Self-commitment of mediCAD Hectec GmbH on the subject of data protection
The protection of personal data is an important concern for mediCAD Hectec GmbH (mediCAD Hectec). Therefore, we conduct our activities in compliance with applicable laws on the protection of personal data and data security. The following points are intended to help you understand what information we may collect, how we process and protect that data, and to whom we may disclose it.
Through our websites (the “mediCAD Hectec website”), mediCAD Hectec GmbH will not collect any personal data about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide us with it (e.g. by registration, survey), respectively, provide your consent, or unless otherwise permitted by applicable laws and regulations for the protection of your personal data.
When you provide us with personal information, we generally use it to respond to your inquiries, process your orders, or provide you with access to specific information or offers. In order to maintain customer relationships, we (or a third party on our behalf) may also need to use personal data to contact you about a mediCAD Hectec offer in support of your business needs or to conduct online surveys to understand better our customers’ needs and expectations.
Of course, we will respect your wishes if you do not want us to use your personal data to support our customer relationship (especially for direct marketing or market research purposes). We will not sell or otherwise market your personal data to third parties, except to affiliated companies of mediCAD Hectec GmbH as defined in § 271 HGB.
mediCAD Hectec GmbH will collect, use or disclose personal data supplied by you online only for the purposes disclosed to you, unless the disclosure
• is for another purpose directly related to the original purpose for which the personal data was collected,
• is necessary for the preparation, negotiation and performance of a contract with you,
• is necessary due to legal obligation or official or judicial order,
• is necessary for the establishment or protection of legal claims or the defense against legal action,
• is necessary to prevent fraud or other illegal activities, such as willful attacks on mediCAD Hectec GmbH systems to ensure data security.
Communication or usage-related information
When you access our websites via telecommunications services, communications-related data (e.g., Internet protocol address) or usage-related data (e.g., information on the start and duration of use and on the telecommunications services you use) is generated technically. These may possibly allow conclusions to be drawn about personal data. Insofar as the collection, processing and use of your communication or usage-related data is absolutely necessary, this is subject to the statutory provisions on data protection.
Non-personal data collected automatically
When you access our websites, information is occasionally collected automatically (i.e. not via registration) that is not assigned to a specific person (e.g. Internet browser and operating system used; domain name of the website from which you came; number of visits; average time spent; pages viewed). If necessary, we use this information and pass it on to affiliated companies of mediCAD Hectec GmbH in order to determine the attractiveness of our websites and to improve their performance and content.
“Cookies” – information that is automatically placed on your computer
Cookies are used for the attractive design of the websites, as well as the use and preferences of the website visitors. Thus, for example, your information for the selection of a language is stored. Cookies are text files that are stored on your hard drive to enable identification of the browser when you return to the website. You can prevent cookies from being stored on your hard drive by making the appropriate browser settings. Cookies that have already been set can be deleted at any time. For information on how to delete cookies or prevent their storage, please refer to the respective browser instructions. If you do not accept cookies, this may impair your use of our website. The legal basis for the processing of cookies is Art. 6 Para. 1 lit. f) GDPR.
Use of GOOGLE reCaptcha
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout?hl=de.
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: support.google.com/analytics/answer/7667196?hl=de
Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: usercentrics.com/de/ (hereinafter “Usercentrics”).
When you enter our website, the following personal data is transferred to Usercentrics:
Your consent(s) or revocation of your consent(s).
Your IP address
Information about your browser
Information about your terminal device
Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.
Contract for order processing
We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Use of the OnWebChat live chat system
On this website, pseudonymized data is collected and stored using technologies provided by OnWebChat, Sfaktion 36, 73134 Chania, Greece (www.onwebchat.com) for the purpose of web analytics and to operate the live chat system for responding to live support requests. From this pseudonymized data, usage profiles can be created under a pseudonym. Cookies can be used for this purpose. If the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in effective customer support and the statistical analysis of user behavior for optimization purposes.
The data collected using OnWebChat technologies will not be used to personally identify the visitor to this website without the separately granted consent of the data subject and will not be merged with personal data about the bearer of the pseudonym. In order to avoid the storage of OnWebChat cookies, you can set your Internet browser so that no cookies can be stored on your computer in the future or so that cookies that have already been stored are deleted. However, turning off all cookies may result in the inability to perform some functions on our websites. You can deactivate the data collection and storage for the purpose of creating a pseudonymized usage profile at any time with effect for the future by sending us your objection informally by e-mail to the e-mail address stated in the imprint.
mediCAD Hectec GmbH will not knowingly collect personal data from children without expressly pointing out that such data should only be transmitted with the consent of the parents if applicable legal regulations provide for this. As a matter of principle, we will only use or disclose children’s personal data to the extent permitted by law, to obtain parental consent required by law, or to protect children. For the term “child/children”, the nationally applicable legal provisions and cultural customs must be taken into account here.
To protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure or access, mediCAD Hectec GmbH uses technical and organizational security measures. Your data is automatically encrypted using SSL (Sockets Layer Protocol). SSL is the industry standard for the transfer of confidential data over the Internet. Your data will be stored and processed in accordance with German and European data protection regulations and our internal guidelines.
Links to other websites
The mediCAD Hectec websites contain links to other websites. mediCAD Hectec GmbH is not responsible for the data protection policies or the content of these other websites.
Right of information and revocation
Right to data portability
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to rectification, erasure, restriction of processing, objection and complaint
Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR.
The restrictions according to §§ 34 and 35 JURA apply to the right to information and the right to deletion.
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with §19 JURA). A list of supervisory authorities (for the non-public sector) with address can be found at: www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
The data will only be stored as long as the purpose and your consent are given. As a rule, your data will be deleted after 6 months.
Competent state authority
The competent state supervisory authority is the Bavarian State Commissioner for Data Protection Dr. Thomas Petri, Wagmüllerstraße 18, 80538 Munich, email@example.com, www.datenschutz-bayern.de.
For the right of information and revocation, please add the central telephone number and our company address with the data protection department to the e-mail.