Sorry, your browser does not support inline SVG.

Privacy policy of ac.biomed GmbH

Basic information

As the responsible party, we take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration. Personal data on this online offer is only collected to the extent technically necessary and with a legitimate interest of the person concerned and responsible. The collected personal data will neither be sold nor passed on to third parties for other reasons. A consolidation of data with other data sources does not take place either.

The following declaration gives you as a visitor an overview of how protection is guaranteed by us and in what way, to what extent and for what purpose personal data (hereinafter referred to as “data”) is processed within the online offer of this website and the websites, functions and contents connected with this website (hereinafter jointly referred to as “online offer”).

Responsible body:

ac.biomed GmbH
ZBMT Zentrum für Bio-Medizintechnik
Pauwelsstr. 17
52074 Aachen
Germany

Represented by: Dipl.-Ing. Peter Knipp

With regard to terms used in the data protection declaration, reference is made to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1. General data processing

1.1 SSL or TLS Encryption

For security reasons and to protect the transmission of content, which is sent by a user to the operator of the online offer, for example, SSL or TLS encryption is used. This encryption prevents the data transmitted via the online offer from being read by third parties. The fact that an encrypted connection exists can be seen from the “https://” address line of the browser and the lock symbol in the browser line. By clicking on the lock, further information on the encryption and the certificate can be viewed.

Data that is to be transmitted over the Internet (unencrypted), e.g. through e-mails, blogs, forums etc., can often be intercepted or read by unauthorised third parties.

1.2 Justified interest and relevant legal principles

If the privacy policy does not further specify the rights statement for data processing, the following applies:

  • The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR
  • The legal basis for processing for the purpose of fulfilling our services and implementing contractual measures as well as answering enquiries is Art. 6 para. 1 lit. b GDPR
  • The legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c GDPR
  • The legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 para. 1 lit. f GDPR

1.3 Deletion and storage duration

Personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies and is no longer valid. In addition, data may be stored if this is required by the legislator in the form of ordinances, laws or other regulations.

2. Website and log files

2.1 Purpose of processing

  • To make the online offer available to the user
  • Ensuring data security, in order to ensure the stability and operational safety of our online presence, such as possible prosecution of illegal activities
  • Responding to contact requests and communication with users

2.2 Types of data processed

  • Content data (e.g. text, photographs, videos)
  • URL of the page from which the file was requested (“referrer URL”)
  • Date and time of the request (“time stamp”)
  • Data volume transferred
  • Host name of the accessing computer
  • Browser type and version
  • Operating system used
  • Meta/communication data (e.g. device information, IP addresses)

2.3 Categories of data subjects

Visitors and users of the online offer

2.4. Legitimate interest and relevant legal principles

The legal basis for processing for the purpose of protecting our legitimate interests is Art. 6 para. 1 lit. f GDPR.

2.5 Recipient and transfer of the data to a third country

No transfer to a third country or international organisation planned.

2.6 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of collection. In the case of collection of data for the purpose of providing the website, this is the case, for example, when the respective browser session has ended.

3. Cookies

3.1 Purpose of the processing

Cookies are small text files which are transmitted from the Internet to the user’s computer together with the data actually requested. This data is stored there and kept ready for later retrieval.

Temporary cookies, or “session cookies” are the type of cookies that are deleted after a user leaves an online offer and closes the browser. A randomly generated unique identification number is stored in such a “session cookie”. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data and are usually deleted when the browser is closed.

3.2 Types of data processed

  • Name of the server that set the cookie
  • Lifetime of the cookie
  • a value – usually a randomly generated unique number

3.3 Categories of data subjects

Visitors and users of the online offer

3.4. Legitimate interest and relevant legal principles

The legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 para. 1 lit. f GDPR.

3.5 Recipient and transfer of the data to a third country

No transfer to a third country or international organisation planned.

3.6 Duration of storage

The validity of the cookies is limited to the duration of the visit. Cookies are usually deleted automatically when the browser is closed. There is no link to personal data.

You can set your browser to inform you when cookies are set and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated for the website, it is possible that not all functions of the website can be used to their full extent.

4. Comments and contributions

4.1 Purpose of the processing

The online offer currently does not allow leaving of comments or other contributions. Should this be supplemented, the IP address and the content data of the contribution can be saved. The IP address will then be saved for security purposes, if the comment and contribution function is used to send illegal content. In addition, the IP address can be stored, in order to process the user’s details for the purpose of spam detection.

4.2 Types of data processed

  • Content data
  • IP address
  • Date and time of the contribution

4.3 Categories of data subjects

4.4. Legitimate interest and relevant legal principles

The legal basis for the processing for the purpose of safeguarding our legitimate interests is Art. 6 para. 1 lit f GDPR

Ensuring security, spam detection and possible tracing of illegal content

4.5 Recipient and transfer of the data to a third country

No transfer to a third country or international organisation planned.

4.6 Duration of storage

A regular deletion of comments and contributions is not intended. The data will be deleted as soon as they are no longer necessary for the purpose of their collection and legal requirements.

5. Contacting

5.1 Purpose of processing

When contacting us, e.g. via contact form, e-mail, telephone or other media, all information provided by the user is processed for the purpose of handling the contact request and its processing. Furthermore, such information may be stored in a customer relationship management system (“CRM system”) or comparable software.

5.2 Types of data processed

  • Name
  • Content data, which were independently made by the user
  • Email address
  • Metadata
  • Header data
  • Phone number

5.3 Categories of data subjects

Visitors and users of the online offer, interested parties, customers, new customers

5.4. Legitimate interest and relevant legal principles

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is connected with the fulfilment of a contract concluded with us or is necessary for the implementation of pre-contractual measures.

In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

5.5 Recipient and transfer of data to a third country

No transfer to a third country or international organisation planned.

5.6 Duration of storage

The data you send us by contact request will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Data will be deleted as soon as they are no longer necessary for the purpose of their collection and legal requirements. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5.7 Cooperation with ac.biomed GmbH

a) Our general business terms and conditions shall apply. They are available on the website.
b) For contracts between client and ac.biomed GmbH, German law shall exclusively be applicable.
c) For all disputes arising from contracts, the jurisdiction of the competent court at the location of the ac.biomed GmbH is agreed upon.
d) All changes and additions to contractual agreements shall require the written form.

6. Hosting online offer

6.1 Purpose of processing

An external service provider (hoster) is used to operate the online offer. This provider provides infrastructure services. The hosting provider can store and process communication data on its servers for efficient and secure provision of the online service.

6.2 Types of data processed

  • IP address
  • Meta- and communication data
  • Website access
  • Contact details
  • other data generated via a website

6.3 Categories of data subjects

Visitors and users of the online offer

6.4. Legitimate interest and relevant legal principles

The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). In order to guarantee processing in compliance with data protection regulations, we have concluded a contract for order processing with our hoster.

6.5 Recipient and transfer of data to a third country

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data. No transfer to a third country or international organisation is planned.

6.6 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection and legal requirements.

7. Video conferences, online meetings and screen sharing

We use the Microsoft Teams platform (hereinafter referred to as “Teams”) to conduct video and audio conferences. Within the scope of use, data of the participants will be processed and stored on the servers of the provider. This data may include, in particular, data entered by the participants themselves, such as registration and contact data, visual and vocal contributions as well as entries in chats and shared screen content.

If users are referred to the Microsoft Teams platform in the course of communication, business or other relationships with us, usage data and metadata may be processed for security, service optimization or marketing purposes. Please refer to the provider’s privacy policy.

Product details
Manufacturer
Microsoft
URL:
https://products.office.com/de-de/microsoft-teams/download-app (subject to change without notice)

Adequacy of the level of data protection

According to the adequacy decision of the EU Commission, such US companies/data processors who have certified themselves under the EU-US Privacy Shield Agreement have a level of data protection adequate to that of the EU

  • EU-US privacy shield; Swiss-US privacy shield
  • Implementation of the rights of data subjects
  • Basic information on rights under the GDPR
  • Manuals & (video) tutorials:
  • Microsoft Teams training website
  • Privacy Policy of Microsoft:
  • Privacy Policy
  • Note:Overview of data protection, data security, and compliance when using Microsoft teams

7.1 Purposes of processing

Contractual benefits and service
efficient and secure communication with customers and business partners

7.2 Types of data processed

  • Stock data
  • Contact data
  • Content data
  • Meta/communication data

7.3 Categories of data subjects

Communication partners

7.4 Legitimate interest and relevant legal principles

If we ask users for their consent for the use of the third-party providers or certain functions, such a function can be, for example, a recording of conversations, the legal basis of the processing is consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Furthermore, the data is processed on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f. GDPR) in efficient and secure communication with our customers and for the purpose of contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).

7.5 Recipient and transfer of data to a third country

No transfer to a third country or international organisation planned.

7.6 Duration of storage

The data you have transmitted to us will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your request has been processed). Data will be deleted as soon as they are no longer necessary for the purpose of their collection and legal requirements. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

8. Google Web Fonts

8.1 Purpose of the processing

No so-called external web fonts provided by Google (Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA) are used.

9. Information on the rights of the data subjects

The data subject has the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed; if this is the case, he or she has the right to obtain free of charge information on such personal data and the information specified in Art. 15 GDPR.
The data subject has the right to request the data controller to rectify incorrect personal data concerning him/her and, if necessary, to complete incomplete personal data (Art. 16 GDPR). If you dispute the accuracy of your data stored with us, we usually need time to verify this. For the duration of the review, you shall have the right to demand that the processing of your personal data be restricted.
The person concerned has the right to demand from the person responsible that personal data relating to him/her be deleted immediately, if one of the reasons listed in Art. 17 GDPR applies in detail, e.g. if the data are no longer required for the purposes pursued (right to deletion).
If the data subject has given his or her consent to data processing, he or she may revoke this consent at any time for the future. The data subject has the right to request the controller to restrict processing, if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has lodged an objection to processing, for the duration of the controller’s examination.

The data subject has the right to object to the processing of personal data relating to him or her at any time for reasons arising from his or her particular situation. The controller will then no longer process the personal data unless he can demonstrate compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her is in breach of the GDPR (Art. 77 GDPR). The data subject may invoke this right before a supervisory authority in the Member State in which he or she is resident, at his or her place of work or at the place where the alleged infringement is committed. In North Rhine-Westphalia, the competent supervisory authority is the:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
PO Box 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
e-mail: poststelle@ldi.nrw.de

10. Objection against advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material not expressly requested. The operators of this website expressly reserve the right to take legal action in the event that unsolicited advertising information is sent, for example by spam e-mails.

11. Validity of the privacy policy

Due to the constant development of online offers and the implementation of new functions and technologies, it may become necessary to adapt the privacy policy, in order to ensure that legal requirements are met. For this reason, the person responsible reserves the right to update the data protection declaration at any time with effect for the future. For this reason, we would like to ask and recommend that you take the time to regularly review the data protection declaration for yourself.

Should individual provisions of the agreements be or become invalid in whole or in part, the validity of the remaining provisions shall not be affected. In this case, the parties will replace the invalid provision with a valid provision that comes as close as possible to the economic purpose of the invalid provision. The same shall apply accordingly to any loopholes in the agreement.

12. Borlabs

This site uses Borlabs Cookie that sets two technically necessary cookies (borlabsCookie and borlabsCookieUnblockContent) to store your cookie preference.
Borlabs Cookie does not process any personal data.

The borlabsCookie stores your chosen preference, which you selected when you entered the website. The borlabsCookieUnblockContent cookie stores which (external) media/content you want to have automatically unlocked at all times. If you wish to revoke these settings, simply delete the cookies in your browser. When you re-enter/reload the website, you will be asked again for your cookie preference.

Edit cookie settings

Status: 04/06/2020
Source: own & https://www.e-recht24.de