of course request access to information at any time as to whether we are processing your personal data. If we are processing your personal data, you can also request access to information about the circumstances and form of the processing and more detailed information about the processed data.
The right to rectification
In accordance with Art. 16 GDPR, you can request that incorrect information about you be rectified.
The right to erasure
Under the legal requirements of Art. 17 GDPR, you are entitled to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist if the processing of personal data is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation to which we are subject (e.g. statutory retention obligations) or to assert, exercise or defend against legal claims, among other reasons.
The right to restriction of processing
In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data.
The right to data portability
Under the requirements of Art. 20 GDPR, you are entitled to request that we provide you with the personal data concerning you that is processed by us in a structured, commonly used and machine-readable format.
The right to object
Under the requirements of Art. 21 GDPR, you have the right to object to the processing of your personal data and to request that we stop processing such data. The right to object exists only to the extent provided for by law. Your objection may conflict with legitimate interests that require the further processing of the data.
The right of withdrawal
In accordance with Art. 7(3) GDPR, you can withdraw your consent to the processing of your personal data at any time without incurring any costs that exceed the transmission costs in line with the basic tariffs.
Notification obligation
In accordance with Art. 19 GDPR, we are obliged to inform all recipients to whom personal data has been disclosed about any rectification or erasure of your personal data as well as any restrictions on the processing of such data. There may be exceptions in this regard if this proves impossible or involves a disproportionate amount of effort. Upon request, we will be happy to inform you about these recipients.
Automated individual decision-making, including profiling:
We also safeguard your rights under Art. 22 GDPR.
You or your data shall therefore not be subject to any decision based solely on automated processing, including profiling.
Q. The location of data processing
Your data is usually processed in Germany. In exceptional cases, information you transmit to us may be stored on servers within the European Union (EU).
Data shall not be transferred to bodies in countries outside the European Union (so-called third countries).
R. The data protection officer
If you have any questions, do not hesitate to contact our data protection officer
Mr Michael Jung
Mercatorstr. 1b
47051 Duisburg
Email: datenschutz@sanvartis.de
S. Website availability
Medperion GmbH is unable to guarantee constant website availability. It goes without saying that we make every effort to prevent or resolve breakdowns.
T. Changes to the privacy policy
Advancing technology, legal requirements or even changed processes can have an impact on this privacy policy, among other things. We therefore reserve the right to change this privacy policy at any time. The latest version of the privacy policy can be found on this website. Please visit this subpage of the website at regular intervals to stay up to date with the relevant regulations.
Last updated: 21/08/2024