Notes on data protection:
The protection of your personal data is an important issue for Promecon GmbH, which we take very seriously. We act abide by the rules and handle personal data information compliant to the regulations of GDPR and the German Federal Data Protection Act (BDSG).
Hereinafter we would clarify type, extent, and purpose of the data collection and processing.
Please read the following information carefully.
We reserve the right to change our privacy policy conform to new legal requirements and without previous warnings.
If personal data (for example name, address or e-mail addresses) is collected on our site this will always be on a voluntary basis as far as possible. As far as possible, our offerings and services can always be used without divulging personal data.
The use of the obligatorily published contact data by third parties for sending advertising and information material which is not specifically requested is hereby expressly forbidden. The operators of the site expressly reserve the right to take legal steps in the case of unsolicited sending of advertising information, for example through spam mails.
Responsible office:
Promecon GmbH
Kreuslerstraße 10
20095 Hamburg
Germany
phone: +49 40 3690 1690
fax: +49 40 3690 1699
eMail:
Data collection by accessing the Website
When visiting our website your browser transmits technical details to our webserver. Those details will be recorded temporary as log files to serve for data protection and security.
Log files can contain the following information:
- Anonymized IP-address
- Date and time of the request
- Content of the request (Name and URL)
- Notification whether data retrieval was successful
- Browser and operating system information
- Website from which you are visiting us
The above information is necessary to detect possible errors in links and programming, to improve our website, and to develop our IT-infrastructure. There is no assignment of personal data. In case there is a concrete evidence of a justified suspicion, we reserve the right to do a subsequent investigation of the log files.
Collection, use and processing of person personal data:
Section 3 (1) BDSG refers personal data as an individual information of data relating to the personal or professional circumstances of a specific or specifiable person. This means that any collected information serving to identify an individual person are personal data. As far as personal information is collected on our website, occurs this on a voluntary basis, i.e. orders, inquiries, personal contact or process of your application. Those data information will be recorded and stored in the context of our business relation.
As far as possible, our offerings and services can always be used without divulging personal data.
Personal data will not be recorded and stored without your permission unless the law permits.
Purpose of personal data use:
Based on Art. 6, section1b GDPR we process personal data for fulfillment of a contract or in order to take steps at the request of the data subject prior to entering into the contract. This could occur for the following purpose:
- For the performance of a contract
- For processing your request
In the course of balancing of interests (Art. 6 (1 f) GDPR):
- Performance of services
- Optimization and further development of services
- Promotion and/or market and opinion research purposes, unless you have not objected
- Evaluations
- Data protection and data security
- Legal affairs
- Transfer of data within the group of Promecon GmbH, necessary for business processing
On the basis of your consent (Art. 6 (1 a) GDPR ):
- For sending product and information material
- Telephone contact
- Email-Marketing
- Transfer of data within the group of Promecon GmbH
- Transfer of data to third parties
Or because of legal requirements (Art. 6 (1 c) GDPR ):
- Business administration
- Compliance of legal regulations
- Transfer of data to third parties
Transfer of your personal data
Basically, we just process your personal data within our company and the group of Promecon GmbH.
In the technical implementation we draw on specialized service providers (processor) which are contractually bound to act in accordance with the European privacy police (Art. 28 GDPR). Those processors could be based outside the EU as well. The process of personal data by processors takes only place after order confirmation and with strict regulations. Third parties, such as logistics companies, only receive authorization in personal data if this is necessary for the performance of a service. In the event that a lawfully acting authority or a law enforcement agency wishes to provide information about personal data, etc., we are legally obliged to disclose this information about you.
Legal basis and storage of your personal data
Your personal data is stored with us for the period of an existing business relationship and for the purpose of data security. If the business relationship ends, the data is stored in accordance with prescribed statutory retention periods
The legal basis for this is Art. 6 (1 f) GDPR.
Inquiries by email, phone, or fax
If you contact us by e-mail, telephone or fax, your request, including all personal data derived from it (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data takes place on the basis of Art. 6 Paragraph 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Contact form
On our website is a contact form with which you can contact us directly. The information transmitted via the contact form is used and processed exclusively in order to be able to process your request. The legal basis for this is Art. 6 (1) GDPR.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Use of Cookies
When visiting our website, we occasionally use cookies, small text files that are stored on your computer and stored by your browser. They serve to make our offer user-friendly, effective and secure. Passwords are not stored in cookies. Most of the cookies we use are called session cookies. They will be reset automatically at the end of your visit as soon as you log out. If you end the session by closing your browser, the cookie will persist for a while. You can influence the length of this period through settings on your computer. Then the cookie is either overwritten or deleted from your computer (client). Our cookies do not harm your computer and contain no viruses. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
Use of Google Analytics
If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your website visit the following data will be collected:
- The pages you call up, your "click behaviour“
- Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behavior (for example clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- Your internet provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
Recipient
The data recipient is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
as data processor. For this purpose we have concluded a contract with Google for commissioned data processing. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
Transfer to third countries
A transfer of data to the USA cannot be excluded.
Duration of storage
The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
- not giving your consent to the setting of the cookie or
- downloading and installing the browser add-on to disable Google Analytics https://tools.google.com/dlpage/gaoptout?hl=en.
By setting your browser software accordingsly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.
Legal basis
Your consent is the legal basis for this data processing, Art.6 para.1 S.1 lit.a GDPR.
For more information about Google Analytics terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en.
Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address, and their use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.
After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Paragraph 1 lit. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
Sendinblue
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin, Germany. Sendinblue is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on Sendinblue's servers in Germany. If you do not want an analysis by Sendinblue, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message.
Data analysis by Sendinblue
With the help of Sendinblue it is possible for us to analyze our newsletter campaigns. So we can z. B. see whether a newsletter message has been opened and which links have been clicked. In this way we can determine, among other things, which links have been clicked particularly often. We can also see whether certain previously defined actions were carried out after opening / clicking (conversion rate). We can z. B. recognize whether you have made a purchase after clicking on the newsletter. Sendinblue also enables us to subdivide the newsletter recipients into different categories (“cluster”). The newsletter recipients can be z. B. subdivide according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups.
Detailed information on the functions of Sendinblue can be found at the following link: https://www.sendinblue.com/features/email-marketing/.
Legal basis
The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Storage period
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.
After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Paragraph 1 lit. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
For more information, see the data protection provisions of Sendinblue at: https://www.sendinblue.com/gdpr/.
Commissioned data processing agreement
We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect the data of our customers and not to pass them on to third parties.
Plugins and Tools
Youtube in Privacy-Enhanced Mode
This website embeds videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the Privacy-Enhanced Mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the Privacy-Enhanced Mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things. used to collect video statistics, improve usability and prevent fraud attempts.
If necessary, further data processing operations can be triggered after the start of a YouTube video, over which we have no influence.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1 f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6 (1 a) GDPR; the consent can be revoked at any time.
You can find more information about data protection at YouTube in their data protection declaration at: https://policies.google.com/?hl=en.
Google Web Fonts
This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://policies.google.com/?hl=en.
Audio and Video Web-Meetings
Data processing
For communication with our customers, suppliers, trading partners and service providers, we use other online conference tools. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be recorded and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide / use to use the tools (email address and / or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed under this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 S. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; the consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Teams is certified according to the EU-US Privacy Shield. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Commissioned data processing agreement
We have concluded an commissioned data processing contract with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.
Notes on external sites of Promecon GmbH
LinkedIn (Profil)
Purpose of processing: We have set up a page about our company on the "LinkedIn" platform at the address https://www.linkedin.com/company/promecon-medical/. When you access this page, LinkedIn processes personal data from you. We receive statistics on the use of this page derived from this data.
Legal basis:
Art. 6 para. 1 letter f GDPR.
Data categories:
Master data, if applicable, contact data, content data, usage data, connection data, location data, if applicable.
Recipients of the data:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (as joint controller pursuant to Art. 26 GDPR- the essence of the agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum).
Intended third country transfer:
On a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Art. 46(2)(c) GDPR and based on adequacy decisions (Art. 45 GDPR)).
Do we store or read out personal data on your end device based on your consent?
No
Data subject rights: LinkedIn is responsible for implementing your data subject rights. LinkedIn will inform you about your data subject rights at https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us, we will then forward your request to LinkedIn immediately.
YouTube Channel
Purpose of processing: We have set up a video channel on the "YouTube" platform of Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland ("Google") at the address Adresse https://www.youtube.com/channel/UC0zuPocNevBxdskkZqm8JRw/about. When you access this page, Google processes personal data from you. We receive statistics about the use of this page derived from this data.
Legal basis:
Art. 6 para. 1 letter f GDPR.
Data categories:
Master data, if applicable, contact data, content data, usage data, connection data, location data, if applicable.
Recipients of the data:
Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland.
Intended third country transfer: In individual cases, USA
Do we store or read out personal data on your end device based on your consent?
No
Minors
This website is intended for business customers and is not intended for children or teenagers. Without the express consent of the parent or legal guardian, children and adolescents under the age of 14 are prohibited from transmitting personal data on the Internet. We knowingly do not collect personal information from minors.
Information about your rights
As a data subject, you have the following rights according to the laws of the GDPR:
- Right of access by the data subject (Art. 15 GDPR)
- Right of rectification (Art. 16 GDPR)
- Right to erasure („right tob e forgotten“) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Automated individual decision-making, incl. profiling (Art. 22 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR i.V.m § 19 BDSG)
Please let us know if you wish to exercise your rights. The exact contact details can be found at the end ("contact information") of this privacy policy
Data protection:
To protect your privacy, we use a variety of security measures.
Our website has secure socket layer encryption (SSL encryption), recognizable by the lock symbol in your browser line and the beginning address bar with https: //. In accordance with technological development, these measures are being continuously improved. Please note that despite our security precautions, data transmission is not completely secure, so data transmission is at your own risk.
Contact information:
If you have questions about the deletion, use and processing of your personal data or general questions about privacy at Promecon GmbH, please feel free to contact us:
Promecon GmbH
Data protection officer
Kreuslerstraße 10
20095 Hamburg
Germany
phone: +49 40 3690 1690
fax: +49 40 3690 1699
eMail: