Data Privacy Policy
In the following privacy policy, we inform you according to Art. 13 et seq. of the GDPR of how personal data is processed on this site and your rights in this regard. This privacy policy explains how our website and our online services process and transmit the data you provide.
Controller
The controller according to Art. 4 (7) of the GDPR is the party that, alone or jointly with others, determines the purposes and means of personal data processing.
With regard to our website, the controller is:
Medtron Aktiengesellschaft
Hauptstrasse 255, 66128 Saarbrücken, Germany
E-Mail: info@medtron.com
Tel.: +49 681 97017-0 Fax: +49 681 97017-20
The data protection officer’s contact details
We have appointed a data protection officer according to Art. 37 of the GDPR. You can contact our data protection officer using the details below:
Ms Tatjana Tröster – Data Protection & Office Services
Fliederweg 13, 78073 Bad Dürrheim, Germany
email: mailto:mail@buero-troester.de
Dury Legal
Beethovenstrasse 24
DE – 66111 Saarbrücken E-Mail: kanzlei@dury.de Tel.: 0681/9400543-0
Providing the website and creating log files
Each time our website is accessed, our system automatically records data and information from the accessing device (e.g. computer, mobile phone, tablet, etc.).
What personal data is collected and to what extent is it processed?
(1) Information about the browser type and the version used;
(2) The accessing device’s operating system;
(3) The host name of the accessing computer;
(4) The accessing device’s IP address;
(5) The date and time of access;
(6) Websites and resources (images, files, other page contents) that were accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Message confirming whether access was successful;
(9) The amount of data transmitted;
(10) The host’s ISP.
This data is stored in our system’s log files. This data is not stored together with other personal data belonging to a specific user, so individual site visitors are not identified.
The data is also anonymised immediately after collection, so it is no longer possible to draw conclusions about the individual person based on their IP address. Evaluating the anonymised data allows us to monitor and improve our website’s stability and availability over an extended period of time. Temporary (automated) storage of data in plain text format is necessary for a visit to a website to enable delivery of the website.
Personal data is also stored and processed to maintain our website’s compatibility for all visitors where possible and to combat misuse and eliminate faults. To this end, it is necessary to log the accessing computer’s technical data, so that we can respond to display errors, attacks on our IT systems and/or functionality errors on our website as early as possible. Additionally, we also use the data to optimise the website and to ensure the general security of our IT systems.
Legal basis for personal data processing
Art. 6 (1) f of the GDPR (legitimate interest). Our legitimate interest is to guarantee achievement of the purpose outlined below.
Purpose of data processing
Temporary (automated) data storage is necessary for a visit to a website to enable delivery of the website. Personal data is also stored and processed to maintain our website’s compatibility for all visitors where possible and to combat misuse and eliminate faults. To this end, it is necessary to log the accessing computer’s technical data, so that we can respond to display errors, attacks on our IT systems and/or functionality errors on our website as early as possible. Additionally, we also use the data to optimise the website and to ensure the general security of our IT systems.
Duration of storage
The above technical data is deleted as soon as it is no longer needed to guarantee the website’s compatibility for all visitors, but at the latest within three months of our website being accessed. Anonymised data is generally stored indefinitely for statistical purposes.
Opportunity for objection and erasure
You may object to processing at any time according to Art. 21 of the GDPR and request that your data be erased according to Art. 17 of the GDPR. You will find the rights that you are entitled to and information on how to assert them at the bottom of this privacy policy.
Processor
We work together with a service provider, who helps us to provide the server capacity required for this, to supply our site’s content. Insofar as server access is required within the website, the data collected thereby is processed for this purpose on servers run by the company STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Deutschland ((https://strato.de). Your data is processed based on a processing contract according to Art. 28 of the GDPR, which is the legal basis for data transfer to this company. In addition, our online agency is engaged as a processor for the purpose of maintaining our website: blueAlpha GmbH, Amerikastrasse 21, 66482 Zweibrücken, Germany(https://bluealpha.de))
Special features of the website
Our site offers you a variety of features which, when used by us, serve to collect, process and store personal data. We have provided an explanation of what happens to this data below:
Application form
What personal data is collected and to what extent is it processed?
The data that you enter in the application form’s form fields and upload if necessary will be processed to fulfil the purpose stated below. You must provide your first and last name, date of birth, telephone number, email address and postal address (street, building number, postcode, town/city). You must also upload a CV (mandatory) before submitting your application. All other information, such as a cover letter, references or other documents, are voluntary, but we may request them as part of the application process. You will also still have to answer the CAPTCHA request for submission purposes.
Legal basis for personal data processing
The legal basis for collecting and processing applicant data is Art. 6 (1) b (initiating a contract), and Art. 88 (1) of the GDPR in conjunction with Section 26 of the German Federal Data Protection Act. Insofar as special categories of personal data that are required for the fulfilment of legal obligations arising from labour law, social security law and social protection according to Art. 9 (2) b of the GDPR in conjunction with Section 26 (3) of the German Federal Data Protection Act are collected, processing is performed on this legal basis. If special categories of personal data are also to be processed, we will obtain consent for this according to Art. 9 (2) a of the GDPR.
Purpose of data processing
The purpose of data processing is reviewing and processing the application documents you upload using the form.
Duration of storage
The data will be deleted as soon as the application has been processed and there is no longer a legitimate interest in storing the application data. If your application is successful, we will continue to process the data according to Art. 6 (1) b, and Art. 88 (1) of the GDPR in conjunction with Section 26 of the German Federal Data Protection Act in the context of your employment relationship. Your application documents will therefore be deleted six months at the latest following conclusion of the application process if no further storage is required (e.g. due to a legal dispute about the application process). In this case, the data is stored for as long as it is required for further storage to achieve the purpose.
Opportunity for objection and erasure
You will find the rights that you are entitled to and information on how to assert them at the bottom of this privacy policy.
Need to provide personal data
The information provided in the application form is not contractually or legally required, but is necessary for sending and processing the application. If you do not fill out the existing mandatory fields or do not fill them out completely, the application you have requested cannot be sent or processed.
Contact form(s)
What personal data is collected and to what extent is it processed?
We will use the data you entered in our contact forms and in the contact form’s input screen to fulfil the purpose mentioned below.
Legal basis for personal data processing
Art. 6 (1) a of the GDPR (consent by means of clear confirmatory action or conduct)
Purpose of data processing
We will use the data collected by means of our contact form(s) only to process the specific contact request received through the contact form(s).
Duration of storage
The data collected is deleted immediately after your request has been processed, provided that there are no statutory retention periods.
Opportunity for objection and erasure
The opportunities for objection and erasure are based on the general regulations on the right of objection and entitlement to erasure under data protection legislation that are outlined below in this privacy policy.
Need to provide personal data
Use of the contact forms is voluntary and is neither contractually nor legally required. You are not obligated to contact us using the contact form; you can also use the other contact options provided on our website instead. If you would like to use our contact form, you must fill in the fields marked as mandatory. If you do not provide the necessary information in the contact form, you will either be unable to send the request or we will unfortunately be unable process your request.
Form for subscribing to the newsletter
What personal data is collected and to what extent is it processed?
By signing up for the newsletter on our website, we receive the email address you entered in the sign-up field and, if applicable, additional contact details, provided that you disclose them to us using the newsletter sign-up form.
Legal basis for personal data processing
Art. 6 (1) a of the GDPR (consent by means of clear confirmatory action or conduct)
Purpose of data processing
Data captured on our newsletter’s sign-up screen is used by us for the sole purpose of sending our newsletter, in which we provide information about all our services and our news. Once you have signed up, we will send you a confirmation email containing a link you have to click on to complete the process of signing up to our newsletter (double opt-in).
Duration of storage
You can unsubscribe from our newsletter at any time by clicking on the Unsubscribe link, which is also included in every newsletter. We will delete your data immediately after you cancel your subscription. We will also delete your data immediately if you do not complete the sign-up process. We reserve the right to delete the same without any need to provide justification or to provide any prior or subsequent information.
Revocation and removal option
The opportunities for objection and erasure are based on the general regulations on the right of objection and entitlement to erasure under data protection legislation that are outlined below in this privacy policy.
Need to provide personal data
If you would like to use our newsletter, you must fill out the fields that are marked as mandatory and confirm your email address by clicking on the double opt-in link. The newsletter sign-up details are not necessary to enter into a contract with us, and nor are they legally binding. They are used exclusively for sending our newsletter. If you do not fill in the required information, we will unfortunately be unable to provide you with our newsletter service.
Statistical evaluation of visits to this website – web trackers
We collect, process and store the following data when our website, or individual files of our website, are accessed: IP address, web page that the file was accessed from, name of the file, the date and time of access, the volume of data transmitted and the access success notification (‘web log’). We only use this access data in a non-personalised form with a view to continuously improving our website and for statistical purposes. We also use the following web trackers to evaluate visits to our website:
Matomo (local)
Extent of personal data processing
Our website contains tracking code from Matomo (formerly Piwik), an open-source web analytics tool(https://matomo.org. Web tracking is carried out exclusively by ourselves without any personally identifiable data. Matomo is hosted on our own server infrastructure for this purpose. Data is not, therefore, transferred to third parties. We collect, process and store usage data about how our site is used (e.g. referrer links, the time spent on certain URLs, the clickstream) and also data about your browser settings (e.g. the browser manufacturer and version, the screen resolution and the operating system used). The legal basis is Art. 6 (1) f of the GDPR, and the legitimate interest is website analysis. We may also collect and store parts of your IP address and information about our website’s loading speed. We can only create anonymous usage profiles and extract statistical information from this data. We also use cookies as part of Matomo web tracking to distinguish returning site visitors from first-time visitors. Cookies are small text files that are stored locally in your internet browser’s memory and contain a separate ID and potentially other technical information. The data collected in this context will not be merged with any other personal data we may have without your separate consent.
Legal basis for personal data processing
In many cases, there is no personally identifiable information. If you are personally identifiable, the legal basis for collection is Art. 6 (1) f of the GDPR, and the legitimate interest is analysing our website.
Purpose of data processing
The purpose of web tracking is to analyse user traffic so we can anonymously monitor our website’s functionality and usability and continuously improve our website. It is used exclusively for the purpose of collecting statistical, non-personal data.
Duration of storage
We store all web tracking data collected through Matomo for an indefinite period of time, insofar as this data is only available to us in anonymised form. If the data is not anonymised, we will delete it after 12 months at the latest.
Opportunity for objection and erasure
You can prevent the collection and processing of the aforementioned data by installing a JavaScript blocker to prevent the collection of other app analysis data. If you do end up being personally identifiable, you can revoke your consent at any time according to the rules outlined in this privacy policy.
Integration of external web services and data processing outside the EU
We use active contents from external providers (‘web services’) on our website. When you access our website, these external providers may receive personal information about your visit to our website. Data may be processed outside the EU in this regard. You can prevent this from happening by installing an appropriate browser plugin or by disabling the execution of scripts in your browser. This can lead to functional restrictions on websites you visit. We use the following external web services:
Elementor
We use the Elementor service provided by Elementor Ltd., Tuval Street 40, Ramat Gan, Israel, email: mailto:legal@elementor.com on our website.Processing also takes place in a third country outside of the EU. This third country is covered by a European Commission adequacy decision. Please see the European Commission website (link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_deor an up-to-date list of all adequacy decisions. The legal basis for personal data transfer is our legitimate interest in processing according to Art. 6 (1) f of the GDPR. Our legitimate interest is to guarantee achievement of the purpose outlined below. Elementor allows us to embed third-party content on our site and control our templates and page design. With regard to processing, you have the right to object as set out in Art. 21. You will find more information at the end of this privacy policy. You will find more information about how the transferred data is handled in the provider’s privacy policy at https://elementor.com/about/privacy/.
We use the Google service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email: support-de@google.com, website: http://www.google.com/, on our websiteProcessing also takes place in a third country that is not covered by a Commission adequacy decision. So the usual level of protection afforded by the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that e.g. authorities can access the collected data in the third country. The legal basis for personal data transfer is your consent according to Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR, which you have given on our website. We use Google so we can reload additional Google services on the website. You can revoke your consent at any time. You will find more information about revoking your consent either in the consent section itself or at the end of this privacy policy. You will find more information about how the transferred data is handled in the provider’s privacy policy at https://policies.google.com/privacy.
Google APIs
We use the Google APIs service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email: support-de@google.com, website: http://www.google.com/, on our websiteProcessing also takes place in a third country that is not covered by a Commission adequacy decision. So the usual level of protection afforded by the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that e.g. authorities can access the collected data in the third country. The legal basis for personal data transfer is your consent according to Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR, which you have given on our website. We use Google APIs so we can reload additional Google services on the website. Google APIs is a collection of interfaces for communication between the various Google services used on your website. The service or we collect(s) the following data for processing itself: IP address You can revoke your consent at any time. You will find more information about revoking your consent either in the consent section itself or at the end of this privacy policy. You will find more information about how the transferred data is handled in the provider’s privacy policy at https://policies.google.com/privacy.
Cookie-Law-Info
We use the Cookie Law Info service provided by Mozilor Limited, 10 Paxton Crescent, Shenley Lodge, Milton Keynes, MK5 7PY, United Kingdom. You will find the provider’s contact form at https://www.webtoffee.com/contact/. For more information, please visit https://de.wordpress.org/plugins/cookie-law-info/ Processing takes place in a third country for which the European Commission has taken an adequacy decision. So the usual level of protection afforded by the GDPR can be guaranteed for the transfer. The legal basis for personal data transfer is the fulfilment of legal obligations according to Art. 6 (1) c of the GDPR. We can save your settings with regard to the use of cookies with the help of the cookie banner.
Google Fonts
We use the Google Fonts service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email: support-de@google.com, website: http://www.google.com/, on our websiteProcessing also takes place in a third country that is not covered by a Commission adequacy decision. So the usual level of protection afforded by the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that e.g. authorities can access the collected data in the third country. The legal basis for personal data transfer is your consent according to Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR, which you have given on our website. The Google Fonts service is used to reload fonts on our site to improve the appearance of the version you see. You can revoke your consent at any time. You will find more information about revoking your consent either in the consent section itself or at the end of this privacy policy. You will find more information about how the transferred data is handled in the provider’s privacy policy at https://policies.google.com/privacy.
Google Maps
What personal data is collected and to what extent is it processed?
We use the maps service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as ‘Google Maps’), on our website. Google Maps is integrated on the website via the Google API to visualise location information and display it in the form of a map. Google Maps’ processing of your IP address is technically necessary to display the map. With regard to the web services integrated using Google APIs, the rules set out in the relevant section of this privacy policy will apply. Processing also takes place in a third country that is not covered by a Commission adequacy decision. So the usual level of protection afforded by the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that e.g. authorities can access the collected data in the third country.
Legal basis for personal data processing
Art. 6 (1) f of the GDPR (legitimate interest). Our legitimate interest is being able to show you online location information presented in the usual way in a visualised form.
Purpose of data processing
Google will use the information obtained using Google Maps on our behalf to show you the map. By using Google Maps, you will be able to find us faster and more accurately than with a simple non-interactive map.
Duration of storage
Google will store the data relevant to Google Maps’ function for as long as is necessary to render the booked web service. Data is collected and stored in an anonymised format. If you are personally identifiable, the data will be deleted immediately provided that it is not subject to any statutory retention requirements. In any case, data will be deleted once the retention requirement ceases to apply.
Opportunity for objection and erasure
You can prevent personal data (particularly your IP address) from being collected by and disclosed to Google and Google’s processing of this data by disabling the execution of script codes in your browser, by installing a script blocker in your browser, or by enabling your browser’s ‘Do Not Track’ setting. You will find Google’s security and privacy policy at https://policies.google.com/privacy.
Joint processing
We have concluded a joint processing contract with Google with regard to Google Maps. You will find the content at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
Gstatic
We use the Gstatic service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email: support-de@google.com, website: http://www.google.com/, on our websiterocessing also takes place in a third country that is not covered by a Commission adequacy decision. So the usual level of protection afforded by the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that e.g. authorities can access the collected data in the third country. The legal basis for personal data transfer is your consent according to Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR, which you have given on our website. Gstatic is a service that Google uses to retrieve static content to reduce bandwidth usage and pre-load required catalogue files. You can revoke your consent at any time. You will find more information about revoking your consent either in the consent section itself or at the end of this privacy policy. You will find more information about how the transferred data is handled in the provider’s privacy policy at https://policies.google.com/privacy.
Local and session storage used
In simplified terms, ‘web storage’ technology is a technical option that allows data and information to be stored on the user’s computer or terminal device, in a similar way to cookies. Data can generally be stored in the web storage technology in two ways. The name of the web storage technology depends on the duration of storage. A distinction is made between permanent storage (localStorage) and storage that is limited to the ‘session’ (sessionStorage). A session begins when the page is accessed, and ends when the page is exited (e.g. by closing the tab or the browser). The local or session storage is accessed using the scripts and web services used on the school portal. We have created a table where we explain the type of data and the purpose of the local or session storage.
| Name | Type | Purpose | legal basis |
|---|---|---|---|
| Elementor | Local Storage | The modifications made to the page design by our plugin can be reloaded in your browser with the help of the local storage entry. Our legitimate interest is being able to deliver our site properly. | Art. 6 (1) f of the GDPR |
| Elementor | Session Storage | The session storage entries are also used to display the modifications made by the plugin and are deleted after the browser session has expired. | Art. 6 (1) f of the GDPR |
Data security and data protection, communication by email
When it is collected, stored and processed, your personal data is protected by means of technical and organisational measures to ensure that it is inaccessible to third parties. Since we cannot guarantee complete data security on the transmission path to our IT systems during unencrypted communication by email, we advise sending highly confidential information using encrypted communication or by post.
Right of access and rectification requests – Erasure and restriction of data – Revocation of consent – Right to object
Right of access
You have the right to request confirmation as to whether we process your personal data. If we do, you have a right of access to the information specified in Art. 15 (1) of the GDPR, provided that the rights and freedoms of others are not adversely affected (cf. Art. 15 (4) of the GDPR). We are also happy to provide you with a copy of the data.
Right to rectification
According to Art. 16 of the GDPR, you have the right to have incorrectly stored personal data (such as your address, name, etc.) corrected by us at any time. You can also request that the data we store be completed at any time. Adjustment to this effect will be performed without delay.
Right to erasure
According to Art. 17 (1) of the GDPR, you have the right to request that we erase the personal data collected about you if
- the data is either no longer needed;
- the legal basis of processing is no longer applicable due to you revoking your consent;
- you have objected to processing and there are no legitimate grounds for processing;
- your data is being processed unlawfully;
- a legal obligation requires this or collection according to Art. 8 (1) of the GDPR has taken place.
According to Art. 17 (3) of the GDPR, the right does not exist if
- processing is necessary to exercise the right to freedom of expression and information;
- your data was collected based on a legal obligation;
- processing is necessary for reasons of public interest;
- the data is necessary to establish, exercise or defend legal claims.
Right to restriction of processing
According to Art. 18 (1) of the GDPR, you have the right to request on a case-by-case basis that processing of your personal data be restricted. This applies if
- you dispute the correctness of the personal data;
- processing is unlawful and you do not consent to erasure of the data;
- the data is no longer required for the purpose for which it is being processed, but the data collected is being used to assert, exercise or defend legal claims;
- an objection has been made against processing according to Art. 21 (1) of the GDPR and it is still unclear which interests take precedence.
Right of revocation
If you have given us express permission to process your personal data (Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR), you can revoke this consent at any time. Please note that revocation of consent does not affect the lawfulness of processing carried out based on such consent up until the same is revoked.
Right to objection
According to Art. 21 of the GDPR, you have the right to object at any time to the processing of personal data concerning you that has been collected based on Art. 6 (1) f (in the context of a legitimate interest). You are only entitled to this right if special circumstances preclude storage and processing.
How do you exercise your rights?
You can exercise your rights at any time by using the contact details provided below:
Medtron Aktiengesellschaft
Hauptstrasse 255, 66128 Saarbrücken, Germany
E-Mail: info@medtron.com
Tel.: +49 681 97017-0 Fax: +49 681 97017-20
Right to data portability
According to Art. 20 of the GDPR, you are entitled to have personal data concerning you transferred. We provide the data in a structured, commonly used and machine-readable format. The data can be sent either to yourself or to a controller named by you. We will provide you with the following data on request according to Art. 20 (1) of the GDPR:
- Data collected based on express consent according to Art. 6 (1) a of the GDPR or Art. 9 (2) a of the GDPR;
- Data that we have received from you according to Art. 6 (1) b of the GDPR in the context of existing contracts;
- Data processed in the context of an automated procedure.
We will transfer the personal data directly to a controller of your choosing insofar as doing so is technically feasible. Please note that we are not allowed to transfer data that interferes with the rights and freedoms of others according to Art. 20 (4) of the GDPR.
Right to lodge a complaint with the supervisory authority according to Art. 77 (1) of the GDPR
If you suspect that your data is being processed unlawfully on our website, you can naturally obtain judicial clarification of the issue at any time. Every other legal option is open to you too. Regardless of this, you have the option of contacting a supervisory authority according to Art. 77 (1) of the GDPR. You have a right to lodge a complaint according to Art. 77 of the GDPR in the EU member state of your place of residence, your workplace and/or the place of the suspected violation, i.e. you can choose the supervisory authority you wish to contact from the aforementioned locations. The supervisory authority with whom the complaint was lodged then informs you of the status and results of your petition, including the possibility of a judicial remedy according to Art. 78 of the GDPR.
Created by:© DURY LEGAL Rechtsanwälte – www.dury.de© Website-Check GmbH – www.website-check.de
Privacy policy of our social media sites.
Here you can find the privacy policy of our social media sites.
