Privacy Policy
Last updated: 16/08/2021
Contents
- Details of the controller and data protection contact details
- Data subjects
- Minors
- Categories and source of personal data, purposes, legal basis, categories of recipients, storage period
- Transfer of data to third countries
- Rights of data subjects
- Website and services offered via the website
7.1. Contact form, getting in touch, service / technical hotline
7.2. Requesting an offer for the 360° service
7.3. Events / ulrich medical Academy
7.4. Download function
7.5. Newsletter and email advertising
7.6. Job applicant selection procedure
7.7. Online order form for ulrich medical products
7.8. E-labeling platform
7.9. Cookies and webtracking
7.10. Website analysis with Matomo
7.11. Security of our web server
7.12. Profile pages on YouTube
7.13. Profile pages on Xing and LinkedIn
7.14. Online portal uPortal
1. Details of the controller and data protection contact details
Here at ulrich GmbH & Co. KG, we are responsible for collecting, processing and storing your data. You can out more about us at any time on our imprint by going to https://www.ulrichmedical.de/impressum/.
As we would like to give you a comprehensive overview of the processing of personal data within our group of companies, below we have provided an overview for you, which includes all our services in which we collect and process personal data.
Details of the controller
ulrich GmbH & Co. KG
Buchbrunnenweg 12
89081 Ulm
Germany
Phone: +49 (0)731 9654-0
Email: info@ulrichmedical.com
https://www.ulrichmedical.de/impressum/
Data protection contact details
systemzwo GmbH
Pfarrer-Weiß-Weg 10
89077 Ulm
Germany
Phone: +49 (0)731 141160-0
Fax: +49 (0)731 141160-99
E-Mail: datenschutz@sz-group.de
Below you will find the details of the other controllers in terms of Art. 26 GDPR:
Details of the controller
ulrich medical France SAS 25
Boulevard Victor Hugo – Aristote
31770 Colomiers
France
Tel.: +33 5 34 50 91 02
Email: info@ulrichmedical.fr
https://www.ulrichmedical.de/fr/mentions-legales/
Data protection contact details
Email: datenschutz@ulrichmedical.com
2. Data subjects
The following information is addressed to the following categories of natural persons:
- Website visitors
- Applicants
- Event participators
- Contact persons of business customers / retailers, interested parties or other communication partners who contact us
- Subscribers to the newsletter
- Employees
3. Minors
Our website is not targeted towards minors and we do not knowingly collect personal data from minors. If persons under 16 years of age send personal data to us, this is only permitted if the legal guardian has given their own consent or has agreed to the consent of the young person. In this regard, we must be provided with the contact details of the parent or legal guardian in accordance with Art. 8 (2) GDPR so that we can be sure that the consent or approval of the parent or legal guardian has been given. This data as well as the minor’s data will then be processed according to this privacy policy. If we discover that a minor under the age of 16 has sent personal data to us without the consent of their legal guardian or has been sent without the minor’s consent, then we will delete the data immediately.
4. Categories and source of personal data, purposes, legal basis, categories of recipients, storage period
Information on the categories of personal data that we process from you, the source of the personal data, the legal basis and purposes of the data processing as well as the recipient (categories) of the data have been compiled for you in section 7. There you will also find information on the storage period: Your data will be stored until you withdraw your consent or until you object to further data processing, otherwise until it is no longer required for the intended purposes, subject to statutory retention periods or if we still need your data to establish, exercise or defend legal claims, Art. 17 (1) (a), (b), (c), (3) (b), (e) GDPR.
5. Transfer of data to third countries
If data transfers take place in third countries, i.e. outside the European Union, we will inform you about this in section 7. Such data transfers in third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by appropriate safeguards pursuant to Art. 46 GDPR. If you call or otherwise contact foreign telephone numbers in non-EU countries as part of ordering processes (e.g. on the e-labeling platform), your personal data will be processed in accordance with the legal provisions applicable in the recipient country.
6. Rights of data subjects
You have a right to information, rectification or erasure of personal data pertaining to you or a right to restriction of data processing by the controller if certain conditions are met in accordance with Art. 15 to 18 GDPR. You also have the right to withdraw your consent to the processing of your personal data at any time with effect for the future (Art. 7 (3) GDPR). You may also object to the further processing of your data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) (f) GDPR (Art. 21 (1) GDPR), provided that your particular personal situation gives rise to interests worthy of protection in the exclusion of data processing and that the data controller no longer has any compelling reasons worthy of protection for further data processing. Furthermore, you always have the right to object to the use of your data for the purposes of direct advertising with effect for the future (Art. 21 (2) GDPR). If the data processing is based on your consent pursuant to Art. 6 (1) (a), Art. 9 (1) (a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with you and is carried out using automated procedures, you may request pursuant to Art. 20 (1) GDPR that the personal data stored about you be retained in a structured, common and machine-readable format or that it be transmitted to a third party designated by you.
In principle, you have the right not to be subjected to an automated individual decision in accordance with Art. 22 (1) GDPR. If an automated individual decision is permissible under Art. 22 (2) (a) to (c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: The right to express one’s own point of view, the right to object to the intervention of a person on the part of the controller, the right to challenge the automated individual decision (right of appeal).
In order to exercise your rights, you can send us an informal message to the following contact details. Please also address the withdrawal of your consent, stating which declaration of consent you wish to withdraw, to this contact data: datenschutz@ulrichmedical.com
Furthermore, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates data protection regulations, Art. 77 GDPR. The supervisory authority responsible for us is: The State Data Protection and Freedom-of-Information Officer of Baden-Württemberg PO Box 10 29 32, 70025 Stuttgart Königstrasse 10, 70173 Stuttgart Telephone number: 07 11 / 61 55 41 – 0 Email address: poststelle@lfd.bwl.de Website: https://www.baden-wuerttemberg.datenschutz.de/
7. Website and services offered via the website
Below you will find an overview of the processing of your personal data associated with our website www.ulrichmedical.de and the services offered via the website, which is connected with the use of our website www.ulrichmedical.de and the services offered via the website.
7.1. Contact form, getting in touch, service / technical hotline
Categories of personal data and origin of the data: You can get in touch with us using the contact details provided on the website. You will also find contact forms on our website. If you would like to contact us about this, we require the following details from you:
- Form of address, academic title (optional)
- Given names (mandatory)
- The company, clinic, institution that you are a part of (mandatory)
- Email address (mandatory)
- Telephone number (mandatory)
- Information about your query (type of query, product)
- City (optional)
- Country (optional)
Legal basis: The legal basis for data processing is Art. 6 (1) (b), (f) GDPR: Implementation of pre-contractual measures at the request of the data subject, performance of a contract to which the data subject is a party, legitimate interest of the controller
Purposes:
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
Legitimate interest of the controller:
- Initiation and execution of contracts with customers/dealers
- Standardization and simplification of communication
- Optimization of operational processes and internal administration of our customer/dealer databases
- Data security
Recipient (categories): Access to your data is limited to the employees and service providers of the controller, who require the data for the above-mentioned purposes. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Your data will be stored in accordance with the legal retention periods after the end of its purpose (e.g. answering your query) and then deleted.
7.2. Requesting an offer for the 360° service
Categories of personal data and origin of the data: You can request an individual and non-binding offer for our services from us. We require the following data for this:
- Given names (optional)
- The company, clinic, institution that you are a part of (mandatory)
- Address (mandatory)
- Email (mandatory)
- Telephone number (optional)
- Date, signature (optional)
- Stamp of the clinic/institution
- Information about the desired service and product
If the company / clinic / institution you belong to has already concluded a maintenance contract with us, you can also contact us using the contact details of the service / technical hotline. Please refer to Section 7.1 for this
Legal basis: The legal basis for data processing is Art. 6 (1) (b), (f) GDPR: Implementation of pre-contractual measures at the request of the data subject, performance of a contract to which the data subject is a party, legitimate interest of the controller
Purposes:
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
Legitimate interest of the controller:
- Initiation and execution of contracts with customers/dealers
- Standardization and simplification of communication
- Optimization of operational processes and internal administration of our customer/dealer databases
Recipient (categories): Access to your data is limited to the employees and service providers of the controller, who require the data for the above-mentioned purposes. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Offers, order confirmations or contracts (if the offer was accepted, it forms part of the contract) will be kept for 6 years after expiration of the purpose.
7.3. Events / ulrich medical Academy
You can find out about events at academy.ulrichmedical.com.
You can have the events filtered for your needs. To do this, you can voluntarily select the following information:
- Activity (surgeon, trader, nurse, MTRA, radiologist, ...)
- language
- Product area
If you would like to register for an event, you may have to switch to websites of other operators and register directly with the provider. The respective operators of these websites or the organizers of the events are responsible for the content of their own data protection provisions.
Registration with the ulrich medical Academy:
In order to be able to book events, an account must be created under my ulrich medical Academy (=registration). The following information is requested for registration:
- Salutation (mandatory)
- Title (voluntary)
- First name (voluntary)
- Last name (mandatory)
- Company/ Institution (voluntary)
- E-mail address (= user name) (mandatory)
- Telephone (voluntary)
- Street, house number (mandatory)
- Address suffix (voluntary)
- Postal code, city (mandatory)
- Country (mandatory)
- Billing address, if different (voluntary)
- Indication whether employee of a certified dealer (voluntary)
- Receipt of the ulrich medical Academy Neswletters (voluntary)
- Password (mandatory)
You will then receive a verification code to the email address you provided during registration to confirm your registration with ulrich medical Academy.
My ulrich medical Academy Account:
Provided you have created an account, you can log in at any time by entering your username and password.
The data you entered during registration is stored under My Data and can be edited by you at any time.
In addition, you can register for events without having to enter your data again and view which courses you have already completed and which courses have been booked. Videos from the media library can be viewed on demand via your account.
Furthermore, you have the possibility to be informed about your events via push messages. You can set yourself whether you receive a reminder about your event. If you want to receive push notifications via SMS, your cell phone number will be requested. You can deactivate the push notifications at any time via your account under MyAcademy.
The deletion period for your access data in case of inactivity is four years.
You can also request deletion of your account and associated data at any time via the login area or by sending a message to academy@ulrichmedical.com.
Legal basis: The legal basis for data processing is Art. 6 (1) (a), (b), (f) GDPR: Your consent, execution of the contract with you, legitimate interest of the responsible person.
Purposes:
- Event management
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
- Ensuring the proper operation of a data processing system
- Issue of certificates of participation, if applicable
Legitimate interest of the controller:
- Initiation and execution of contracts with customers/dealers
- Standardization and simplification of communication
- Optimization of operational processes and internal administration of our customer/dealer databases
- Data security Recipient (categories): Access to your data is limited to the employees and service providers of the controller who are responsible for organizing the event. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Your data will be deleted after it is not longer needed for the intended purpose. If the events are billable services, your data will be stored for as long as it is necessary to prove that the task has been completed in accordance with the order. Confirmations of participation issued by us are kept as commercial and business letters for a period of 6 years. Due to possible irregularities (e.g. with regard to training on medical devices, instructions as defined by the GefStoffV), longer retention periods may also apply.
Social Media Buttons:
Our website uses social media buttons (Facebook, Instagram, Whatsapp) to enable you to interact with third parties and share events.
These social media buttons are not integrated as plugins via a so-called iFrame, but are stored as links. By pressing the social media buttons, you will be redirected directly to the page of the corresponding provider. The respective provider is then responsible for compliance with data protection regulations and for the accuracy, timeliness and completeness of the information provided there on data processing within the meaning of Art. 4 No. 17 DSGVO.
7.4. Download function
Categories of personal data and origin of the data: When downloading the documents made available to you under https://www.ulrichmedical.de/download/ the controller processes the following data:
- Log data with information on access to the documents
- Data of the persons recorded in the documents
Legal basis: The legal basis for data processing is Art. 6 (1) (a), (b), (f) GDPR: Your consent, execution of the contract with you, legitimate interest of the responsible person.
Purposes:
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
- Ensuring the proper operation of a data processing system
Legitimate interest of the controller:
- Initiation and execution of contracts with customers/dealers
- Standardization and simplification of communication
- Optimization of operational processes and internal administration of our customer/dealer databases
- Data security
Recipient (categories): Access to your data is limited to the employees and service providers of the controller who are responsible for organizing the event. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Log data is kept for 3 months from the date of its creation. The documents will be made public on the website until such time as consent is revoked and then they will be deleted, otherwise they will be deleted after they are no longer needed.
7.5. Newsletter and email advertising
Categories of personal data and origin of the data: You can sign up to receive our newsletter on our website at https://up.ulrichmedical.de/home or under https://www.ulrichmedical.de/en. When doing so, the controller asks for the following data:
- Email address
You can provide us with further data, but you do not have to do so:
- Form of address, academic title, given names (optional information)
- Company, department, job title position (optional)
- Interest (contrast medium injectors, spinal systems, tourniquets)
If you register for our newsletter, we additionally collect the following data (newsletter usage analysis):
- Usage data (time, number of clicks), see Section 7.9. To the extent permitted by law, we also use your data for email advertising.
Legal basis: The legal basis for data processing is Art. 6 (1) (a) GDPR: Your consent.
In order to confirm your email address and your consent, you will receive a separate email after sending the registration form (confirmation mail). We will not register your consent until you have confirmed the activation link contained in this email (double opt-in procedure).
By confirming your registration under this activation link, you agree that we may send you, as the owner of this email address, the free newsletter with current information about our company, our products, promotions and events (product (training) and service information, sector-related trade fair and event invitations, other information relating to the company or its products and services, emails used for market and opinion research) approx. 10-12 times per year. In addition, you consent to your usage data being collected and evaluated on a personal basis (newsletter usage analysis).
The legal basis for advertising by email is Art. 6 (1) (f) in conjunction with Recital 47 GDPR, § 7 (3) Unfair Competition Act.
Purposes: Your email address and other personal data voluntarily provided by you will be used for the purpose of sending and personalizing the newsletter.
The collection of usage data enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimize our newsletter in order, for example, to present you with topics and offers that are better suited to your interests.
Your data will be used for the purpose of sending and personalizing promotional emails.
This is to inform you of our additional services or products, such as those you have already purchased from us (e.g. via our online order form).
Our legitimate interest is to promote sales or demand amongst our existing customers.
Recipient (categories): Access to your data is limited to the employees and service providers of the controller, who are used to operate the newsletter. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Right to object: Naturally, you can object to the processing of your data for advertising purposes at any time with effect for the future, Art. 21 (2) GDPR, without incurring any costs other than the transmission costs according to the basic tariffs: Email: datenschutz@ulrichmedical.com Tel.: +49 (0) 731 9654-0
Storage period: If you have not confirmed the activation link contained in the confirmation email within the first 2 weeks, your data provided via the registration form will be deleted.
Otherwise your data will be stored until the withdrawal of your consent.
Usage data for the newsletter usage analysis will not be stored for longer than 2 weeks to a maximum of 3 months.
If you withdraw your consent, we will remove your email from the newsletter distribution list so that the newsletter will no longer be sent to you and delete the remaining usage data collected on you.
You can revoke your consent to the creation of a personal user profile at any time via the profile editing form, which you can access via a link in the email footer of the newsletter.
Data records that prove the double opt-in procedure, and thus your data protection consent, will be kept together with this for 6 years after your withdrawal. During this time, however, your personal data will be blocked against further processing.
If you object to the use of your data for advertising purposes, we will remove your data from the email distribution list so that email advertising will no longer be sent to you.
Your objection will be retained for another 6 years. During this period, your personal data will however be blocked against any further processing for advertising purposes.
If you object to the use of your data for advertising purposes, we will remove your data from the email distribution list so that email advertising will no longer be sent to you.
Your objection will be retained for another 6 years. During this period, your personal data will however be blocked against any further processing for advertising purposes.
7.6. Job applicant selection procedure
Categories of personal data and origin of the data: You can view our job offers and apply for a position with us accordingly by email or directly on our website under https://www.ulrichmedical.de/karriere via our application form. We process the following data for this:
- Name details
- Form of address
- Email address or telephone number
- Job number or position that you’re applying for
- Your cover letter, curriculum vitae, relevant job references, certificates of professional qualifications and further training, school, university and vocational training certificates
- Salary expectations/desired salary
- Information from a job interview, if applicable
- Current certificate of enrollment, if you are applying for a working student job
- If you’re applying for an internship, please indicate the training period and area of training
Legal basis: The legal basis for data processing is Art. 6 (1) (b) GDPR, § 26 German Federal Data Protection Act: Necessity of the decision on the establishment of an employment relationship, implementation of pre-contractual measures at the request of the data subject.
Purposes:
- Applicant selection procedure, applicant selection management
- Preparation of a contract
- Communication and data exchange
- Ensuring the functionality of the application form
- Ensuring the proper operation of a data processing system
- Data security
Recipient (categories): Your application data will be received by the HR department and will only be forwarded to the department responsible for the respective position or to the persons in charge of the processing.
You can send us your application by email or via our application form. Please note that applications that you send us by email are sent unencrypted.
We use IT service providers for the secure transmission of your data via the application form to us. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: After the applicant selection process has been completed, your data will be kept for 3 months and then deleted, unless we have concluded an employment contract with you. If we include your application documents in our pool of applicants, we will inform you accordingly. When we let you know about this, you can actively agree to the further storage of your documents. Your consent will expire after 12 months at the latest and your data will then be deleted.
7.7. Online order form for ulrich medical products
Categories of personal data and origin of the data: You can order ulrich medical products via our website. For this purpose, we will ask for the following data via our online order form:
- Order date, order number (mandatory)
- Names of customer and contact person (mandatory)
- The company, clinic, institution that you are a part of (mandatory)
- Customer number (optional)
- Department (optional)
- Delivery/billing address (mandatory)
- Email address (mandatory)
- Telephone number (mandatory)
- Comments (optional)
- Information about the product (item number, description, quantity, price etc.)
Legal basis: The legal basis for data processing is Art. 6 (1) (b), (f) GDPR: Implementation of pre-contractual measures at the request of the data subject, performance of a contract to which the data subject is a party, legitimate interest of the controller.
Purposes:
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
Legitimate interest of the controller:
- Initiation and execution of contracts with customers/dealers
- Standardization and simplification of communication
- Optimization of operational processes and internal administration of our customer/dealer databases
If necessary, we may use your data to the extent permitted by law to inform you by email (even without your express consent) about additional services or products, such as those you have already purchased from us. You can find more information in Section 7.12.
Recipient (categories): Access to your data is limited to the employees and service providers of the controller, who require the data for the above-mentioned purposes. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Offers, order confirmations or contracts (if the offer was accepted, it forms part of the contract) will be kept for 6 years after expiration of the purpose.
7.8. E-labeling platform
Categories of personal data and origin of the data: You can download user manuals via the e-labeling platform. We only collect information about the download itself in this regard: • Date • Name of the manufacturer whose document has been downloaded • Document key code • Document UDI number • Document reference number • Document description • Document name • Document number • Region • Version and language
Legal basis: The legal basis for data processing is Art. 6 (1) (b), (c) GDPR: Implementation of pre-contractual measures at the request of the data subject, performance of a contract to which the data subject is a party and fulfillment of legal obligations to which the controller is subject.
Purposes:
- Communication and data exchange
- Contract initiation and execution
- Execution of the business relationship existing between the responsible person and the customers/dealers
If necessary, we may use your data to the extent permitted by law to inform you by email (even without your express consent) about additional services or products, such as those you have already purchased from us. You can find more information in Section 6.10
Recipient (categories): See section 6.1
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Offers, order confirmations or contracts (if the offer was accepted, it forms part of the contract) will be kept for 6 years after expiration of the purpose.
7.9. Cookies and webtracking
Categories of personal data and origin of the data: The following cookies are used by us – provided you allow this and have not set one or more opt-out cookies – for the purpose described in more detail below:
7.10. Website analysis with Matomo
Categories of personal data and origin of the data: We use the Matomo tool to design our Internet presence (website, uPortal) according to your needs. This is a so-called web analysis service. It transmits usage information to our web server and stores the:
- IP address
This is only processed in abbreviated form and is therefore anonymized.
- Cookie ID, see Section 6.9
- Pseudo-anonymized location (based on the anonymized IP address
- Date and time
- Name of the site that has been called up
- URL of the site that has been called up
- URL of the site that was previously visited (as far as this is permitted)
- Screen resolution
- Local time
- Files that were clicked and downloaded
- External links
- Duration of the page setup
- Country, region, city (with less precision due to IP address)
- Main language of the browser
- User agent of the browser
- Interactions with forms (but not their content)
Legal basis: The legal basis for data processing is Art. 6 (1) (c) in conjunction with Art. 32 and Art. 6 (1) (f) GDPR: Legitimate interest, legal obligation.
If you wish to prevent your data from being processed for analysis purposes, you can object to this at any time by clicking on the cookie banner. In this case a so-called opt-out cookie without usage data is stored in your browser, which means that Matomo does not collect any session data.
Purposes: Recording and analysis of the use of our website
Recipient (categories): See section 6.1
Data transfers to third countries: Data is not transferred to third countries.
Storage period: See section 6.9
7.11. Security of our web server
Categories of personal data and origin of the data: When you visit our website, we collect the following information for the security of our web server
- Called up page of our web offer
- IP address, shortened by the last three digits
- Date and time the website was called up, type of end device used
- Browser settings, operating system used
- Language settings
Legal basis: The legal basis for data processing is Art. 6 (1) (f), (c) in conjunction with Art. 32 GDPR: Legitimate interest of the controller, legal obligation
Purposes:
- Checking the authorization of actions
- Authentication of the requesting user of our services
Legitimate interest of the controller:
- Securing our web server in order to defend against attacks, for example
- Ensuring the functionality of our services.
Recipient (categories): Access to your data is limited to the employees of the IT department and service providers of the controller, who are used for the above-mentioned purposes. Your data will also be stored in a commissioned data center.
Data transfers to third countries: Data is not transferred to third countries.
Storage period: Log files with IP addresses are stored for 7 days after the termination of the respective connection for the purpose of recognition, containment and elimination of faults or to detect misuse. If actual indications of an abuse case are established within the scope of the data analysis, the log files are kept in the concrete case for the preservation of evidence until the conclusion of the legal proceedings set in motion.
7.12. Profile pages on YouTube
Social network: YouTube Controller with whom our ‘fan page’ is jointly operated (‘platform operator’): Google LLC 1600 Amphitheatre Pkwy Mountain View CA, 94043 USA
Controller for data processing of persons living within the European Union/EEA and Switzerland: Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4 Ireland
Data protection contact details: Data protection contact details can be found in Section 3. The data protection officer of the platform operator can be contacted via the following web form: https://support.google.com/policies/troubleshooter/7575787?hl=de
Categories of data subjects: Visitors to our fan page who are registered in the social network as well as those who are not registered, possibly also website visitors. We inform the data subjects that they use YouTube and its functions on their own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).
Categories of personal data: Data that we process from non-registered visitors to our fan page: Pseudonymous data such as statistics and insights into how our posts, pages, videos and other content interacts with our fan page (page activity, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements about …. We are not able to link the pseudonymous data to the corresponding allocation feature (e.g. name details). This means it’s not possible for us to identify individual visitors, who therefore remain anonymous to us.
Data that we process from our website visitors: By integrating the YouTube button (pure link) on our website, the IP addresses of our website visitors are not transmitted to the platform operator. For more details, see Section 7.8
Data which the platform operator processes about the registered and non-registered visitors of our fan page as well as our website visitors, can be taken from the following link: https://policies.google.com/privacy/update?hl=de&gl=de The platform operator may use various analysis tools for evaluation.
We receive the data from the data subjects directly or from the platform operator.
Origin of the data: The following link shows where the platform operator receives the data of the data subjects from: https://policies.google.com/privacy/update?hl=de&gl=de We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.
We process the data based on the following legal bases: o Art. 6 (1) (a) GDPR: Consent of data subjects o Art. 6 (1) (b) GDPR, if applicable: Fulfillment of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject o Art. 6 (1) (f) GDPR legitimate interest o Simplification of communication and data exchange by complementing existing communication channels, such as the website, press releases, print products and events, with the fan page; promotion of sales of our products and services or of demand as well as recruitment of new talent through transparent presence and regular contributions to o optimize our fan page
We only process special categories of personal data, if at all, on the following legal basis: o Art. 9 (2) (a) GDPR: Consent of data subject
Art. 9 (2) (e) GDPR: The data subject has clearly made the personal data public
Legal basis of the data processing: The legal basis on which the platform operator bases the data processing can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de
If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing their IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subject for what purposes and on what legal basis the first call up of a fan page generates entries in the so-called Local Storage, even for non-registered visitors, and whether the personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles. We have no influence or effective means of controlling whether data processing is permitted by the platform operator.
We process the data for the following purposes:
- Public image and advertising
- Communication and data exchange
- Event management Contract initiation and processing, if applicable
Purposes of data processing: Information about the purposes for which the platform operator processes the data can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de
We have no influence over the purposes for which the platform operator actually uses the data. We also have no effective means of controlling this.
Storing and deleting data is the duty of the platform operator. The information can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de
Storage period: We have no influence over how the platform operator determines the regular deletion periods and how the data is deleted. We also have no effective means of controlling this.
The only people who have access to the data processed by us are our employees and service providers who maintain our fan page and who require the data for the above-mentioned purposes. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
Categories of recipients: The categories of recipients to whom the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on intra-group data exchange, can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de
We have no influence on the disclosure of data to individual recipients by the platform operator. We also have no effective means of controlling this.
If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
Data transfers to third countries: As part of the operation of our fan page, the data is also processed by Google LLC. The transfer of data associated with the placement of Google/YouTube cookies to the USA as a third country without an adequate level of data protection is secured by the conclusion of standard data protection clauses. However, we wish to expressly point out that currently in the USA your basic rights from Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (GRChr) are not adequately considered.
The platform operator will transfer the data to the United States, Ireland and any other country in which Google conducts business, regardless of the residence of the data subjects, and will store and otherwise process the data there. Related data transfers to third countries are secured by an adequacy decision of the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR: https://policies.google.com/privacy/update?hl=de&gl=de
We have no influence over data transfers to third countries made by the platform operator. We also have no effective means of controlling this.
If the data subjects are tracked by the collection of their data, whether through the use of cookies or comparable techniques or through the storage of their IP address, the platform operator is obliged under the terms of the agreementwithin the meaning of Art. 26 (1) GDPR to provide them with information about this. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if, after calling up a subpage within our fan page, session cookies are stored with different lifetimes, among other things. The information can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de The platform operator may use various analysis tools for evaluation.
Logic and scope involved in a profiling or an automated individual decision based on the collected data We have no influence over the use of these kinds of tools via the platform operator and have not been informed of any such potential use. If tools such as these are used by the platform operator for our fan page, we have neither commissioned nor supported this in any way. We are also not provided with the data obtained during the analysis. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor do we have any other effective means of controlling this.
The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator. The rights to which data subjects are entitled can be found in Section 6. Rights of data subjects Subsequently, data subjects can assert their rights directly against the platform operator: https://support.google.com/policies/troubleshooter/7575787?visit_id=636832497483186206-2169122297&hl=de&rd=2
Additional information on social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/
7.13. Profile pages on Xing and LinkedIn
Social network: LinkedIn Xing
We wish to point out that LinkedIn and Xing lare just a couple of the several options there are for contacting us or receiving information from us. Alternatively, the information provided on our LinkedIn account can also be accessed on our website.
The controller with whom our site is jointly operated (‘platform operator’): LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085 USA
Controller for data processing of persons living in the European Union (EU), the European Economic Area (EEA) and Switzerland: LinkedIn Ireland Unlimited Company Wilton Place Dublin 2 Ireland
Data protection contact details: Data protection contact details can be found in Section 3.
The data protection officer of the platform operator can be contacted under the following online form https://www.linkedin.com/help/linkedin/ask/TSO-DPO or at the following address: Jonathan Adams Senior Privacy Counsel LinkedIn Corporation Legal Department – Privacy 1000 W. Maude Ave. Sunnyvale, California 94085
Categories of data subjects: Visitors to our site who are registered in the social network as well as those who are not registered, possibly also website visitors We wish to inform the data subjects of the fact that they use Xing and LinkedIn and their functions on their own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).
Categories of personal data: Data that we process from registered visitors to our fan page: User ID or user name under which the data subjects have registered, approved profile data (name, email address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photo, location data, knowledge and confirmation of knowledge, professional achievements (e.g. issue of a patent, professional recognition, projects), including, if applicable, special categories of personal data, data arising from the sharing of content, the exchange of messages and communication, data required in the context of the preparation and execution of contracts upon request of registered visitors, other data and content published, provided, distributed, posted or uploaded freely by the data subjects on LinkedIn or via their LinkedIn account. Apart from this, we only process pseudonymous data such as statistics and insights into how people interact with our fan page, the posts, pages, videos and other content provided on it (page activities, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements. We are not able to link the pseudonymous data to the corresponding allocation feature (e.g. name details). This means it’s not possible for us to identify individual visitors, who therefore remain anonymous to us.
Data that we process from non-registered visitors to our fan page: Pseudonymous data such as statistics and insights into how our fan page, posts, pages, videos and other content interacts with our fan page (page activity, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, town, language), evaluations of the success and background of our advertisements, other analyses and measurements. We are not able to link the pseudonymous data to the corresponding allocation feature (e.g. name details). This means it’s not possible for us to identify individual visitors, who therefore remain anonymous to us.
We are not able to link the pseudonymous data to the corresponding allocation feature (e.g. name details). This means it’s not possible for us to identify individual visitors, who therefore remain anonymous to us.
Data that we process from our website visitors: By integrating the LinkedIn button (pure link) into our website, the IP addresses of our website visitors are not transferred to the platform operator.
Data that the platform operator processes about the registered and non-registered visitors of our fan page can be found by clicking the following link: https://www.linkedin.com/legal/privacy-policy The platform operator may use various analysis tools for evaluation.
We have no influence over the use of these kinds of tools via the platform operator and have not been informed of any such potential use. If tools such as these are used by the platform operator for our fan page, we have neither commissioned nor supported this in any way. We are also not provided with the data obtained during the analysis. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor do we have any other effective means of controlling this.
Origin of the data: We receive the data from the data subjects directly or from the platform operator.
Where the platform operator receives the data of the data subjects can be seen from the following link: https://www.linkedin.com/legal/privacy-policy
Origin of the data: We receive the data from the data subjects directly or from the platform operator.
Where the platform operator receives the data of the data subjects can be seen from the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.
Legal basis of the data processing: We process the data based on the following legal bases:
- Art. 6 (1) (a) GDPR: Consent of data subjects
- Art. 6 (1) (b) GDPR, if applicable: Fulfillment of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject
- Art. 6 (1) (f) GDPR legitimate interest o Simplification of communication and data exchange by complementing the existing communication channels, such as website, press releases, print products and events, with the fan page o Promotion of the sales of our products and services or the demand as well as the recruitment of young talents by transparent presence and regular contributions to o optimize our fan page
The legal basis on which the platform operator bases the data processing can be found on the following link: https://www.linkedin.com/legal/privacy-policy
If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing their IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subject for what purposes and on what legal basis the first call up of a fan page generates entries in the so-called Local Storage, even for non-registered visitors, and whether the personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles. We have no influence or effective means of controlling whether data processing is permitted by the platform operator.
Purposes of data processing We process the data for the following purposes:
- Public image and advertising
- Communication and data exchange
- Event management
- Contract initiation and processing, if applicable
Information about the purposes for which the platform operator processes the data can be found on the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence over the purposes for which the platform operator actually uses the data. We also have no effective means of controlling this.
Storage period: Storing and deleting data is the duty of the platform operator. The information can be found on the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence over how the platform operator determines the regular deletion periods and how the data is deleted. We also have no effective means of controlling this.
Categories of recipients: The only people who have access to the data processed by us are our employees and service providers who maintain our fan page and who require the data for the above-mentioned purposes. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
The categories of recipients to whom the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on intra-group data exchange, can be found on the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence on the disclosure of data to individual recipients by the platform operator. We also have no effective means of controlling this.
Data transfers to third countries: If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
If you are located within the European Union, the European Economic Area or Switzerland, LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) will be the controller of your personal information that provides our services, is collected for or by our services or is processed in connection with them. As part of the operation of our fan page, the data is also processed by LinkedIn Corporation. The associated data transfer to the USA as a third country is currently carried out without an adequate level of data protection due to technical necessity of the data partially retrieved in the USA. Please be aware that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may not provide a sufficient level of data protection, which is why we are currently working on a solution. If you nevertheless call up our fan page, we wish to expressly point out that currently in the USA your basic rights from Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (GRChr) are not adequately considered.
The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator conducts business, regardless of the residence of the data subjects, and store and otherwise process the data there. Related data transfers to third countries are secured by an adequacy decision of the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR: https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de https://privacy.linkedin.com/de-de/dsgvo
We have no influence over data transfers to third countries made by the platform operator. We also have no effective means of controlling this.
Logic and scope involved in a profiling or an automated individual decision based on the collected data: If the data subjects are tracked by collecting their data, be it by using cookies or comparable techniques or by saving the IP address, the platform operator is obliged to inform them about this. The information can be found by clicking on the following links: https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/legal/cookie-policy https://www.linkedin.com/help/linkedin/answer/3566?trk=microsites-frontend_legal_privacy-policy&lang=de https://www.linkedin.com/help/linkedin/answer/68763?trk=microsites-frontend_legal_privacy-policy&lang=de The platform operator may use various analysis tools for evaluation.
We have no influence over the use of these kinds of tools via the platform operator and have not been informed of any such potential use. If tools such as this be used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any way. We are also not provided with the data obtained during the analysis. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor do we have any other effective means of controlling this.
Rights of data subjects: The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator. The rights to which data subjects are entitled can be found in Section 6.
Data subjects can find information on the available personalization and data protection settings here (with additional references): https://privacy.linkedin.com/de-de/faq https://privacy.linkedin.com/de-de/einstellungen
Additional information on social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/
The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 D02 RD28, Ireland Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Web address: http://gdprandyou.ie/contact-us/
New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany Data protection contact details: Data protection contact details can be found in Section 3.
Data protection contact details: Data protection contact details can be found in Section 3.
The data protection officer of the platform operator can be contacted under the following online form https://www.xing.com/settings/privacy/data/disclosure or at the following address:
Xing SE Dammtorstrasse 30 20354 Hamburg Germany Tel.: +49 40 419 131-0 Fax: +49 40 419 131-11 E-mail: info@xing.com
Categories of data subjects: Visitors to our site who are registered in the social network as well as those who are not registered, possibly also website visitors We wish to inform the data subjects of the fact that they use Xing and LinkedIn and their functions on their own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).
Categories of personal data: Data that we process from registered visitors to our fan page: User ID or username under which the data subjects have registered, approved profile data (name, email address, telephone number), education, professional experience, salary expectations, photo, location data, knowledge and confirmation of knowledge, professional achievements (e.g. issue of a patent, professional recognition, projects), including, if applicable, special categories of personal data, data arising from the sharing of content, the exchange of messages and communication, data required in the context of the preparation and execution of contracts at the request of registered visitors, other data and content published, provided, distributed, posted or uploaded freely by the data subjects on LinkedIn or via their LinkedIn account. Apart from this, we only process pseudonymous data such as statistics and insights into how people interact with our fan page, the posts, pages, videos and other content provided on it (page activities, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements. We are not able to link the pseudonymous data to the corresponding allocation feature (e.g. name details). This means it’s not possible for us to identify individual visitors, who therefore remain anonymous to us.
Data that we process from non-registered visitors to our fan page: Pseudonymous data such as statistics and insights into how our fan page, posts, pages, videos and other content interacts with our fan page (page activity, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, town, language), evaluations of the success and background of our advertisements, other analyses and measurements.
Data that we process from our website visitors: By integrating the Xing button (pure link) on our website, IP addresses of our website visitors are not transferred to the platform operator.
Data that the platform operator processes about the registered and non-registered visitors of our fan page can be found by clicking the following link: https://privacy.xing.com/de/datenschutzerklaerung The platform operator may use various analysis tools for evaluation.
We have no influence over the use of these kinds of tools via the platform operator and have not been informed of any such potential use. If tools such as these are used by the platform operator for our fan page, we have neither commissioned nor supported this in any way. We are also not provided with the data obtained during the analysis. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor do we have any other effective means of controlling this.
Origin of the data: We receive the data from the data subjects directly or from the platform operator.
Where the platform operator receives the data of the data subjects can be seen from the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.
Legal basis of the data processing: We process the data based on the following legal bases:
- Art. 6 (1) (a) GDPR: Consent of data subjects
- Art. 6 (1) (b) GDPR, if applicable: Fulfillment of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject
- Art. 6 (1) (f) GDPR legitimate interest o Simplification of communication and data exchange by complementing the existing communication channels, such as website, press releases, print products and events, with the fan page o Promotion of the sales of our products and services or the demand as well as the recruitment of young talents by transparent presence and regular contributions to o optimize our fan page
We only process special categories of personal data, if at all, on the following legal basis:
- Art. 9 (2) (a) GDPR: Consent of data subject
- Art. 9 (2) (e) GDPR: The data subject has clearly made the personal data public
The legal basis on which the platform operator bases the data processing can be found on the following link: https://privacy.xing.com/de/datenschutzerklaerung
If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing their IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subject for what purposes and on what legal basis the first call up of a fan page generates entries in the so-called Local Storage, even for non-registered visitors, and whether the personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles. We have no influence or effective means of controlling whether data processing is permitted by the platform operator.
Purposes of data processing We process the data for the following purposes:
- Public image and advertising
- Communication and data exchange
- Event management
- Contract initiation and processing, if applicable
Information about the purposes for which the platform operator processes the data can be found on the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence over the purposes for which the platform operator actually uses the data. We also have no effective means of controlling this.
Storage period: Storing and deleting data is the duty of the platform operator. The information can be found on the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence over how the platform operator determines the regular deletion periods and how the data is deleted. We also have no effective means of controlling this.
Categories of recipients: The only people who have access to the data processed by us are our employees and service providers who maintain our fan page and who require the data for the above-mentioned purposes. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
The categories of recipients to whom the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on intra-group data exchange, can be found on the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence on the disclosure of data to individual recipients by the platform operator. We also have no effective means of controlling this.
Data transfers to third countries: If the data subjects post their data publicly on our fan page, these data can be accessed by other registered (and possibly also non-registered) visitors.
The platform operator will transfer the data to the United States and any other country in which the platform operator conducts business, regardless of the residence of the data subjects, and will store and otherwise process the data there. Related data transfers to third countries are secured by an adequacy decision of the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR:
https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender
We have no influence over data transfers to third countries made by the platform operator. We also have no effective means of controlling this.
Logic and scope involved in a profiling or an automated individual decision based on the collected data: If the data subjects are tracked by collecting their data, be it by using cookies or comparable techniques or by saving the IP address, the platform operator is obliged to inform them about this. The information can be found by clicking on the following links: https://privacy.xing.com/de/datenschutzerklaerung The platform operator may use various analysis tools for evaluation.
We have no influence over the use of these kinds of tools via the platform operator and have not been informed of any such potential use. If tools such as this be used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any way. We are also not provided with the data obtained during the analysis. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor do we have any other effective means of controlling this.
Rights of data subjects: The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator. The rights to which data subjects are entitled can be found in Section 6.
Data subjects can find information on the available personalization and data protection settings here (with additional references): https://privacy.xing.com/de/datenschutzerklaerung
Additional information on social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/
The supervisory authority responsible for the platform operator is: The Hamburg State Data Protection and Freedom-of-Information Officer Ludwig-Erhard-Str 22, 7. OG 20459 Hamburg Web address: https://datenschutz-hamburg.de/pages/kontakt/
7.14. Online portal uPortal
Our online portal uPortal has its own privacy policy, which you can find at https://up.ulrichmedical.de. Users of the uPortal can find this at https://up.ulrichmedical.de/datenschutz/.