Privacy Policy of RoweMed AG – Medical 4 Life

A. Purpose, definitions and scope

This data privacy policy serves to explain the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") by the RoweMed AG with registered office in Parchim, Germany, registered in the commercial register oft he local court Schwerin under HRB 7789 (hereinafter referred to as "RoweMed", "we" or "us" genannt) within the framework of the online service and the associated websites, functions and contents (hereinafter jointly referred to as "Online Service" or "website").

We take the protection of your data very seriously and will inform you below about the details of data processing and your legal rights in this regard. We treat your Data confidentially and according to the legal data protection regulations as well as this privacy policy. We have taken extensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external disturbances. To this end, we regularly review our security measures and adapt them to the state of the art. Since new technologies and the further development of this Online Service may result in changes to this privacy policy, we recommend that you read the privacy policy again at regular intervals.

If you use our Online Service, various data will be collected. This personal data is data with which you can be personally identified. The terms used below (e.g. "personal data" or "processing") have the meaning as defined in Art. 4 GDPR. We would like to point out that data transmission on the Internet can be subject to security gaps. A complete protection of the data against access by third parties is not possible.

 

1. Controller and contact possibility

Responsible in the sense of Art. 4 no. 7 GDPR for the processing in this Online Service is

RoweMed AG – Medical 4 Life
Juri-Gagarin-Ring 4
19370 Parchim
Germany

You can contact us at:

Phone: +49 (0) 3871 / 451-280
Email: info@rowemed.de

If you have any questions regarding data protection with regard to our Online Service, please contact our data protection officer:

André Weinert
Juri-Gagarin-Ring 4
19370 Parchim
Germany
Email

To exercise your rights, you can contact one of the contact options listed above.

 

2. Types of data, processing and purposes

We process the following data:

  • Inventory data (e.g. personal master data, names or addresses)
  • Contact data (e.g. email, telephone number)
  • Content data (e.g. text input, photos, videos)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)


Purposes of the processing:
  • Provision of the Online Service, its functions and contents
  • Responding to contact requests and communicating with users
  • Safety precautions
  • Reach measurement/Marketing

 

3. Data subjects and their rights

Visitors and users of the Online Service (hereinafter jointly referred to as "users") are affected by the processing. Many processing operations are only possible with your express consent. You can revoke your consent at any time (Art. 7 para. 3 GDPR). An informal email to us is sufficient for this revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

You can assert your rights by sending a message to the contact data specified in the "Controller" section or to the data protection officer appointed by us.

According to the GDPR, users have the following rights with regard to processing:

a) Right of access (Art. 15 DSGVO)
Pursuant to Art. 15 GDPR, you have the right at any time to request confirmation free of charge of the processing of the data in question and to be informed of this data, as well as to receive further information and a copy of the data. The subject of the information is the stored personal data themselves, the origin of the data, their recipients and the purpose of the data processing.

b) Right of rectification (Art. 16 DSGVO)
You have the right, in accordance with the law, to ask us, the data controller, to complete the data concerning you or to rectify the false data concerning you.

c) Right to erasure (‘right to be forgotten’, Art. 17 GDPR)
Within the framework of the applicable legal provisions, you also have the right to demand that we, as the person responsible, delete the data we have stored concerning you. This applies in particular to persons who have given their consent in childhood. However, this right can be exercised regardless of age.
The data is deleted when it is no longer needed for the purposes for which it was collected and there are no legal retention periods or a legal obligation to retain it (e.g. data retention). If deletion cannot take place for one of the aforementioned reasons, data processing will be restricted.

d) Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data. The restriction leads to the data being blocked and not processed for other purposes. This right exists in the following cases:

  • If you dispute the accuracy of your data stored by us, we usually need time to verify this. For the duration of this check, you have the right to demand that we restrict the processing of your data.
  • If the processing of your data has been or will be unlawful, you may request that data processing be restricted instead of deleted.
  • If we no longer need your data for processing, but only for exercising, defending or asserting legal claims, you can demand the restriction of processing instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a weighing must be carried out between your and our interests. As long as it is not clear whose interests predominate, you can demand the restriction of the processing of your data.

If you have restricted the processing of your data, then these data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

e) Right to data portability (Art. 20 DSGVO)
You have the right to have the data concerning you, which are processed automatically by us on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machinereadable format or to pass them on. If you request a direct transfer of the data to another responsible person, this will only take place as far as it is technically possible.

f) Right of revocation (Art. 7 DSGVO)
You have the right to revoke your consent to data processing with effect for the future. For this purpose, an informal notification by email to us is sufficient. The revocation applies only for the future and therefore does not affect the legality of the data processing already carried out on the basis of the previous consent.

g) Right to object (Art. 21 DSGVO)
According to Art. 21 GDPR, you have a right of objection in special cases and against direct advertising. The objection is to be addressed to us. You can file this objection if the data processing is based on Art. 6 Para. 1 S. 1 lit. e or f GDPR and there are reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you file an objection, then we will no longer process your personal data concerned unless we can prove compelling reasons worthy of protection for this processing which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).
If your personal data are processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time by notifying us by email. This also applies to profiling as far as it is connected with such direct advertising. If you object, your personal data will no longer be used for the purpose of direct advertising (objection according to Art. 21 para. 2 GDPR).

h) Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO)
n the event of infringements of the GDPR, the persons concerned have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, workplace or place of presumed infringement. The right of complaint exists without prejudice to other administrative or judicial remedies. The contact details of the supervisory authorities can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

4. Data deletion

The data processed by us will be deleted in accordance with the statutory provisions or their processing restricted. Unless expressly stated otherwise in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for the intended purpose and there are no legal storage obligations. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website.
If the data are not deleted because they are required for other legally permissible purposes, their processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for economic or tax reasons.


B. Data processing


1. Cookies and reach measurement

This website uses cookies for pseudonymised range measurement, which are stored in the internet browser of your terminal device. These are small text files with a sequence of numbers which are stored locally in the cache of the browser used and to which it accesses. Cookies are primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. The use of cookies increases the userfriendliness, efficiency and security of this website.
The use of cookies is necessary for technical reasons or may be used for other purposes (e.g. analysis/evaluation of website usage). Some elements of our site require that the calling browser can be identified even after a page change. The user data collected by technically necessary cookies are not processed for the creation of user profiles. We also use cookies, which are not technically necessary and allow an analysis of the surfing behavior of users. The following data, for example, is then stored and processed in the cookies: Entered search terms, frequency of page views, use of website functions. These cookies are used to make the use of the online offer more efficient and more attractive. The legal basis for this processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Cookies that are not technically necessary are automatically deleted after a specified period of time.

We use socalled "session cookies", which are automatically deleted when you close your browser after visiting the website. They store a session ID with which various requests from your browser can be assigned to the shared session. They are necessary for the use of the Online Service, in particular we can recognize the used terminal device when you return to the page. We also use permanent cookies, which remain stored on your computer until you delete them. They are also referred to as "permanent" or "persistent" and are used, for example, to store the login status when users visit the site after several days. The user's interests can also be saved, which are used to measure reach or for marketing purposes.
"Third party cookies" are cookies offered by providers other than the controller who operates the online service. The cookies used by the controller are therefore also referred to as "first party cookies".
Most browsers are set so that they automatically accept cookies. If you as a user do not want cookies to be stored on your device, you will be asked to deactivate the corresponding option in the browser settings. Most browsers offer the option not to accept cookies. In addition, there is the function to only allow or prohibit cookies in individual cases and to delete cookies automatically when the browser is closed. Cookies that have already been saved can also be deleted in the browser settings. However, we cannot guarantee that without cookies all functions of this website can be accessed without restrictions. You can also object to the processing. Your right of objection applies to reasons arising from your particular situation. Your data will not be further processed by us unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). You can also prevent the use of cookies by opening the browser in "private mode".

If you do not want cookies to be stored on your device for range measurement or online marketing purposes, you can object to the use of these files here:


Cookies, which are necessary for the execution of the electronic communication process or for the provision of certain functions, are stored on the basis of Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically errorfree and optimised provision of our services as well as for the improvement of the functionality of our website. Inso-far as other cookies are stored (e.g. cookies to analyse your surfing behaviour), these are dealt with separately in this data protection declaration.

2. SSL und TLS encryption

For security reasons and to protect the transmission of confidential content, such as for example requests that you send to us as a site operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://", as well as by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3. Hosting, emailing

We use external hosting services. These serve to provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, email delivery, security services and technical maintenance services that we use to operate this Online Service. All data required for the operation and use of our website will be processed. The purpose of this is to ensure the efficient and secure provision of our website. The legal basis for the processing is Art. 6 para. 1 sent. 1 lit. f GDPR.
We or our hosting provider process here inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interest in the efficient and secure provision of this online service in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 para. 3 GDPR (order processing).
Data processing via external web hosts is mandatory for the provision of our Online Service. However, you may object to the processing for reasons arising from your particular situation pursuant to Art. 21 para. 1 GDPR. In this case, we will not further process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion and exercise of or defence against legal claims. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing. You can send us your objection via the contact data mentioned in the section "Controller".

4. Server log files

In principle, you can use our Online Service without disclosing your identity for purely informational purposes. However, when using our Online Service, so called server log files are automatically collected and stored, which are transmitted to us by your browser. They are collected by us and our hosting providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR, i.e. for the improvement, stability, functionality and security of our website.

The date collected are:

  • Content of the request (name of the website visited)
  • Message about successful access
  • Browser type, version and language
  • Used operating system of the user
  • Source or reference from which you came to the site
  • Date and time at the time of access
  • Transmitted amount of data in bytes
  • Access status/HTTP status code
  • IP address
  • Referrer URL (the previously visited page)
  • Time zone difference to Greenwich Mean Time (GMT)


These data are not merged with other data sources. These data are collected on the basis of Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in the technically errorfree presentation and optimisation of our online services - server log files must be recorded for this purpose. The access data is deleted when it is no longer required for the purpose of processing it. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website.
This data is collected exclusively for statistical purposes and to improve the functionality and security of the website. For security reasons, the server log files are stored for a maximum of 7 days and then deleted; in individual cases, further processing is possible. In this case, the IP address is deleted or altered in such a way that it is no longer possible to assign the calling client. The data is stored for security reasons. If data have to be deleted for reasons of proof (e.g. suspicion of illegal use), they are excluded from deletion until the incident has been finally clarified.

5. Data collection by contacting us

When you contact us, personal data may be collected and stored to respond to your inquiry. If you do not provide the necessary data, it may be impossible to process your request. Other data processed during the sending process, which are not listed below, are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

a) Contact form
If you send us enquiries via our contact form, your details from the enquiry form, including the contact data you entered there, will be stored by us for processing the enquiry and in the event of followup questions. These data will not be passed on without your consent.
A valid email address must be provided in order to process your enquiry. At the time the message is sent to us, the following data will also be processed:

  • IP address
  • Date/time of registration

The processing of data entered in the contact form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 sent. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after completion of processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected by this.

b) Email, phone or fax
If you contact us by email, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your request. These data will not be passed on without your consent.
If your request is related to the fulfilment of a contract or is necessary for the implementation of precontractual measures, these data will be processed on the basis of Art. 6 para. 1 sent. 1 lit. b GDPR. In all other cases, processing is based on your consent (pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR) and/or on our legitimate interests (pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.
The data sent to us by you via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after completion of the processing of your request). Mandatory legal provisions - in particular retention periods - remain unaffected by this.

6. Data transfer within the group of companies, to third parties and/or to third countries

Personal data will only be disclosed to other persons, companies or bodies to the extent described below, unless you have given your effective consent to such disclosure. The legal basis for the processing is then Art. 6 para. 1 sent. 1 lit. a GDPR.

a) To third parties
We only transfer personal data to third parties if this is necessary for the establishment, execution or termination of legal transactions with our company, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the payment processing. Further transmission of the data will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. Your name and address will be passed on to the shipping service provider for the purpose of shipping the goods. Your email address and telephone number will not be passed on to the shipping service provider.
Your personal data will also be passed on if a subcontractor or vicarious agent, whom we use exclusively in the context of providing the offers or services you have requested, requires this data (unless you are expressly informed otherwise, such auxiliary persons are only entitled to process the data to the extent necessary to provide the offer or service). In addition, data will be passed on to third parties in the event of an enforceable official or court order or if we are obliged by law to pass it on (Art. 6 para. 1 sent. 1 lit. c GDPR) or if the processing is necessary to protect vital interests of the persons concerned or another natural person (Art. 6 para. 1 sent. 1 lit. c GDPR). 6 para. 1 sent. 1 lit. d GDPR), the disclosure is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority (Art. 6 para. 1 sent. 1 lit. e GDPR) or we are authorised or even obliged to disclose for the pursuit of overriding legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
The basis for data processing is Art. 6 para. 1 sent. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or precontractual measures.

b) To third countries
If we process data in a third country, i.e. a country which does not belong to the EU, or if this is done as part of the use of third party services or the passing on or transfer of data to other persons or companies, this only occurs if this is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual approvals, we process or leave the data in a third country only if the legal requirements are met (cf. Art. 45 ff. GDPR). This means, for example, that the processing takes place on the basis of special guarantees or an adequacy decision, such as the staterecognised determination of a data protection level corresponding to the EU (e.g. for the USA for companies registered under the "Privacy Shield") or the observance of officially recognised special contractual obligations.

7. Processing of customer and contract data

We process your personal data if and to the extent necessary for the initiation, justification, execution and/or termination of a legal transaction with us. The legal basis for this is Art. 6 para. 1 sent. 1 lit. b GDPR. If the data processing is necessary for the conclusion of a contract, it may be impossible to conclude the contract, carry out and/or terminate a legal transaction with our company if the data processing is not provided.
Personal data will only be collected, processed and used by us to the extent necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR, which permits the processing of data to fulfil a contract or precontractual measures. Personal data will only be collected, processed and used in connection with the use of our website (usage data) to the extent required to enable the user to make use of the service or to bill the user for it.

The data entered by you for the purpose of order processing includes:

  • Name, first name
  • Company affiliation
  • Position
  • Address
  • Payment details
  • Email address
  • Optional: phone number

The collected customer data will be deleted or blocked after conclusion of the order or termination of the business relationship if we are not entitled to further storage and processing in the respective context due to a consent given by you, a contractual agreement, a legal authorization (e.g. authorization to send direct mail) or due to legitimate interests (e.g. storage to enforce claims). Legal retention periods remain unaffected.

8. Integration of third-party content

Our Online Services include third-party content such as videos, maps, RSS feeds or graphics from other websites. This integration always presupposes that the providers of this content ("third-party providers") perceive the IP addresses of the users, otherwise they could not send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content.
We make every effort to use only content from third parties who process the IP address solely for the purpose of delivering the content. However, we have no influence on this if the third-party providers process the IP addresses, e.g. for statistical purposes. As far as we are aware of this, we will inform you about it in the following.
With some third party providers, data processing outside the European Union is possible.
You can object to this processing by installing a JavaScript blocker such as the browser plugin "NoScript" (www.noscript.net) or by deactivating JavaScript in your browser. Your right to object exists for reasons arising from your particular situation. We will not process your data further, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, moreover, if the processing serves the assertion and exercise of or defence against legal claims (Art. 21 para. 1 GDPR).

9. Google Maps

This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. When you access our online services, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser and integrated into the website by it. Therefore, we have no influence on the extent of the data collected in this way by Google. According to our state of knowledge, this is at least the following data:

  • Date and time of the visit to the website concerned,
  • Internet address or URL of the website accessed,
  • IP address, the (start) address entered during route planning.

We have no influence on the further processing and use of the data by Google and can therefore assume no responsibility for this.
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use the map display.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's privacy policy (https://policies.google.com/privacy?hl=en).
The use of Google Maps and the processing of data collected about you by Google Maps on our website requires your express consent.
Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, whose text you can call up here:https://www.privacyshield.gov/EU-US-Framework.
The use of Google Maps takes place exclusively on the basis of your consent within the meaning of Art. 6 para. 1 sent. 1 lit. a GDPR. We have no knowledge of the storage period on GoogleMaps and have no influence on it.
Further information on how "Google Maps" and the route planner use your data as well as Google's privacy policy can be found at: https://www.google.com/intl/de_en/help/terms_maps.html. You can object to the processing under the following link: https://adssettings.google.com/authenticated. Google is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

C. Final information

We ask you to inform yourself regularly about the contents of our privacy policy and to take a printout or a copy with your documents. We reserve the right to adapt the privacy policy with effect for the future as soon as changes in the data processing carried out by us, the use of new technologies or changes in the legal basis or the corresponding jurisdiction make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Principles of data processing RoweMed AG – Medical 4 Life

download here

 

Status: 1. June 2019