M S L

Data Privacy Statement pursuant to GDPR

A.    Data Privacy Statement pursuant to GDPR

I.    Controller's name and address
The controller pursuant to the General Data Protection Regulation and other national laws on data protection by the member states and provisions on data protection is:

Andreas Fahl
Medizintechnik-Vertrieb GmbH
August-Horch-Str. 4a - 6
D-51149 Cologne (Porz-Gremberghoven)
Germany
Tel.: 02203 2980 0
E-mail: datenschutz@fahl.de
Website: www.fahl.de


II.    Name and address of data protection officer:

The controller's data protection officer is:

Jürgen Labusch
Eyller Str. 111c
47475 Kamp-Lintfort
Germany
Tel.: 0172 5284923
E-mail: datenschutz@fahl.de
Website: www.labusch.eu

III.    General information on processing of data

1. Scope of the processing of personal data
We generally only collect and use personal data if this is required to provide a functional website as well as our contents and services. We only routinely collect and use our users' personal data after the user's consent. An exception is made where obtaining prior consent is not possible for factual reasons and processing the data is permitted by law.

2. Legal basis for processing personal data
If we require the data subject's consent for processing operations, the legal basis is Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR).

If personal data are processed because this is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 Para. 1 lit. b GDPR. This also applies to processing operations required to perform precontractual processes. If personal data are processed because this is required to comply with a legal obligation by which our company is bound, the legal basis is Art. 6 Para. 1 lit. c GDPR.

If vital interests of the data subject or another natural person require personal data to be processed, the legal basis is Art. 6 Para. 1 lit. d GDPR. If the processing is required to pursue a legitimate right of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, the legal basis for the processing is Art. 6 Para. 1 lit. f GDPR.

3. Erasure of data and storage period
The data subject's personal data will be erased or blocked as soon as the purpose for the storage no longer applies. Data may furthermore be stored if European or national legislation provides for this in EU regulations or laws or other provisions to which the controller is subject. The data may also be blocked or erased if a storage period prescribed by the mentioned rules expires unless it is required to continue to store the data in order to conclude or perform a contract.

 

IV.    Provision of the website and recording log files

1. Description and scope of the processing of data
Each time our internet site is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:
•    IP,
•    directory protection user,
•    date,
•    time,
•    accessed pages,
•    protocols,
•    status code,
•    data volume,
•    referer,
•    user agent,
•    accessed host name.

The IP addresses are stored in anonymised form. To that end, the last three numbers are removed, i.e. 127.0.0.1 is changed to 127.0.0.*. IPv6 addresses are also anonymised. Details regarding the directory protection user that was used are anonymised after one day.

The data are also stored in the log files of our system. These data are not stored together with other personal data concerning the user.

2. Legal basis for processing the data
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f GDPR.

3. Purpose of processing the data
The system has to temporarily store the IP address so that the website can be delivered to the user's computer. To that end, the user's IP address must be stored for the duration of the session.

Storage in log files is required to ensure the functionality of the website. We furthermore use the data to optimise the website and ensure the security of our IT systems. The data will not be analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 Para. 1 lit. f GDPR.

4. Storage period
The data are deleted as soon as they are no longer required to achieve the purpose of their collection. In the case of data being recorded to provide the website, this is the case once the relevant session is terminated.

In the case of data being stored in log files, this is the case after seven days at the latest. Storage beyond that is possible. In this case, the users' IP addresses are deleted or pseudonymised so that it is no longer possible to identify the accessing client.

Error logs recording instances of failed site access are deleted after seven days. In addition to the error messages, they contain the accessing IP address and, depending on the error, the accessed webpage.

5. Right to object and remove
Collecting the data to provide the website and storing the data in log files is a mandatory requirement for operating the internet site. Therefore, the user cannot object.

 

V.    Using the online service provider YouTube
We have decided to provide videos on our internet site. Videos are a good way to better convey contents and make complicated processes more comprehensible. For embedding our videos in our internet site, we use the technology and components by the company YouTube. YouTube permits uploading and retrieving all kinds of videos free of charge.

The company operating YouTube is:
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each visit to a sub-page of our internet site where we have embedded a video provided via YouTube connects the user's internet browser to the servers provided by YouTube on the internet via the YouTube interface for downloading the video contents. Within the context of this process, YouTube and Google learn which concrete sub-page of our homepage the data subject visits.

If the data subject has a registered YouTube account and is logged on with this account whilst visiting our website, YouTube can trace the query back to the data subject's specific user account. If this is not desired, the data subject can prevent it by logging off from YouTube before visiting our internet site.

We ourselves do not collect additional data when videos on our website are accessed. Therefore, please refer to the privacy policy of YouTube / Google, which you can retrieve here: policies.google.com/privacy

For further information about YouTube in general, please visit the following link:

https://www.youtube.com/yt/about/de/

 

VI.    Use of cookies

1. Description and scope of the processing of data
Our website uses cookies. Cookies are text files saved in the internet browser or on the user's computer system by the internet browser. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that make it possible to unambiguously identify the browser if the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our internet site require that the accessing browser can also be re-identified after switching between pages.

To that end, the following data are stored and transmitted in the cookies:
(1)    Language settings
(2)    Saved articles
On our website, we furthermore use cookies allowing us to analyse users' surfing behaviour.

To that end, the following data may be transmitted:
(1)    Search terms entered
(2)    Frequency of page visits
(3)    Use of website functions
The user data collected this way are pseudonymised by technical means. Therefore, it is no longer possible to trace the data back to the accessing user. The data are not stored together with other personal data relating to the users.
When users access our website, a banner informs them that cookies are used for analytical purposes, and reference to this Data Privacy Statement is made. In this context, they are also informed about how storing cookies can be disabled in the browser settings.
When users access our website, they are informed about the fact that cookies are used for analytical purposes, and their consent to the processing of the personal data used in this context is obtained. In this context, reference to this Data Privacy Statement is also made.

2. Legal basis for processing the data
The legal basis for the processing of personal data using cookies that are required from a technological point of view is Art. 6 Para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes - provided that the user has consented - is Art. 6 Para. 1 lit. a GDPR.

3. Purpose of processing the data
The purpose of using cookies that are required from a technological point of view is to make websites easier to use for the users. Some functions of our internet site cannot be offered unless cookies are used. For these, it is necessary to re-identify the browser after switching between pages.

We must use cookies for the following applications:
(1)    Saved articles
(2)    Keeping language settings
(3)    Memorising search terms
The user data collected by cookies that are required from a technological point of view are not used to create user profiles.
The purpose of using analytical cookies is to improve the quality of our website and its contents. Analytical cookies tell us how the website is used, and we can thus continually optimise what we offer.
These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 Para. 1 lit. f GDPR.

4. Storage period, right to object and remove
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as user also have full control over the user of cookies. By changing settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website may be used fully anymore.

 

VII.    Contact form and e-mail contact

1. Description and scope of the processing of data
Our internet site has a contact form that can be used to contact us electronically, by phone and/or personally. If a user makes use of this form, the data entered into it are transmitted to us and stored. These data are: (*=mandatory field)

Name* (input field name)
First name (input field first name)
Company/health insurance company* (input field company/health insurance company)
Department (input field department)
Customer number (if available) (input field customer number)

Please select your preferred means of contact:
Phone (if selected, the input field phone appears)
Fax (if selected, the input field fax appears)
E-mail (if selected, the input field e-mail appears)
Post (if selected, two input fields Street & Post code/Town appear)

Message* (free text to be entered by user)
Interest in products (saved articles)

This may also be of interest to you: (choice boxes)
Please send me more information on the product selected. I hereby consent to Andreas Fahl Medizintechnik-Vertrieb GmbH contacting me in this regard.
I am interested in a personal consultation and consent to being contacted by Andreas Fahl Medizintechnik-Vertrieb GmbH via the preferred means stated above.

Data privacy* (choice boxes)
By submitting this form, I consent to Andreas Fahl Medizintechnik-Vertrieb GmbH using my data in the ways stated above, in particularly with regard to contacting me in person. I confirm that I have read and understood the Data Privacy Statement.  

At the point in time the message is sent, the following data are stored additionally:
(1)    The user's IP address
(2)    Date and time of registration
Your consent to processing the data will be obtained during the submission process, and reference to this Data Privacy Statement is made.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data transmitted along with the email are stored.

In this context, data will not be shared with third parties. The data are solely used for processing the conversation.

2. Legal basis for processing the data
The legal basis for processing the data - provided that the user has consented - is Art. 6 Para. 1 lit. a GDPR. The legal basis for processing the data transmitted within the context of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the objective of the contact by e-mail is concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

3. Purpose of processing the data
The sole purpose of processing the personal data from the form is to establish contact. If we are contacted by e-mail, this also constitutes the required legitimate interest in processing the data. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Storage period
The data are deleted as soon as they are no longer required to achieve the purpose of their collection. For the personal data entered into the contact form and the ones sent by e-mail, this is the case once the relevant conversation with the user is completed. The conversation with the user is completed when it can be deduced from the circumstances that the relevant issue has been resolved conclusively.

The personal data additionally collected during the submission process are deleted after a time period of seven days at the latest.

5. Right to object and remove
The user at any time has the option to withdraw his/her consent to the processing of personal data. If the user contacts us by e-mail, s/he can at any time object to his/her personal data being stored. In such a case, the conversation cannot be continued. This declaration of consent is voluntary and can be withdrawn at any time in writing by e-mail to vertrieb@fahl.de or by post to Andreas Fahl Medizintechnik-Vertrieb GmbH, August-Horch-Straße 4a, 51149 Cologne, using the subject line "Withdrawal of consent". All personal data stored within the context of the contact are deleted in this case.

 

VIII.    Data subject's rights
If personal data concerning you are processed, you are a data subject pursuant to GDPR and have the following rights towards the controller:

1. Right of access
You can request from the controller confirmation as to whether personal data concerning you are being processed by us.
Where that is the case, you can request the following information from the controller:
(1)    the purposes of the processing of the personal data;
(2)    the categories of personal data that are being processed;
(3)    the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4)    the envisaged period for which the personal data concerning you will be stored, or, if it is not possible to provide concrete information, the criteria used to determine that period;
(5)    the existence of the right to rectification or erasure of personal data concerning you and the right to request from controller restriction of processing of personal data concerning you or to object to such processing;
(6)    the right to lodge a complaint with a supervisory authority;
(7)    where the personal data are not collected from the data subject, any available information as to their source;
(8)    the existence of automated decision-making, including profiling, referred to in Art. 22 Para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request to know whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification
You have the right to obtain from the controller rectification and/or completion provided that processed personal data concerning you are inaccurate or incomplete. The controller shall rectify the data without undue delay.

3. Right to restriction of processing
Under the following circumstances, you may request from the controller the restriction of processing the personal data concerning you:
(1)    if the accuracy of the personal data concerning you is contested by you for a period enabling the controller to verify the accuracy of the personal data;
(2)    the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3)    the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(4)    if you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of you.
If processing of the personal data concerning you has been restricted, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the union or of a member state.
If the restriction of processing has been restricted as per the above requirements, you will be informed by the controller before the restriction is lifted.

4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase these data without undue delay where one of the following grounds applies:
(1)    The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2)    You withdraw your consent on which the processing was based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3)    You object to the processing pursuant to Art.  21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
(4)    The personal data concerning you have been unlawfully processed.
(5)    The personal data concerning you have to be erased for compliance with a legal obligation in union or member state law to which the controller is subject.
(6)     The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Para. 1 GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 Para. 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, takes reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1)    for exercising the right of freedom of expression and information;
(2)    for compliance with a legal obligation which requires processing by union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)    for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and Art. 9 Para. 3 GDPR;
(4)    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Para. 1 GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)    for the establishment, exercise or defence of legal claims.


5. Right to notification
If you have exercised your right to rectification, erasure or restriction of the processing towards the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to request from the controller to be notified of these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You furthermore have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1)    the processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and
(2)    the processing is carried out by automated means.
In exercising this right, you furthermore have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 Para. 1 lit. e or f GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing contributes to the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdrawal of consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1)    is necessary for entering into, or performance of, a contract between you and the controller,
(2)    is authorised by union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3)    is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data pursuant to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place.
In the cases referred to in (1) and (3), the controller implements suitable measures to safeguard rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.