Privacy policy

Thank you for your interest in Medperion! In this privacy policy, you will learn how information about you that directly identifies you or is likely to make you identifiable is collected, used, passed on and otherwise processed by Medperion in connection with our services.
 

Scope of application

Medperion GmbH (“Medperion”, “we” or “us”) takes the protection of your personal data very seriously. With this data protection declaration, we would like to provide you, as a data subject (“you”, “customer” or “user”) with comprehensive information about how we handle your personal data.
 

Personal data means any information relating to an identified or identifiable natural person (“personal data”). By way of example, a person may be identified by reference to an identifier such as a name, an identification number, location data, or by reference to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
 

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data. It does not matter whether the data processing is automated or not. Processing may, for example, involve the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, reading, disclosure by submission, dissemination or any other form of provision, comparison or linking, restriction, deletion and destruction of data.
 

This privacy policy applies to the processing of your personal data when you visit our website “www.medperion.de” or contact us by post, email or telephone.

Controller and data protection officer

We are the controller for the processing of personal data described in this privacy policy. This means that Medperion determines the purposes and means of processing your personal data.
 

You can contact the following office with all data protection queries:

Medperion GmbH

Horbeller Str. 11

50858 Cologne

Email: datenschutz@medperion.de

 

We have appointed a data protection officer whom you can contact with any questions. This is

Mr. Michael Jung

Mercatorstr. 1b

47051 Duisburg
 

E-mail: datenschutz@sanvartis.de

How we collect your data

We collect and process various personal data about you depending on the specific processing situations.

  • When you use our website or communicate with us by e-mail (protocol data). When you visit our website or receive, open or otherwise use e-mails from us, we may collect protocol data. This information includes your Internet Protocol (IP) address, operating system, browser details such as type, ID and configuration, individual identifiers, device type and version (e.g. manufacturer, device, screen size, resolution, operating system, browser and version), your internet speed, referring URL, date and time of your visit, the time you spent using our services and errors that may occur during your visit to our services.
     
  • Communication. When you contact us through any communication channel, including for “support” features or when you request a demo of our services, we may collect your name, the company you work for, your job title, your email address, your postal address, your phone number, the nature of your request, the contents of your messages, device information (or any other information you provide to us).
     
  • Newsletter: You have the option to sign up for our newsletter. In this case, we process data such as your name and title, company details, opening and clicking behavior, time of retrieval, IP address, browser type and operating system, and your consent.
     
  • Social media: You can contact us via our pages on external sources such as LinkedIn and XING. We then collect the data that is publicly available (for logged-in users) on their respective profile, such as name, profile picture, interactions (e.g. likes, comments, messages), information about your CV, and technical evaluations. The specific data depends on the data protection provisions of the social network you visit and the settings you have made there.
  • Video player. We have integrated a video tool on our website. In addition to the log data, we also process your settings for playback speed, audio description, subtitles and media volume.
     
  • Cookies and tracking technologies. We use various cookies and tracking technologies to make our website more attractive and for advertising purposes. In particular, your IP address and log data are used to play these. You can find more information about cookies and tracking technologies below in the corresponding section.
  • Career page and application. We have set up a career page where you can find information about us as an employer and job vacancies. You can apply for jobs here. We work with PERBILITY GmbH (operating under the name Concludis) and collect personal data such as your name, title, form of address, address, status as a severely disabled person (optional), email address, phone number, CV, certificates or message texts. For more information on how we handle your personal data in the application process, please refer to our separate data protection declaration for applicants.

In most cases, we collect personal data directly from you, e.g. when you visit our website, use our services or contact us by email. As with most digital platforms, we and our third-party providers collect your data automatically when you use our services.
 

We may receive personal data from our business partners if you have given them permission to share personal data with us.

In some cases, we collect your data from third parties, for example, if a friend sends you an invitation to visit our website.

Detailed information on the processing activities we carry out, the categories of personal data, the legal bases, the purposes and the duration of the processing can be found in the processing directory.
 

Purposes and legal bases of processing

The purposes and legal bases for processing your personal data may vary from case to case. In principle, we process your personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”) for the following purposes and on the following legal bases:
 

For the performance of a contract or in advance of a contract

We process your personal data in order to fulfill contractual or quasi-contractual obligations, or to provide you with information in advance of a possible contract conclusion at your request, e.g. to provide services or customer support or to answer inquiries. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
 

Fulfilment of a legal obligation

Insofar as we are subject to legal obligations for the fulfilment of which the processing of your personal data is necessary, we process your personal data for this purpose (e.g. a legal obligation to store data). The legal basis for the processing is Art. 6 para. 1 lit. c DSGVO.

Our legitimate interests
 

We also process your personal data in order to pursue our legitimate interests (such as our legal or economic interests), provided that these are not outweighed by your interests or fundamental rights and freedoms that require the protection of your personal data. The legal basis for the processing is Art. 6 (1) point f GDPR.

On the basis of your consent
 

In some cases, we process your personal data on the basis of your consent. If we require your consent, we will let you know in advance which personal data we intend to use and how we will use it. You are not obliged to give us your consent. If you have given us your consent to collect, use or disclose your personal data in a certain way, you have the right to revoke your consent at any time with effect for the future. Please note that neither the refusal nor the revocation of your consent will have any adverse consequences for you. However, it may be that we cannot provide you with certain services for which data processing is necessary without your consent. The legal basis for your consent is Article 6(1)(a) GDPR. The legal basis for the storage or retrieval of information on or from your end device is Section 25(1) TTDSG.

How long do we store your personal data?
 

We only process your personal data for as long as is necessary to fulfill the purposes for which it was collected. This also includes the fulfillment of our legitimate interests or legal storage and documentation obligations that we must observe. When the purposes have been fulfilled, your personal data will generally be deleted.
 

The legal retention and documentation obligations are usually between two and ten years and arise, for example, from § 147 of the German Fiscal Code or § 257 of the German Commercial Code.
 

We will delete the data collected and stored for the use of our website upon request. We will carry out the deletion ourselves within a certain cycle, unless there is a special interest in continued storage in individual cases, e.g. in the event of cyber attacks.
 

When determining the necessary retention period in individual cases, we take into account the scope, type and sensitivity of the data, the potential risk of damage due to unauthorized use or disclosure, the purposes for which we process your personal data and the applicable legal provisions.
 

Insofar as statutory retention and documentation obligations or the protection of our legitimate interests, which outweigh your conflicting interests, require longer retention, for example in the event of legal disputes, your personal data will also be stored and processed for a longer period.

How we share your personal information

We may share your personal information with the following individuals:
 

  1. Service providers and advisors: We share your personal data with contractors and service providers who are subject to appropriate confidentiality and non-disclosure agreements, which may include web hosting and maintenance providers, technology support providers, email communication providers, analytics providers, data storage providers, competition management, video hosting providers and developers. All service providers used are subject to confidentiality obligations and are obliged to process your personal data only on our behalf and in accordance with our instructions, unless they process your data themselves as controllers (e.g., when we use the services of lawyers and tax advisors).
     
  2. Group companies: Medperion is part of a group of companies. It is therefore possible that we will forward your personal data to one of our group companies, for example to perform, control and support services. We have concluded corresponding data protection contracts with these companies. Depending on the situation, it is conceivable that these companies will process your data as controllers, i.e. they will determine the means and purposes of the processing themselves.
     
  3. Corporate Transactions: We may share the personal data we collect if we sell or transfer all or a portion of our business or assets (including any corporate divisions) or any portion or combination of our products, services or business units. In such an event, we will use reasonable efforts to try to ensure that all data transferred is processed in a manner that is consistent with this Privacy Policy.
     
  4. Law enforcement, criminal investigation authorities, and other government or public authorities: We may disclose your personal data to third parties if required to do so by law or if we reasonably believe that such action is necessary to (i) comply with relevant laws and requests from public authorities; ( ii) to detect or respond to possible violations of law, civil or criminal, including agreements or laws; or (iii) otherwise to protect the rights, property or personal safety of us, our team members, or others.
     
  5. With your consent: We may disclose your personal data to third parties or publish it if you give your consent. For example, with your consent or at your direction, we may share your testimonial on our website or in service-related publications.

Detailed information about the service providers we commission can be found in our list of current service providers and consultants at the end of this text.
 

Transfers to third countries

It is possible that we or one of our service providers or partners may process your data in a so-called third country, i.e. outside the European Economic Area, or access it from such a country (e.g. to carry out maintenance work). If this is the case, we ensure that your data is nevertheless subject to an adequate level of protection by applying one or more of the following security mechanisms:
 

  • There is an adequacy decision by the European Commission for the respective country (e.g. the United Kingdom) or the respective company (e.g. companies certified under the EU-US Data Privacy Framework). With such a decision, the European Commission determines that an essentially equivalent level of data protection to that in the EU can be expected.
     
  • We conclude the standard contractual clauses issued by the European Commission for the transfer of personal data to third countries, where appropriate in conjunction with appropriate additional measures. The decision and the model text of these standard contractual clauses can be found here.
  • The transfer takes place within the framework of appropriate safeguards, such as Binding Corporate Rules within the meaning of Art. 47 GDPR.
     

Your rights as a data subject

With regard to the processing of your personal data, you have the following rights:
 

  1. Right of access: According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to request information about this personal data, in particular (i) information on the categories of personal data, the purposes of the processing and information on how we determine the retention and storage periods, (ii ) information on the recipients or categories of recipients to whom we disclose your personal data, in particular recipients in third countries, and (iii) under certain circumstances, to receive a copy of the data that is being processed.
  2. Right to rectification: According to Art. 16 GDPR, you have the right to request that we immediately rectify any inaccurate personal data concerning you.
     
  3. Right to erasure: According to Art. 17 GDPR, you have the right to obtain from us the erasure of your personal data without undue delay where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) your personal data are processed on the basis of your consent and you withdraw that consent, (iii) you have objected to processing pursuant to Art. 2 1 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you have objected to the processing pursuant to Art. 21 para. 2 GDPR, (iv) your personal data are being processed unlawfully, or (v) the deletion of your personal data is necessary to fulfill a legal obligation to which we are subject.
     
  4. Right to restriction of processing: According to Art. 18 GDPR, you have the right to request the restriction of processing. This means that you can request that we limit the purposes of processing. You have the right to restriction of processing if (i) you have contested the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) we no longer need the personal data for the purposes of the processing longer needed by us for the purposes of processing, but we need the personal data, for example, to assert, exercise or defend legal claims, or (iv) if you have objected to the processing in accordance with Art. 21 (1) GDPR, as long as it is not yet certain whether our legitimate reasons outweigh yours.
     
  5. Right to information: According to Art. 19 GDPR, you have the right to request information about the recipients of data to whom a correction, deletion, or restriction of the processing of your personal data has been communicated.
  6.  
  7. RIGHT TO OBJECT ACCORDING TO ART. 21 GDPROBJECTION FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION 1 GDPR, YOU HAVE THE RIGHT, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA IF THIS PROCESSING IS DONE FOR THE PURPOSE OF OUR LEGITIMATE INTERESTS, INCLUDING PROFILING BASED ON THIS (FOR EXAMPLE, FOR CREDIT ASSESSMENT). Your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. YOU ALSO HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING FOR THE PURPOSE OF DIRECT MARKETING: CONTACT OPTION YOU CAN SUBMIT YOUR OBJECTION declare your revocation informally by post or e-mail, addressed to: Medperion GmbH, Horbeller Str. 1150858 Cologne, e-mail: datenschutz@medperion.de
  8.  
  9. Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority regarding the processing of your personal data or any other decision by Medperion. The supervisory authority responsible for us is the North Rhine-Westphalia State Officer for Data Protection and Freedom of Information, P.O. Box 200444, 40102 Düsseldorf.
     
  10. Contact: To exercise your rights as a data subject, you can contact us informally by post, fax or email using the contact details provided in sections 2 and 12.

Cookies and tracking

Cookies are small text files that are stored on your device (e.g. PC/laptop, tablet or smartphone). These text files are downloaded by your browser when you visit our website. If a cookie is not automatically deleted (e.g. immediately after your visit to our website), the cookie and the information stored in it will be returned to the website that created it (first-party cookie) or sent to another website to which it belongs (third-party cookie) the next time you visit this website using the same device or browser. This enables the website to “recognize” that it is the same user and to provide certain functions, such as customizing the display of content on the website. For example, cookies can “remember” your preferences, communicate how you use a page, and/or partially customize the offers displayed to your preferences.

We also use the term “cookie” to refer to other tracking technologies. For example, it is possible to identify you based on your “digital fingerprint”, i.e. a combination of technical data, the device used, the location of access and, if applicable, other data. It is also possible to integrate so-called pixels into the website to track you. However, these technologies serve similar purposes, which is why they are treated together below.

Depending on the purpose, the different types of cookies are further distinguished.
 

Functional cookies. When we use functional cookies, we process your personal data to provide basic functions of our websites and the services you have requested and to temporarily store your cookie settings. Without the use of these cookies, we would not be able to provide the website or only with limited functionality.

We use the following cookie(s) in this category:
 

Name: CRAFT_CSRF_TOKEN

Purpose: Protects the website from a potential cross-site request forgery attack

Storage period: Session

Name: Medperion.cookieConsent

Purpose: Stores the cookie consent

Storage period: 2 weeks

Non-functional cookies. There are also so-called non-functional cookies. These cookies, which are not functionally necessary for the operation of our website, include, for example, cookies for analyzing user behavior on websites, cookies for enabling a better user experience by embedding videos from other websites or cookies for displaying advertising. We use cookies from third parties for this purpose. When you visit the website, these providers receive the information that you have accessed the corresponding subpage of our website. In addition, further data is transmitted. This happens regardless of whether you have a user account there that you are logged in to, or whether you do not have a user account.

We use the following cookies in this category:

Name: _ga_#

Purpose: Google Analytics: We use this cookie to analyze website usage; Google itself may also use the data to display personalized advertising.

Storage period: 14 months
 

Name: _ga

Purpose: Google Analytics: We use this cookie to analyze website usage; Google itself may also use the data to display personalized advertising.

Storage period: 14 months

Name: lidc

Purpose: This cookie is used to select the data center.

Storage period: 1 day

Name: bcookie
 

Purpose: This cookie is a browser identifier. It is used to uniquely identify devices accessing LinkedIn in order to detect misuse of the platform.

Storage period: 1 year

Name: li_gc

Purpose: This cookie stores the consent of guests to the use of non-essential cookies

Storage period: 6 months

Name: snap.licdn.com
 

Purpose: Retargeting on Linkedin

Storage duration: A few seconds

Name: unpkg.com

Purpose: For loading any file from any package using a URL

Storage duration: Session

Name: gtag

Purpose: Stores user behavior for statistical purposes

Storage duration: 24 months
 

Name: player.vimeo.com

Purpose: Playing videos on the website using the Vimeo tool

Storage period: 2 weeks

Name: ar_debug

Purpose: This cookie is used by DoubleClick to debug ads.

Storage period: 12 months

Name:

Purpose: Remarketing on the Google network

Storage period: 14 months
 

Obligation to provide your personal data

There is no contractual or legal obligation to provide us with your personal data for the use of our website. However, if you wish to contact us, apply for a job with us or use our services, certain information may be required so that we can process your request or contact you.

Automated decision-making and profiling
 

You have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for the conclusion or performance of a contract, is not prescribed by mandatory law or is not based on your express consent.

Medperion does not use any automated decision-making processes, including profiling, unless we have explicitly informed you of such processes.
 

How to contact us

Please contact us at datenschutz@medperion.de if you have any questions, comments or other concerns regarding this data protection declaration.

Amendments to this data protection declaration

We update this data protection declaration from time to time. If there are significant changes, we will update the date at the beginning of this declaration.

Description of the processing operations

Processing operation and categories of personal data Purposes of processing

Legal basis
 

Storage period (retention period)[A1]

Visiting our website:

  • IP address of the requesting computer
  • Date and time of access (time stamp)
  • Name and URL of the accessed file
  • Website from which access was made (referrer URL)
  • Browser used (including version, type, ID and configuration)
     
  • operating system of your computer,
  • if applicable, the name of your access provider
  • individual identifiers,
  • device type and version (e.g. manufacturer, device, screen size, resolution)
  • internet speed and amount of data transferred
  • time you spent using our services
  • access status and error descriptions.
     
  • To establish a smooth connection to our websites
  • To ensure that users can use our website conveniently
  • To check the security and stability of the system
     
  • Statistical analysis to optimize our website and the technology behind it
  • For other administrative purposes.

The processing is necessary for our legitimate interest in providing secure, needs-based websites. At least seven days, up to 30 days.

Web analysis

  • Session ID
  • User ID
  • Email address
  • IP address (the last two digits are removed)
     
  • approximate location (based on IP address)
  • last visited website
  • operating system or device type/model/resolution/brand
  • local time
  • other necessary (technical) data
  • Collecting information about how the website is used to improve the user-friendliness of our website, analyzing user data to learn about the preferences of our website visitors and to better personalize our offering.
     
  • Our partners may use the data for their own purposes, in particular to optimize their own services and to provide you with individual, personalized advertising and content. This is done, among other things, by assigning a unique ID to your account, which can be used to track which websites you are visiting. By allowing the cookie on our website, the respective partners also learn that you have visited them.
     

Your consent (for both access and subsequent processing) We store the data in raw form for as long as the respective cookie remains on your device. After that, we only store aggregated data that can no longer be linked to a specific person.

Advertising tracking

  • Session ID
  • User ID
  • Email address
     
  • IP address (the last two digits are removed)
  • approximate location (based on the IP address)
     
  • last visited website
  • operating system or device type/model/resolution/brand
  • local time
  • other necessary (technical) data
  • Online advertising that is as targeted and efficient as possible.
     
  • Our partners may use the data for their own purposes, in particular to optimize their own services and to provide you with individual, personalized advertising and content. This is done, among other things, by assigning a unique ID to your account and associating it with it, which allows us to track which websites you visit. By allowing the cookie on our website, the respective partners also learn that you have visited them.
     

Your consent (for both access and subsequent processing) We store the data in raw form for as long as the respective cookie remains on your device. After that, we only store aggregated data that can no longer be linked to a specific person.

When you contact us:

By email or contact form:

  • Email address
  • Name and title
  • Company details
     
  • Information that you have provided to us in order to contact us (such as the content of your message)
  • Log data (described under “Visiting our website”)
  • Individual ID

By telephone:

  • Telephone number
  • Information that you have provided to us in order to contact us (such as the content of your message)

By e-mail:

  • Name and title
  • Address
     
  • Information that you have provided to us in order to contact us (such as the content of your message)
  • Log data (described under “Visiting our website”),
  • Unique ID
  • Processing your request
  • Conducting communication
  • Analyzing errors and optimizing our products
  • Preventing spam.

Depending on the reasons for your contact with us:
 

  • The processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract,

or

  • Our legitimate interests, namely processing your request and communicating with you.

Up to three years after your request has been answered.

Newsletter

  • Email address
  • Name and title
  • Company details
  • Opening and clicking behavior
  • Time of retrieval
  • IP address
     
  • Browser type and operating system
  • Your consent
  • Sending the newsletter for information about our company
  • Marketing
  • Analysis of opening and clicking behavior

Your consent Until you unsubscribe from the newsletter or until we stop sending it. This is the case when we have not sent a newsletter for a period of 16 months.

Social media
 

the data that is publicly available (for logged-in users) on their respective profile,

  • such as name
  • profile picture
  • interactions (e.g. likes, comments, messages)
  • information about your CV
  • Technical evaluations

The specific data depends on the data protection regulations of the social network you visit and the settings you have made there.

  • Operating a social media presence
  • Interaction with customers
  • Marketing
     

Our legitimate interests, namely processing your request, presenting our company on social media and marketing. The storage periods depend on the provisions of the respective social network.

Video player

  • Log data (described under “Visiting our website”)
  • Your settings for playback speed, audio description, subtitles and media volume.
     

We sometimes use video providers. These are third-party companies, such as YouTube or Vimeo, which also become aware of your visit to our website.

  • Displaying videos on our website.

Our legitimate interests, namely the attractive design of our website. At least seven days, up to 30 days.
 

List of current service providers and consultants:

Service provider Description of the service Existence or absence of an adequacy decision or reference to the appropriate or suitable safeguards

Google [■] Google LLC is certified under the EU-US Data Privacy Framework

Google [■] Google LLC is certified under the EU-US Data Privacy Framework
 

[■CRM service provider] Customer Relationship Management services [■]

CleverReach Delivery and for statistical analysis of the email distribution list Service provider is based in Germany

Wiredminds Online tracking [■]

hCaptcha Prevention of bots or entries by machines [■]