Thank you for visiting our website under
www.integromed.de
(hereinafter: Website).
In accordance with article 13 and article 14 of the European General Data Protection Regulation (GDPR), we hereby notify you about the personal data that are collected and processed for the purpose of this website visit. Below you will find information on the following topics:
I. Name and address of the Controller
II. Contact details of the Data Protection Officer
III. Definitions
IV. General information on data processing
V. Availability of the Website and creation of logfiles
VI. Use of Cookies
VII. Contact form and e-mail contact
VIII. Use of Google Maps
IX. Use of script libraries (Google WebFonts)
X. Your rights as data subject
I. Name and address of the Controller
Within the meaning of the GDPR and other data protection laws as well as other provisions related to data protection, the controller is:
Integromed GmbH
Zimmerstraße 1
04109 Leipzig
Germany
Tel. +49 (0)341 222298 – 0
E-Mail: info(at)integromed.de
II. Contact details of the Data Protection Officer
You can contact our Data Protection Officer under:
Tel.: 0341 / 221 71 062
E-mail: datenschutz@kirmse.eu
www.kirmse.eu/datenschutzbeauftragter
III. Definitions
The terminology used in this privacy declaration are consistent with the definitions defined in the GDPR, in particular under Art. 4 GDPR. Our privacy declaration is supposed to provide an easily readable and understandable overview over our data processing operations. To this end, significant terminology is explained beforehand.
1. Personal data
“personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. data subject
“data subject” means any identified or identifiable natural person, whose personal data are processed by the controller responsible for the data processing.
3. Processing
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
“restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
5. Profiling
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health,
personal preferences, interests, reliability, behavior, location or movements.
6. Pseudonymisation
“pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Controller
“Controller” respectively controller responsible for the processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8. Processor
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9. Recipient
“recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
10. Third Party
“third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
11. Consent
“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
IV. General information on data processing
In connection with your visit to our website, personal data are generally only collected if this is necessary in order to provide a correct viewing result of our website or to use our contents and services. Generally, your data will only be processed if you consent to this processing or if processing is permitted by legal provision.
Your personal data will be deleted as soon as the purpose for which they were stored is no longer pursued. Exceptions shall only apply if we are legally bound to store the data for a longer time or if you have agreed that we may use your personal data for a longer time.
V. Availability of the Website and creation of logfiles
1. Description and extent of data processing
Upon every access to our websites, we and/or our hosting provider automatically collect data via the access on the server on which our website is stored. In this context, the following data will be collected:
(1) name of the accessed file,
(2) date and time of the access,
(3) access status (file transmitted/file not found),
(4) volume of the data transmitted,
(5) information of browser type and browser version of your system,
(6) information on the operating system you are using, and
(7) IP address of the internet connection your system is using
Such data will also be automatically stored in the log files of our system. Moreover, in specific cases our system can create a log file where your IP address will be stored. This data is not stored together with your other personal data. A creation of personalized user files is therefore not possible.
2. Purpose of the processing, legal ground
The temporary storage of your IP address by our system during your visit to our website is necessary in order to make our website available for you on the computer system you are using. For this purpose, your IP address must be stored as long as you are visiting our website.
Data are stored in log files in order to guarantee the functionality of the website. Moreover, we use your data to optimise our website and to guarantee the safety of our IT systems. The further storage of the IP address in a log file is done for the purpose of protecting our website against unauthorized access attempts or access with the potential intent to cause harm. Our system will recognize such kind of access attempts. The used IP address will we collected in a blacklist in order to prevent future access from this IP address.
The legal ground for the described data storage is provided in Article 6 (1) (f) GDPR. Our legitimate interest on processing the data consists in the ability to provide a functioning website and assure system safety.
3. Retention period
The collected data will be deleted as soon as they are no longer required for the purpose for which they have been collected. In the event of a data collection for the purpose of website availability, deletion will be performed once the session has ended.
4. Possibility of objection and erasure
The collection of data for the provision of our website and the retention of data in log files is essential for the operation of our website. For this reason, there exists no possibility of objection.
VI. Use of Cookies
1. Description and extent of data processing
Cookies are small text files. When you enter a web site using cookies, such a cookie will be saved on your device or in your browser. The cookie contains a unique identifier which makes your system or the browser you are using unambiguously identifiable. Within the cookie, different data and information on you or your system can be stored.
If this storage is only for the duration of your visit or your browser session, the cookie is classified as a temporary cookie (or session cookie or transient cookies). In such a cookie, the shopping cart of an online shop or the login
status for a restricted user area can be stored. Temporary cookies are deleted once you leave the website or close your browser. Permanent cookies (or persistent cookies) however, will be stored in your system even after shutting down the browser. The stored data remain available for following browser sessions at a later point of time. This kind of cookies can be used e.g. for marketing purposes, e.g. to identify detailed interests and individual user behavior and to show customized advertising. The last kind of cookies are so-called Third-Party Cookies (to be differentiated from First-Party-Cookies) which don’t belong to the website-controller itself, but come from third parties.
On or website, we use own cookies as well as Third-Party Cookies. Own cookies used on our websites save language settings and login-data. The following articles will provide you with further, separate information on the data processing related to Third-Party Cookies and the volume of the collected information in relation herewith.
2. Purpose of the processing, legal ground
The own cookies used on this website serve to enable the use of the website and its functionalities. Language information and login-data have to be collected in order to be maintained when switching between the single pages. Generally, with the use of cookies we pursue our legitimate interest to provide you with the best possible functionality of our website and a user-friendly and effective site visit. The legal ground is provided in Article 6 (1) (f) GDPR. The data collected through cookie usage is not used for any creation of personalized user files.
3. Retention period, possibility of objection and erasure
Temporary cookies are only stored on your system temporarily and will be deleted as soon as you close your browser. Permanent cookies however, will be stored in your system even after shutting down the browser, until they are deleted. As cookies will generally be stored on your system and from here transferred to our website, you can fully control the use of cookies.
If you do not want cookies to be stored on your device, please deactivate the relevant option in the system settings of your browser. You can also delete cookies that have already been stored via these system settings at any time. Please note that a general blockage of cookies in your system will lead to unavailability of some of our website functions.
Further information on cookies and usage-based online marketing you can find e.g. on the EU-site http://www.youronlinechoices.com/. Here, you can object to the use of cookies for usage-based online marketing either generally or only for single providers.
VII. Contact form and e-mail contact
1. Description and extent of data processing
You can find a contact form on our website, which you can use to contact us electronically. If you make use of this option, the data you have entered into the subscription form will be sent to us and stored. These data include:
(1) Your name, and
(2) Your e-mail address.
When sending the message, the following data will be also saved:
(1) date and time when the message was sent
During the sending process you will be asked to consent to the data processing, referring to this privacy policy.
Alternatively, you can contact us per e-mail using the e-mail address mentioned on our website. If you make use of this option, your personal data transferred to us will be stored and used for the purpose of processing your query. In connection with these means of contact, your data will not be transferred to any third party.
2. Purpose of the processing
The purpose of the processing of personal data received through the contact form or through your e-mail request is merely the processing of your respective query. The other data processed while your request is being sent serve to prevent misuse of the contact form and to ensure the safety of our IT systems.
The legal ground for the processing of your data transferred via our contact form is provided in Article 6 (1) (a) GDPR. The legal ground for the processing of your data transferred to us with your email request is provided in Article 6 (1) (f) GDPR. Our legitimate interest in processing the data consists in the above mentioned
purposes. If the e-mail contact aims at the conclusion of a contract, additional legal ground for the processing is provided in Art. 6 (1) (b) DSGVO.
3. Retention period
Your data will be deleted as soon as they are no longer required for the purpose for which they have been collected. In connection with the contact form and those data transmitted per e-mail, personal data will thus be stored until the situation concerned has been definitely clarified.
4. Possibility of objection and erasure
You are at any time entitled to request erasure of the personal data that have been transferred to us in connection with a contact query. In this event, all concerned data will be deleted, unless they remain indispensable for the execution of a contract entered into between you and us. After completion of all contracts we will process the data only to the extent necessary for the fulfillment of legal obligations (such as retention periods under commercial and tax laws) which we are subject to. Your data will be blocked from further processing and deleted after expiry of the retention periods, unless you have expressly agreed on a further usage of your data or we are legally allowed to further use your data.
VIII. Use of Google Maps
In order to visually provide geographical information, we use the Google Maps API. The API (Application Programming Interface) is an interface which allows us to embed maps from Google Maps on our website. If you use the content from Google Maps embedded on our website, Google will collect and process data about your use of the map function. Further information on the processing of data by Google relating to the usage of Google Maps you can find under
https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
IX. Use of script libraries (Google WebFonts)
For uniform and graphically attractive representation of the content of this website in the several browsers, we use the script library Google Webfonts
(https://www.google.com/webfonts/). Your browser loads the used fonts of this script library into your browser cache to avoid repeated loading. If your browser does not support Google Webfonts or prevents access to it, our content will be displayed in your browser as a standard font.
When opening script libraries, an automatic connection with the operator of the library will be set up automatically It is possible that the operators of such libraries will collect data. You can find the privacy policy of the operator of Google Webfonts, Google LLC, under https://www.google.com/policies/privacy/
X. Your rights as data subject
If your personal data will be processed in connection with your visit to our website or if your personal data will be processed otherwise through us, you are a data subject according to GDPR. Therefore you have the following rights against us (the Controller).
1. Right of access, Article 15 GDPR
You have the right to obtain from us the confirmation as to whether or not personal data concerning you are being processed by us. Where that is the case, you have the right to obtain from us access to the personal data and the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject through us, or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from you, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain from us the information as to whether or not personal data concerning you are transferred to a third country or to an international organization. In this context, you can request from us to be informed about the appropriate safeguards acc. to Article 46 GDPR in connection with the data transfer.
2. Right to rectification, Article 16 GDPR
You have the right to obtain from us the rectification and/or completion of inaccurate or incomplete personal data concerning you. If you exercise this right, we shall make the rectification without undue delay.
3. Right to restriction of processing, Article 18 GDPR
You can request from us the restriction of processing of your personal data where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
(2) the processing is unlawful, however you oppose the erasure of the personal data and request the restriction of their use instead;
(3) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override your legitimate grounds.
Where processing has been restricted by us upon your request, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
In case you have obtained restriction of processing pursuant to the above mentioned conditions, we shall inform you before the restriction of processing is lifted.
4. Right to erasure, Art. 17 DSGVO,
You can request from us the erasure of personal data concerning you without undue delay. We shall have the obligation to erase those personal data without undue delay where one of the following grounds applies:
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to Article 6(1) (a), or of Article 9(2) (a) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing;
(4) you object to the processing pursuant to Article 21(2) GDPR;
(5) the personal data concerning you have been unlawfully processed;
(6) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject, or
(7) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where we have made the personal data public and are obliged pursuant to Article 14 (1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you, the data subject, have requested the erasure of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health in accordance with of Article 9(2) (h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.
5. Right to notification, Article 19 GDPR
If you have exercised your right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves
impossible or involves disproportionate effort. You have the right to be informed by us about those recipients.
6. Right to data portability, Article 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You further have the right to transmit those data to another controller without hindrance from us, where:
(1) the processing is based on consent pursuant to point Article 6(1) (a) GDPR or Article 9(2) (a) GDPR or on a contract pursuant to Article 6(1) (b) GDPR; and
(2) the processing is carried out by automated means.
Right to withdraw consent, Article 7 (3) GDPR
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time.
In exercising this right you shall further have the right to have the personal data transmitted directly from us to another controller, where technically feasible. Freedoms and rights of third persons may not be infringed hereby.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
7. Right to object, Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1). This includes profiling based on those provisions.
We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent, Article 7 (3) GDPR
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority, Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.