Data Privacy Notice
The protection of your person-related data and your privacy is very important to us. We always process your person-related data transparently and in accord with valid statutory regulations. The following Data Privacy Declarations inform you of how we handle your person-related data and for what purposes it is processed.
Data Protection Declaration
1. An overview of data protection
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit our website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on our website
Who is the responsible party for the recording of data on this website (i.e. the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under section “Information Required by Law” on this website.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Our IT systems automatically record other data when you visit our website. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access our website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyse your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified, blocked or eradicated. Please do not hesitate to contact us at any time under the address disclosed in section “Information Required by Law” on this website if you have questions about this or any other data protection related issues. You also have the right to log a complaint with the competent supervising agency.
Moreover, under certain circumstances, you have the right to demand the restriction of the processing of your personal data. For details, please consult the Data Protection Declaration under section “Right to Restriction of Data Processing.
2. General information and mandatory information
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
Certmedica International GmbH
Phone: +49 (0) 60 21 / 150 93 – 0
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company.
DSBOK Oliver Krause
Phone: 06144 402197
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
In the event that data are processed on the basis of Art. 6 Sect. 1 lit. e or f GDPR, you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this Data Protection Declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to Art. 21 Sect. 1 GDPR).
If your personal data is being processed in order to engage in direct advertising, you have the right to at any time object to the processing of your affected personal data for the purposes of such advertising. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 Sect. 2 GDPR).
Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Information about, blockage, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified, blocked or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in section “Information Required by Law.”
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in section “Information Required by Law.” The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21 Sect. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
Rejection of unsolicited e-mails
We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in section “Information Required by Law” to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.
3. Recording of data on our website
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Customers, Suppliers and other Contact Persons
Data protection has a particularly high priority for the executive management at Certmedica International GmbH (Certmedica). Your person-related data is always processed in accord with the European General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Certmedica. The purpose of this Data Privacy Declaration is to inform all of our business partners (such as customers, suppliers, business contacts, etc.) and other contact persons (such as consumers of products, inquiring persons, applicants, etc.), herein after jointly referred to as “Contact Persons”, of the way in which we process their person-related data.
(1) Who is responsible for the data collection, and to whom can the data subject turn?
Certmedica International GmbH
63741 Aschaffenburg, Germany
Phone: +49 (0) 60 21 / 15 09 3-0
We have appointed a data protection officer for our company:
Phone: +49 (0) 61 44 / 40 21 97
(2) Which data and sources are used?
Certmedica processes person-related data which is received as part of its business activities from its contact persons or address handlers. Certmedica also processes data which you can find in public sources.
Person-related data that can be processed includes:
Names, titles, genders, addresses, telephone numbers, fax numbers, email addresses, professional titles, employers
In addition, it can also include order information, data from fulfilling contractual duties such as sales data, payment data, product data, data regarding services which have been used, credit data, advertising and distribution data such as websites, apps, newsletters and other data comparable to the categories just named.
(3) Are telephone conversations or electronic communication recorded?
Telephone conversations are not recorded. Electronic and written communication with Certmedica may be digitally saved. This takes place under consideration of the statutory regulations. Storage is for the purpose of providing proof such as the fulfilment of statutory retention periods.
(4) Why do we save your data?
Certmedica processes your person-related data in compliance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
1. For fulfilling contractual obligations (Art. 6 para. 1B GDPR)
- in order to be able to contact you by way of having it in our CRM system
- to be able to process your customer order and your enquiries
- to send you merchandise or to have merchandise picked up
- to place orders with you or purchase services
- to be able to comply with existing legal requirements
- to be able to assert legal claims, or for defence in the event of legal disputes
2. Within the framework of weighing interests (Art. 6 para. 1f GDPR)
To the extent necessary, Certmedica processes data from contact persons beyond the actual fulfilment of the contract in order to safeguard justifiable interests from Certmedica or third parties.
- to be able to perform customer surveys, marketing campaigns, market analyses and sweepstakes and evaluations
- to proactively and regularly present our offers and services to contact persons
- to inform you at your request of product, training and marketing information
- to improve our operative business through analyses and trend surveys
- to steadily optimise our customer service, further develop our products and services and for busi-ness management measures
3. Based on customer consent (Art. 6 para. 1A GDPR)
To the extent that the customer has given Certmedica consent to process personal data for specific purposes (e.g. receipt of newsletters, etc.), the lawfulness of this processing is based on the con-sent. Consent which has been granted can be revoked at any time. This also applies to the revocation of declarations of consent given to Certmedica prior to the validity of the GDPR, i.e. before 25/05/2018. The revocation does not affect the lawfulness of the data processed up until consent was revoked.
4. Due to legal requirements (Art. 6 para. 1c, GDPR) or in the public interest (Art. 6 para. 1e GDPR)
(5) Who receives contact person data?
Within Certmedica, the entities which need it to fulfil contractual obligations and legal duties have access to contact person data.
Certmedica’s employed service providers and vicarious agents may also receive data for these purposes, provided that they comply with data protection regulations.
These include mainly companies in the categories of IT services, logistics, printing services, banking, insurance or leasing company, telecommunications, consulting and advisory services as well as sales and marketing.
In regards to transferring data to recipients outside the company, it should first be noted that Certmedica is obliged to maintain secrecy about all customer-related facts and evaluations of which it becomes aware. The company may only pass on information about contact persons when required by law, when the contact person has given consent or when the processor commissioned by the company guarantees compliance with the requirements of the G and the GDPR. We usually have a contract processing agreement with these service providers.
(6) Is data transferred to a third country or to an international organisation?
Data is not transferred to a facility in countries outside of the European Union (so-called third-party states).
(7) How long is the data stored?
Certmedica processes and saves the person-related data of contact persons as long as necessary for the fulfilment of its contractual and statutory obligations. When the data is no longer needed for fulfilling the contractual or statutory obligations, it is routinely deleted unless limited additional processing is necessary, e.g. For the following purposes:
- Fulfilment of commercial and tax law storage obligations, e.g. on the basis of the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for the reten-tion of certain data are between 2 and 10 years.
(8) Which rights do contact persons have?
Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data transferability under Article 20 GDPR. In the case of the right of information and the right of deletion, the restrictions under Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply. In addition, there is a right of appeal to a com-petent data protection authority in accordance with Article 77 GDPR in conjunction with Section 19 BDSG.
A contact person can revoke consent given for the processing of personal data at any time. This also applies to the revocation of declarations of consent given to the company prior to the validity of the GDPR before 15/05/2018. In principle, revocation has effect only for the future. Processing which took place before the revocation is not affected.
(9) Do customers have a duty to provide data?
In the context of a business relationship with Certmedica, a contact person must provide the personal data necessary for the initiation, implementation and termination of the business relationship and the fulfilment of the contractual obligations related to it, or for the collection of data which
Certmedica is legally obliged to do. Without this data, Certmedica will generally not be able to conclude the contract with the contact person, to execute an order or to fulfil an existing contract, meaning that Certmedica may have to terminate the contract.
(10) Is there an automatic process for decision taking?
In principle, Certmedica does not perform a fully automatic decision taking according to Article 22 GDPR for the justification and performance of business relationships. If Certmedica uses this process in individual cases, the person involved is separately informed of this if it is required by law.
(11) Does profiling take place?
Certmedica processes the data of contact persons partly automatically for the purpose of evaluating certain business aspects (profiling). Certmedica uses profiling in the following, examples:
- In order to inform and advise contact persons about products in a targeted manner, Certmedica uses evaluation tools. These enable communication and advertising, including market and opinion research, to be tailored to the needs of the customer.
- In the context of assessing the creditworthiness of contact persons, Certmedica uses credit information services where applicable. In doing so we receive information about the creditworthiness of contact persons. This involves calculating the probability with which a customer will meet its payment obligations in accordance with the contract.
(12) What happens in the case of inquiries per email, phone, fax or via the website?
If you contact us by email, phone, fax or via our website, your inquiry, including all person-related data (name, inquiry, etc.) will be stored and processed by us for the purpose of processing your request.
We will not share this data without your consent.
If your inquiry is related to the fulfilment of a contract, or is necessary for the implementation of precontractual measures, processing of the data is done in compliance with Art. 6 para. 1(b) GDPR. In all other cases, processing is based on your consent (Art. 6 para. 1(a) GDPR) and/or on our legitimate interests (Art. 6 para. 1(f) GDPR), as we have a legitimate interest in the effective processing of the re-quests addressed to us. The data sent to us by you via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected by this.
(13) Changes to this Data Privacy Declaration
Certmedica reserves the right to change this Data Privacy Declaration at any time at its sole discretion, subject to legal requirements. We will publish these changes on our website www.certmedica.de under the point Data Protection, so that you are always fully informed about the collection and processing of your personal data by us. For that reason we recommend that you check the contents of our current data protection declaration at regular intervals.
Information about your right of objection under Article 21 of the General Data Protection Regulation (GDPR)
Right of objection in individual cases
You have the right to object at any time to the processing of your person-related data which is car-ried out according to Art. 6 para. 1(e) GDPR (data processing in the public interest) and Art. 6 para. 1(f) GDPR (processing based on a weighing of interests), including profiling based on this provision in the sense of Art. 4 No. 4 GDPR. If you object, we will no longer process your person-related data unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves to assert these rights, exercise or defence of legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases, we process your person-related data in order to carry out direct advertising. You have the right to object at any time to the processing of person-related data concerning you for the purpose of such direct marketing, including profiling, to the extent it is connected with such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
Your objection can be made without formality and should be addressed to our external data protection officer, if possible: Oliver Krause , Untergasse 2, 65474 Bischofsheim, Phone: +49 (0) 61 44 / 40 21 97, Mobile: +49 (0) 160 / 53 84 72 7, e-mail: firstname.lastname@example.org
Please contact us and our data protection officers if you have any questions at all about our data protection and privacy policies. You will find contact information in the applicable data protection declaration.