Möller - Privacy + Policy

Privacy statement for website visitors

Thank you for your interest in our company. Privacy is a particularly high priority for the management of MÖLLER Medical GmbH, Wasserkuppenstraße 29-31, 36043 Fulda, Germany (hereinafter referred to as the “company”). It is fundamentally possible to use the web pages of the company without actively disclosing any personal data. Where a data subject would like to use particular services of our company via our website, it may nevertheless be necessary to process personal data. If it is necessary to process personal data and if no legal basis exists for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address or phone number of a data subject, is always handled in agreement with the General Data Protection Regulation and in conformity with the nationally specific data protection regulations applicable to the company. By means of this privacy statement, our company would like to inform the public of the nature, scope and purpose of the personal data that we collect, use and process. In addition, this privacy statement informs data subjects of their rights.

The company, as the data controller, has implemented a large number of technical and organisational measures in an effort to provide the most comprehensive level of protection possible for the personal data processed through this website. Nevertheless, security gaps may fundamentally be present in web-based data transmissions, with the result that absolute security cannot be guaranteed. For that reason, every data subject is also entitled to communicate personal data to us by alternative channels, for example by phone.

1. Definition of terms

The privacy statement of the company is based on the terms used by the European legislature and regulators in issuing the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easy to read and understand both for the public and for our customers and business partners. To guarantee this, we would first like to explain the terms used in it.

The terms we use in this privacy statement include the following:

a) Personal data

Personal data means all information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by means of matching with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any operation conducted with or without the help of automated procedures, or any such sequence of operations in connection with personal data, such as the collection, capturing, organisation, sorting, saving, adjustment or modification, reading out, retrieval, use, disclosure through transmission, dissemination or another form of delivery, comparison or association, limitation, deletion or destruction.

d) Limitation of processing

Limitation of processing is the marking of saved personal data with the goal of limiting its future processing.

e) Profiling

Profiling is any kind of automated processing of personal data which involves using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning working performance, economic situation, health, personal preferences, interests, reliability, behaviour, abode or change of location of that natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data such that the personal data can no longer be matched to a specific data subject without reference to supplementary information, provided that supplementary information is kept separately and is subject to technical and organisational measures that guarantee that the personal data is not assigned to an identified or identifiable natural person.

g) Controller or data controller

The controller or data controller is the natural or legal person, public authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data. If the purposes and means of this processing are laid down by Union or Member State law, the controller or the specific criteria for their nomination may be envisaged as laid down by Union law or the law of the Member States.

h) Processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, irrespective of whether it is a third party or not. Agencies that potentially receive personal data as part of a specific inquiry under Union or Member State law are however not considered to be recipients.

j) Third party

A third party is a natural or legal person, public authority, agency or other body apart from the data subject, the controller, the processor and the persons with direct responsibility to the controller or processor who are authorised to process the personal data.

k) Consent

Consent is any informed, unambiguously submitted, voluntary expression by the data subject for a specific case, in the form of a declaration or other clearly confirmatory action, by which the data subject indicates that they consent to the processing of their personal data.

2. Name and address of the Data Controller

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

MÖLLER Medical GmbH
Wasserkuppenstraße 29-31
36043 Fulda, Germany

Tel. +49 661 94195-0
Fax +49 661 94195-850
e-mail: info@moeller-medical.com

3. Name and address of the Data Protection Officer

The designated data protection officer of MÖLLER Medical GmbH is Mr.Georg Möller.
The data protection officer can be reached as follows:

SK Consulting Group GmbH
Mr.Georg Möller
Osterweg 2
32549 Bad Oeynhausen
Germany

e-mail: datenschutz@sk-consulting.com

phone: 05731 / 49064-30

Any data subject may contact our Data Protection Officer directly at any time with any queries and suggestions regarding privacy.

4. Which authority is responsible for control and compliance with data protection law?

Our headquarters are located in the federal state of Hesse. Therefore, the state data protection authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information.
Prof. Dr. Alexander Roßnagel
P.O. Box 31 63
65021 Wiesbaden

Gustav-Stresemann-Ring 1
65189 Wiesbaden

Phone: 06 11/140 80
E-mail: poststelle@datenschutz.hessen.de

Homepage: www.datenschutz.hessen.de

You are free to complain to another state data protection authority. A list of supervisory authorities with corresponding contact details can be found here.

5. Cookies

The company’s web pages use cookies. Cookies are small data packages that are filed and saved on a final installation by a web browser.

A large number of web pages and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a clear identifier of the cookie. It comprises a string of characters which web pages and servers can match to the specific web browser in which the cookie was saved. This enables the web pages and servers visited to distinguish the individual web browser of the person in question from other web browsers that contain different cookies. A specific web browser can be recognised and identified from a unique cookie ID.

The use of cookies enables the company to provide the users of this website with more user-friendly services that would not be possible without placing cookies.

A cookie allows the information and offerings on our website to be optimised for the user. As already mentioned, cookies enable us to recognise the users of our websites. The purpose of this recognition is to make it easier for users to use our website. The user of a website that uses cookies does not need to enter their access data every time they visit the website, for example, because the website itself and the cookie stored on the user’s computer system takes charge of this. Another example is the cookie for a shopping cart in an online shop. The online shop uses a cookie to remember the articles that a customer has placed in the virtual shopping cart.

The data subject can at any time prevent the placing of cookies by our website by changing the appropriate setting in the web browser used, and thus permanently reject the placing of cookies. In addition, cookies already placed may be deleted at any time via a web browser or other software programs. This is possible in all conventional web browsers. If the data subject deactivates the placing of cookies in the web browser used, it is possible that not all functions of our website will be fully usable.

6. Capture of general data and information

The company’s website captures a range of data and information each time the website is called up by a data subject or an automated system. This data and information is saved in the server’s log files. The following can be captured: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the “referrer”), (4) the sub-websites on our websites that are activated by an accessing system, (5) the date and time the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information to aid an emergency response in the event of attacks on our information technology systems.

The company draws no conclusions about the data subject from the use of this data and information. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimise the content of our website as well as advertising for it, (3) to assure the permanent functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information needed for law enforcement in the event of a cyber attack. This data and information captured is therefore evaluated statistically by the company, and also with the goal of increasing data protection and privacy in our company so that it ultimately provides an optimum level of protection for the personal data we process. The data in the server log files is saved separately from all personal data disclosed by a data subject.

7. Registering on our website

The data subject has the option of registering on the data controller’s website by disclosing personal data. The specific input mask used for the registration process indicates which personal data is transmitted to the data controller. The personal data entered by the data subject is captured and saved exclusively for internal use by the data controller and for internal purposes. The data controller may arrange sharing with one or more processors, for example a parcel service, which equally uses the personal data exclusively for an internal purpose that is attributable to the data controller.

By registering on the website of the data controller, the IP address assigned by the internet service provider (ISO) of the data subject as well as the date and time of registration are saved. The reason for saving this data is that only then can abuse of our services be prevented, and this data enables offences committed to be investigated if necessary. To that extent the saving of this data is necessary for the protection of the data controller. This data is fundamentally not shared with third parties provided there is no legal obligation to do so or sharing is for the purpose of law enforcement.

The data controller uses the data subject’s registration with voluntary disclosure of personal data to offer the data subject content or services that can only be offered to registered users due to the nature of the matter. Registered persons have the option of modifying personal data provided during registration at any time or having it deleted entirely from the data pool of the data controller.

The data controller will, at any time upon request, provide any data subject with information on what personal data it holds on the data subject. In addition, the data controller will correct or delete personal data as requested or given notice by the data subject, to the extent that it is not subject to statutory retention obligations. A data protection officer named in this privacy statement and all employees of the data controller are available to the data subject as points of contact in this regard.

8. Contact option via the website

To comply with statutory requirements the company’s website contains particulars that enable our company to be contacted swiftly by electronic means as well as direct communication with us, and equally include a general address for electronic mail (e-mail address). Where a data subject makes contact with the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically saved. Such personal data transmitted by the data subject on a voluntary basis to the data controller is saved for purposes of processing or contacting. This personal data is not shared with third parties.

9. Routine deletion and blocking of personal data

The data controller processes and saves personal data for the data subject only for the period that is required to satisfy the purpose for saving or to the extent that was envisaged by the European legislature and regulators or another legislature, in laws or regulations to which the data controller is subject.

If the purpose of saving ceases to apply or if a retention period specified by the European legislature and regulators or another responsible legislature expires, the personal data is blocked and deleted as a routine matter and in accordance with the statutory requirements.

10. Rights of the data subject

a) Right to confirmation

Every data subject has the right granted by the European legislature and regulators to demand confirmation from the data controller on whether personal data relating to them is processed. If a data subject would like to exercise this right to confirmation, they may contact our Data Protection Officer at any time in that regard.

b) Right to information

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to receive information free of charge from the data controller on what personal data relating to them is saved, and to receive a copy of that information. The European legislature and regulators has furthermore granted the data subject disclosure of the following information:

The existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of GDPR and — at least in these instances — pertinent information on the logic applied as well as the scope and intended effects of such processing for the data subject
If the personal data has not been collected from the data subject: all available information on the origin of the data
The existence of a right to complain to a supervisory authority
The existence of a right to correction or deletion of personal data relating to them or to limitation of processing by the controller, or of a right to object to this processing
If possible the planned period for which the personal data will be saved, or, if that is not possible, the criteria for determining this period
The recipients or categories of recipients to which the personal data has been disclosed or remain to be disclosed, in particular recipients in third countries or at international organisation
The categories of personal data that is processed
The processing purposes

The data subject furthermore has a right to information on whether personal data has been transmitted to a third country or an international organisation. Where this is the case, the data subject moreover has the right to receive information on the appropriate guarantees in connection with the transmission.

If a data subject would like to exercise this right to information, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

c) Right to correction

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand immediate correction of incorrect personal data relating to them. The data subject in addition has the right, taking into account the purposes of processing, to demand the completion of incomplete personal data, including by means of a supplementary declaration.

If a data subject would like to exercise this right to correction, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

d) Right to deletion (right to be forgotten)

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand that the controller delete the personal data relating to them without delay, provided one of the following reasons applies and to the extent that processing is not required:

The personal data was captured for the provision of information society services pursuant to Art. 8 (1) of GDPR.
Deletion of the personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
The personal data was processed unlawfully.
The data subject objects to processing pursuant to Art. 21 (1) of GDPR and there are no overriding proper reasons for processing, or the data subject objects to processing pursuant to Art. 21 (2) of GDPR.
The data subject revokes their consent on which processing was based pursuant to Art. 6 (1) point a of GDPR or Art. 9 (2) point a of GDPR, and there is no other legal basis for processing.
The personal data was captured or otherwise processed for purposes for which they are no longer required.

Provided one of the above reasons applies and a data subject would like to arrange the deletion of personal data that is stored by the company, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard. The Data Protection Officer of the company or another employee will arrange for the request for deletion to be met without delay.

If the personal data was made public by the company and if our company as the controller pursuant to Art. 17 (1) of GDPR is obliged to delete the personal data, the company will take appropriate measures including of a technical nature, bearing in mind the available technology and the implementation costs, to notify other data controllers which process the disclosed personal data that the data subject has demanded the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, to the extent that processing is not necessary. The Data Protection Officer of the company or another employee will arrange the necessary action on a case by case basis.

e) Right to limitation of processing

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand that the controller limit processing if one of the following conditions is met:

The data subject has objected to processing pursuant to Art. 21 (1) of GDPR and it has not yet been established whether the proper reasons of the controller override those of the data subject.
The controller no longer requires the personal data for purposes of processing, but the data subject requires it to assert, exercise or defend legal claims.
Processing is unlawful, the data subject declines deletion of the personal data and instead demands the limitation of use of the personal data.
The correctness of the personal data is disputed by the data subject, in connection with a period that enables the controller to check the correctness of the personal data.

Provided one of the above conditions is met and a data subject would like to demand the limitation of personal data that is stored by the company, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard. The Data Protection Officer of the company or another employee will arrange the limitation of processing.

f) Right to data portability

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to receive the personal data relating to them that was provided to a controller by the data subject in a structured, conventional and machine-readable format. They in addition have the right to transfer this data to another controller without hindrance by the controller to whom the data subject supplied the personal data, provided processing is based on consent pursuant to Art. 6 (1) point a of GDPR or Art. 9 (2) point a of GDPR or on a contract pursuant to Art. 6 (1) point b of GDPR and processing is performed by means of automated procedures, to the extent that processing is not necessary for the performance of a task that is in the public interest or in the exercise of public authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) of GDPR, the data subject has the right to obtain transmission of the personal data directly from one controller to another, provided this is technically feasible and to the extent that to do so does not prejudice the rights and freedoms of other persons.

To assert the right to data portability, the data subject may contact the Data Protection Officer appointed by the company or another employee at any time.

g) Right to objection

Every data subject whose personal data is processed has the right granted by the European legislature and regulators, on grounds relating to their particular situation, to object at any time to the processing of personal data relating to them, carried out on the basis of Art. 6 (1) points e or f of GDRP. The same applies to profiling based on these provisions.

In the event of an objection the company will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or processing takes place to assert, exercise or defend legal claims.

If the company processes personal data to conduct direct advertising, the data subject has the right to object at any time to the processing of the personal data for purposes of such advertising. The same applies to profiling where it is conducted in connection with such direct advertising. If the data subject objects to the company to processing for purposes of direct advertising, the company will no longer process the personal data for those purposes.

In addition the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data that relates to them by the company for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of GDPR, unless such processing is necessary to satisfy a task that is in the public interest.

To exercise the right to objection, the data subject may contact the Data Protection Officer of the company or another employee directly. In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the data subject is furthermore at liberty to exercise their right to object by means of automated processes in which technical specifications are used.

h) Automated decisions in individual cases, including profiling

Every data subject whose personal data is processed has the right granted by the European legislature and regulators not to be subjected exclusively to a decision based exclusively on automated processing – including profiling – which produces a legal effect towards them or substantially affects them in a similar manner, provided the decision (1) is not required for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is permissible on the basis of Union or Member State law to which the controller is subject and this legislation contains appropriate measures to uphold the rights and freedoms as well as the legitimate interests of the data subject or (3) is taken with the express consent of the data subject.

If the decision (1) is required for the conclusion or fulfilment of a contract between the data subject and the controller or (2) is made with the express consent of the data subject, the company will take appropriate measures to uphold the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a person at the controller, to present their own position and to contest the decision.

If the data subject would like to assert rights relating to automated decisions, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

i) Right to revoke consent under privacy law

Every data subject whose personal data is processed has the right granted by the European legislature and regulators to revoke consent to the processing of personal data at any time.

If the data subject would like to assert their right to revoke consent, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

11. Privacy in applications and the application procedure

The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be by electronic means. That is particularly the case if an applicant transmits the appropriate application documents to the data controller by electronic means, for example by e-mail or using a web form available on the website. If the data controller concludes an employment contract with an applicant, the data transmitted for the purpose of settling the employment relationship are saved in accordance with the statutory requirements. If the data controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notice of rejection was given, unless deletion is in conflict with any other legitimate interests of the data controller. Other legitimate interests in this sense include for example a burden of proof in proceedings under the German Equal Treatment Act (AGG).

12. Privacy policy on the application and use of Google Analytics (with anonymisation function)

The data controller has incorporated the component Google Analytics (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics means the capturing, collection and evaluation of data on the behaviour of visitors to web pages. A web analytics service captures data on such aspects as which website a person accessed another website from (so-called referrers), which subpages of the website are accessed or how often and for how long a subpage was viewed. Web analytics is used predominantly to optimise a website and conduct a cost-benefit analysis of web advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the “_gat._anonymizeIp” function for web analytics via Google Analytics. With this function, the IP address of the data subject’s internet connection is abbreviated and anonymised by Google if access to our web pages is from a Member State of the European Union or from another signatory state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows to our website. Google uses the data and information obtained for example to evaluate use of our website in order to compile online reports for us that reveal the activities on our web pages, and to deliver further services connected with the use of our website.

Google Analytics places a cookie on the IT system of the data subject. It has already been explained above what cookies are. By placing the cookie, Google is able to analyse the use of our website. Each time an individual page of this website operated by the data controller and incorporating a Google Analytics component is called up, the corresponding Google Analytics component automatically prompts the web browser on the IT system of the data subject to transmit data to Google for the purpose of online analytics. Through this technical process, Google acquires knowledge of personal data such as the IP address of the data subject, which Google uses for such purposes as tracking the origin of visitors and clicks, and on that basis billing commission payments.

By means of the cookie, personal information such as the access time, the place from which the website was accessed and the frequency of visits to our website by the data subject is saved. Every time our web pages are visited, this personal data including the IP address of the internet connection used by the data subject is transmitted to Google in the United States of America. This personal data is saved by Google in the United States of America. Google may in certain circumstances share this personal data collected by the technical process with third parties.

As already explained above, the data subject can at any time prevent the placing of cookies by our website by changing the appropriate setting in the web browser used, and thus permanently reject the placing of cookies. Making such a setting to the web browser used would also prevent Google from placing a cookie on the IT system of the data subject. In addition, a cookie already placed by Google Analytics may be deleted at any time via the web browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on at the link tools.google.com/dlpage/gaoptout. The data subject must install this himself on his terminal equipment. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject's information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s current privacy policy can be accessed at policies.google.com/privacy and www.google.com/analytics/terms/gb.html. For a more detailed explanation of Google Analytics, follow the link www.google.com/intl/ene_gb/analytics/.

13. Legal basis of processing

Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).

14. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

15. Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfillment or initiation of the contract.

16. Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

17. Existence of automated decision making

As a responsible company, we do not use automated decision-making or profiling.

18. Privacy policy on the use and application of social media

18.1 Facebook Page

We maintain a company page (fan page) on Facebook. As part of our website, a hyperlink to Facebook is indicated by a logo (plugin) at the bottom of the website. After clicking on the logo, the Facebook website opens in a new tab of the browser. The following information also serves as data protection information for our online presence there. The joint responsible parties for the operation of the Fanpage site within the meaning of the DSGVO and other data protection regulations are:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

Möller Medical GmbH
Wasserkuppenstrasse 29-31
36043 Fulda

The following data will be transmitted, among others:

For visitors who are not logged in/registered with Facebook:
IP address: Facebook automatically determines the user's IP address when a fan page is called up.
Cookies: If you visit our fan page, technically necessary cookies are automatically set by Facebook on your IT system. We are currently only aware of the so-called datr cookie. According to Facebook, it is used to identify the web browser that establishes the connection to the Facebook page and plays a key role in protecting the social network from "malicious activity". The datr cookie is valid for two years, but can be deleted via browser settings.

For visitors who are registered and logged in to Facebook:
IP address: Facebook also determines the user's IP address for logged-in visitors (see above).
Cookies: In this case, Facebook also sets a datr cookie (see above).

If you are a Facebook member and are logged in with your Facebook profile at the same time as visiting our fan page, the c_user cookie is also set. Facebook links the visit to the company page with your personal user account. This enables Facebook to track your user behavior.

The use of cookies on Facebook products is beyond our control. The aforementioned cookies in their number and their description indicate our current state of knowledge in this regard. Please use Facebook's Consent Management System to set or change your privacy settings.

To our knowledge, Facebook currently processes users' data for the following purposes:

Advertising, analysis, creation of personalized ads
Creation of user profiles
market research
to improve their own products
to develop new products

When you call up our Facebook fan page, Facebook automatically stores information in a log file that your browser transmits to Facebook. We expressly point out that we have no knowledge of the scope and content of the data collected by Facebook and its processing and use or, if applicable, transmission to third parties by Facebook.

Furthermore, Facebook provides the operators of a Facebook fan page with the tool "Facebook Insights", with which statistical information (= non-personal data) about the use of their pages can be retrieved. This includes, for example, the total number of page views and "likes", page activity, post interactions, video views, post reach, comments, shared content, replies, proportion of men and women, origin in terms of country and city, language and possibly other information.

If you have a Facebook account and do not want Facebook to collect data about you based on our Fanpage and link it to your account information stored with Facebook, you must:

log out of Facebook before visiting our Fanpage,
then delete the cookies stored on your device
and close and restart your browser.

In this way, all Facebook information by which you can be identified will be deleted, according to Facebook.

Your data subject rights under the GDPR can be primarily asserted with Meta Platforms Ireland Limited or also with us. The Fanpage is operated under a joint responsibility pursuant to Article 26 of the GDPR between Facebook and us in accordance with the ECJ's ruling (see Page Controller Addendum) at www.facebook.com/legal/terms/page_controller_addendum.

You must be logged in to Facebook in order to see the contents of the link.

The primary responsibility under the GDPR for the processing of Insights Data lies with Facebook and Facebook complies with all obligations under the GDPR with respect to the processing of Insights Data. For more information about Insights data, please visit the following link:
(https://de-de.facebook.com/legal/terms/information_about_page_insights_data).

Only Facebook makes and implements decisions regarding the processing of Insights Data. We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage period of cookies on user devices.

To our current knowledge, Insights data is normally anonymized and aggregated into statistics so that no natural person can be identified. We do not require a legal basis to process this type of data. In exceptional cases, however, it may happen that a person is directly or indirectly identifiable. Then our processing of the Insights data provided to us by Facebook is carried out in accordance with Art. 6 (1) (f) of the DSGVO (based on our overriding legitimate interest). The purpose of the processing is to make our Facebook Fanpage more attractive for our users.

For information on data protection at Meta and other products offered by Meta, please refer to Meta's data policy at www.facebook.com/policy.

Furthermore, please note:
Your data may also be transferred to the USA. When personal data is transferred, there are risks under data protection law for the person whose data is transferred to the USA. U.S. authorities (especially intelligence services) are entitled to review rights (especially according to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702) and Executive Order 12 333) without EU citizens being able to defend themselves. These U.S. legal bases allow data access for electronic communications services to non-U.S. citizens even without a court order and legal protection.

As far as judicial protection is concerned, EU citizens do not have the same legal possibilities (remedies) as U.S. citizens to oppose the processing of personal data by U.S. authorities.

The United States carries out mass data processing without providing protection equivalent in substance to that guaranteed by Articles 7 (respect for private and family life) and 8 (protection of personal data) of the EU Charter of Fundamental Rights. Since 2018, the Cloud Act has also existed, which allows U.S. authorities to access stored data of U.S. companies (and also their subsidiaries in Europe) that is not stored in the United States.

18.2 Instagram profile

We operate a public profile on Instagram, also called feed. Within the scope of our website, a hyperlink to Instagram is made recognizable by a logo (plugin) in the upper area of the website. After clicking on the logo, the Instagram website opens in a new tab of the browser. Through Instagram, we share photos and videos to make you aware of current trends, products and services from us. The following information also serves as privacy notice for our online presence there.

Instagram is a product of Meta. We have no influence on the means and purposes in the processing of personal data by Meta, insofar as this is collected in connection with a visit to the Instagram website and on our Instagram profile. In the event that we process your personal data, this is done on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO), as we assume that your fundamental rights to the protection of your personal data do not prevail here. Only the

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

is to be named as the responsible party here. The Instagram privacy policy can be found at the following link www.facebook.com/help/instagram/519522125107875.

For information on privacy at Meta and other products offered by Meta, please refer to Meta's data policy at www.facebook.com/policy.

In terms of judicial redress, EU citizens do not have the same legal options (remedies) as U.S. citizens to challenge the processing of personal data by U.S. authorities.

18.3 YouTube

We use the video portal "YouTube" for the purpose of drawing your attention to current trends, products and services from us via videos on our channel there. The following information also serves as data protection information for our online presence there.

The company providing the service in the European Economic Area and in Switzerland is Google Ireland Limited, a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. This is a subsidiary of Google LLC based in the USA, which in turn belongs to the Alphabet Inc. group of companies. The YouTube Terms of Use can be found at this link: https://www.youtube.com/static?gl=DE&template=terms&hl=de.

YouTube videos are integrated into our website and identified by thumbnails. After clicking on the preview image, the YouTube video opens in a window on our website.
By doing so, you give your consent (according to Art. 6 para. 1 lit. a DSGVO) to the transfer of data to YouTube. We have no influence on the means and purposes in the processing of personal data by YouTube (= Google), insofar as these are collected in connection with the call-up of a video on our website, with a visit to the website of YouTube and on our YouTube channel.

We would like to point out that you use YouTube and its functions on your own responsibility. In the event that we process your personal data, this is done on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO), as we assume that your fundamental rights to the protection of your personal data do not prevail here.

You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=de.

If you have a Google account yourself, Google may use data obtained when you visit our YouTube channel to play out personalized advertising. Inasmuch as you do not wish this to happen, please adjust the "Advertising Settings" in your account.

Furthermore, please note:

Your data may also be transferred to the USA. When personal data is transferred, there are risks under data protection law for the person whose data is transferred to the USA. U.S. authorities (especially intelligence services) are entitled to review rights (especially according to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702) and Executive Order 12 333) without EU citizens being able to defend themselves. These U.S. legal bases allow data access for electronic communications services to non-U.S. citizens even without a court order and legal protection.

As far as judicial protection is concerned, EU citizens do not have the same legal possibilities (remedies) as U.S. citizens to oppose the processing of personal data by U.S. authorities.

18.4 LinkedIn

We use the "LinkedIn" platform for the purpose of presenting our company there and drawing your attention to current trends, products and services from us via posts and videos. The following information also serves as data protection information for our online presence there.

The services for the EU are provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. The headquarters of LinkedIn Inc. is located in Sunnyvale, California, USA. The company is part of Microsoft.

When you access LinkedIn services, LinkedIn may receive personal data from you. For details, please refer to LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy

LinkedIn's cookie policy can be found at the following link: https://www.linkedin.com/legal/cookie-policy

As part of maintaining our basic company profile, we have limited access to statistical analyses from LinkedIn, e.g., about the number of page views of our online presence. LinkedIn provides this data in aggregated and anonymized form for certain periods of time, but does not allow any conclusions to be drawn about identifiable visitors to our company page.

We have no influence on the means and purposes in the processing of personal data by LinkedIn, insofar as this is collected in connection with a visit to the website of LinkedIn and on our LinkedIn online presence. We would like to point out that you use LinkedIn and its functions on your own responsibility. In the event that we process your personal data, this is done on the basis of our legitimate interest (Article 6 (1) (f) DSGVO), as we assume that your fundamental rights to the protection of your personal data do not prevail here.

According to LinkedIn, the data centers for your members (who, like us, are registered with LinkedIn and have an account) are located in the USA. The USA is considered a third country without an adequacy decision, which thus does not guarantee a level of data protection equivalent to the EU. The LinkedIn services make it necessary for data to be transferred from the European Union (EU), to the United States of America (USA) and back. This also affects you as a visitor, insofar as you use services and certain functions of LinkedIn, e.g. when you make a comment on a post by us.

The data transfer to the USA is based on standard contractual clauses. You can find information from LinkedIn on this under the following links:
www.linkedin.com/help/linkedin/answer/62533
en.linkedin.com/legal/l/dpa

LinkedIn's user agreement (applies to members and visitors) can be found at the following link: en.linkedin.com/legal/user-agreement.

Please also note:

As far as judicial protection is concerned, EU citizens do not have the same legal possibilities (remedies) as U.S. citizens to oppose the processing of personal data by U.S. authorities.

19. status of the privacy policy

We reserve the right to occasionally update this privacy policy to comply with legal requirements and to reflect changes in our offerings. The current version of the data protection declaration always applies to a revisit to our website.

Status: 31.08.2022

Privacy & Policy

Privacy statement for website visitors