> Data Privacy consent declaration (English Version)
> Datenschutz Einverständniserklärung (German Version)
Data protection information for customers and other affected parties (e.g. parties interested in our services, authorised representatives)
With the following information we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and in which way it is used depends largely on the services requested or agreed upon. Therefore, not all of this information may apply to you. Customers are e.g. end customers, distributors, suppliers, service providers and consultants, hereinafter referred to as "customer".
Who is responsible for data processing and whom can I contact?
Responsible is PATH MEDICAL GmbH
Managing Director Dr. Johann Oswald
Landsberger Straße 65
82110 Germering · Germany
Phone +49 89 8007 6502
You can reach our company data protection officer at:
PATH MEDICAL GmbH
Landsberger Straße 65
82110 Germering · Germany
Fax +49 89 8007 6503
What sources and data do we use?
We process personal data that we receive from our customers or other parties concerned in the course of our business relationship. In addition, in exceptional cases we process
- insofar as necessary for the provision of our services
- personal data which we legitimately acquire from publicly accessible sources (e.g. press, Internet) or from other third parties.
Relevant personal data are personal details (name, address and other contact details) as well as (if necessary) date and place of birth. In addition, this can also be order data (e.g. payment order) or data related to the fulfilment of our contractual obligations (e.g. turnover data in payment transactions).
Meta and communication data (e.g. device information, IP addresses) are collected when you visit our website.
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the Data Privacy Consent Declaration according to European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG)
to fulfil contractual obligations (Art. 6 par. 1b GDPR)
The processing of data is carried out within the framework of the execution of our contracts with our customers or for the implementation of pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the concrete product or service (e.g. service training, service request, product request).
as part of legitimate interests (Art. 6 par. 1f GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract to protect legitimate interests of ours, e.g. information on further training offers, as long as you have not objected to the use or measures for building and plant security (e.g. access control).
based on subject’s consent (Art. 6 par. 1a GDPR)
By ordering products or services or by registering for training courses, you agree to the processing of personal data for the purposes of organisation, processing and information on the execution of the order or training. The given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. The revocation of a consent is only effective for the future and does not affect the legality of the data processed up to the revocation.
due to legal obligations (Art. 6 Abs. 1 c DSGVO) or in the public interest (Art. 6 Abs. 1 e DSGVO)
We are subject to various legal obligations to store your data. The purposes of processing include, for example, the fulfilment of fiscal control and reporting obligations.
Who receives my data?
Those employees are given access to your data that they need to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they comply in particular with the provisions of data protection. These are in particular companies in the categories IT services, printing services, telecommunications, consulting and sales, marketing, tax consulting, hotel industry.
We only pass on information about our customers if required by law, if the customer has given his consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
- public bodies and institutions (e.g. tax authorities, criminal prosecution authorities, courts) where there is a legal or official obligation
- Service providers that we employ for to contract processing.
How long will my data be stored?
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relations constitute a continuing obligation which is valid for years. If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its temporary further processing is necessary for the following purposes:
- Fulfilment of commercial and tax law storage obligations, which result primarily from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage or documentation specified there are usually two to ten years.
- Preservation of pieces of evidence within the framework of the legal statute of limitations. According to §§ 195ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
What privacy rights do I have?
Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right of objection under Article 21 GDPR and the right of data transferability under Article 20 GDPR. With regard to the right to information and the right of deletion, the restrictions under Articles 34 and 35 from German Federal Data Protection Act apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Article 19 German Federal Data Protection Act).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
Is there an obligation for me to provide data?
Within the scope of our business relationship, you must provide us with the personal data required for the commencement, execution or termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be in a position to conclude, execute and terminate a contract with you. In particular, we are obliged, e.g. when visiting security-relevant areas, to identify you by means of your identification document and to collect and record your name, place of birth, date of birth, nationality, address and identification data.
If you do not provide us with the necessary information and documents, we may not provide the service you requested.
Does profiling take place?
We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, to provide you with targeted information and advice about our services.
Information about your right of objection under Article 21 GDPR
Individual right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 letter a) GDPR and Article 6 paragraph 1 letter f). This also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR
If you object, we will no longer process your personal data, unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
Right to object to processing of data for direct marketing purposes
In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing, including profiling, insofar as it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
Recipient of the objection
The objection can be made in any form with the subject "Objection", stating your name and address, and should be sent to:
PATH MEDICAL GmbH
Managing Director Dr Johann Oswald
Landsberger Str. 65
82110 Germering · Germany
Phone +49 89 8007 6502
In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through the design of technology and through data protection-friendly default settings (Art. 25 GDPR)
The following information is largely based on the following source:
Datenschutz-Muster von Rechtsanwalt Thomas Schwenke - I LAW it
Integration of third-party services and content
It can happen that within this online offer third party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated. This always presupposes that the providers of such content (hereinafter referred to as "third-party providers") are aware of the IP address of the users. This is because without the IP address, the providers could not send their content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. However, we have no influence on whether third party providers store the IP address for e.g. statistical purposes. As far as we are aware of this, we inform the users about it.
Cookies are small files that enable the storage of specific information related to the device on the user's access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they serve to record statistical data on website use and to be able to analyse it for the purpose of improving the offer. The users can influence the use of the cookie. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it should be noted that the use and in particular the comfort of use are restricted without cookies.
You can manage many online ad cookies from companies via the US American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.
The data entered during registration is used for the purpose of using the offer. Users can be informed by e-mail about information relevant to the offer or registration, such as changes in the scope of the offer or technical circumstances. The collected data can be seen from the input screen in the context of the registration.
You can contact us directly using the contact forms provided on the website. You have the opportunity to provide us with the following information in particular:
First and Last Name, Salutation
We collect, process and use the information provided by you via contact forms exclusively for processing your specific request.
This website uses the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") to collect and store data based on our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 Para. 1 Letter f GDPR. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. Cookies may be used for this purpose. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym.
If you do not agree with the storage and evaluation of this data from your visit, you can object to the storage and use of this data at any time by clicking on the mouse. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.