Privacy Policy

Table of Contents

  1. General information on Data Protection
  2. Privacy Policy Website
  3.  Information for applicant
  4. Information for business partners

I.  General information on Data Protection

 

  • Information about the Data Controller:

mdexx holding GmbH

Zeppelinstraße 30

28844 Weyhe

We attach particular importance to protecting your personal data. Your personal data is processed in accordance with the data protection regulations, in particular the General Data Protection Regulation of the European Union (GDPR) and the German Federal Data Protection Act (BDSG).

The following information provides an overview of the nature, extent and purpose of collecting, processing and transferring personal data as well as the safety measures deployed to protect these data.

Personal data are individual information on personal or factual circumstances of an identified or identifiable natural person such as e.g. your name, address, telephone number, your date of birth as well your e-mail and IP address.

 

  • Legal basis for the processing of personal data
  • As far as we obtain a consent of the data subject for the processing of personal data, Art. 6 (1) a GDPR serves as legal basis. You can withdraw this processing at any time in accordance with Art. 7 (3) GDPR.
  • 6 (1) b GDPR serves as legal basis for the processing of personal data required for the performance of a contract or for the execution of pre-contractual measures.
  • If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as legal basis.
  • If the processing is necessary for the preservation of the legitimate interest of our company or of a third party and if the fundamental rights and freedoms of the person concerned do not predominate, Art. 6 (1) f GDPR serves as legal basis for processing. In this case, you have the right of objection according to Art. 21 GDPR.

 

  • Data deletion and storage period

Personal data will be deleted as soon as the purpose for storage no longer applies. Due to legal retention periods, we may be obliged to store the data for a longer period of time.

 

  • Your Rights

Upon written request, we will inform you in accordance with Art. 15 GDPR and in accordance with our legal obligation under Art. 12 GDPR whether and which of your personal data is processed or stored by us. Furthermore, you have the right to have incorrect data corrected in accordance with Art. 16 GDPR, data transferability in accordance with Art. 20 GDPR, blocking and deletion of your personal data in accordance with Art. 17 GDPR – provided that there are no legal storage obligations to the contrary – as well as the right to restrict processing in accordance with Art. 18 GDPR. In addition, you have the right to contact the competent supervisory authority pursuant to Art. 77 GDPR.

In addition, you have the right to object pursuant to Art. 21 GDPR.

You have the right to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. To do this, please refer to the contact address below.

If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is ready to assist with any enquiries, suggestions and complaints that you may have.

Data protection officer of

mdexx holding GmbH

Zeppelinstraße 30

28844 Weyhe

E-Mail: datenschutz@mdexx.com

 

  • Changes to our Privacy Statement

We reserve the right to make changes to our privacy statement to ensure that our privacy statement is always up to date with the current legal regulations. This applies also when the privacy statement needs to be adjusted due to new or redesigned services. The new privacy statement will then take effect the next time you use our services.

This privacy policy is dated 2021.

 

II. Privacy Policy Website

 

  • Provision of the website

Use of hosting service providers

Our website is hosted on servers of a hosting provider, which is located in the EU, based on an order processing according to Art. 28 GDPR. Within the scope of its services, the hosting service provider may have access to personal data of our users, in particular to technical data, which arise within the scope of the technical communication between you and our website (e.g. server log files). However, he may not use them for his own purposes. The use of a hosting service provider is based on our legitimate interests pursuant to Art. 6 (1) f GDPR in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services.

 

Server Logs

When you visit our website or use our services the device used for accessing the site automatically transmits log data (connection data) to our servers. The relevant information consists of:

  • The browser and its version number,
  • The operating system and its version number,
  • The referrer URL, which is the website you visited before switching to our website,
  • The date and time of access to our website,
  • The name of the subpages,
  • The corresponding IP address,
  • The amount of data transmitted.

The data collected are used exclusively for evaluating the data statistically to ensure operation and safety and to optimise processing of the offer. For security grounds, however, we reserve the right to inspect log files retroactively if we have sufficient grounds to suspect illegal usage. The data will not be stored for longer than necessary. This collection is carried out on the basis of our legitimate interest under Art. 6 (1) f GDPR.

 

Cookies

In several areas of the website we use so-called “cookies”, for example to identify the preferences of the users and thus to optimally design the website. This allows for easier navigation and a high degree of user-friendliness of the website. The use of cookies presents a legitimate interest under Art. 6 (1) f GDPR (interest in the analysis, optimization and economic operation of our online services). In addition, Art. 6 (1) a EU GDPR provides the legal basis if we require your consent for the use of cookies (for marketing or analysis purposes, etc.).

Cookies are small files, which are stored on the visitor’s hard disk drive. Cookies do not damage your computer and do not contain viruses. Most cookies used on the website are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies stay on your devices and make it possible for your browser to be recognised the next time you visit. These files can be used, for example, to display information on the page that is specifically tailored to your interests.

You can change the properties of your browser so that it informs you of the placement of cookies. In this way, the use of cookies is made transparent. If you fully oppose the use of cookies, you may not be able to use individual functions of this website.

Borlabs – Cookie Consent Management

We use the consent management service of Borlabs as our cookie consent management platform. The provider is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg. This tool is a software for controlling cookies. The purpose of data processing is to comply with legal obligations and to store your consent. The legal basis is Art. 6 para. 1 lit. c EU GDPR. For more information on the processing of your data at Borlabs, please visit: https://de.borlabs.io/datenschutz/.

 

Security of Your Data

We deploy technical and organisational security measures to adequately protect the data that you have made available to us from being unintentionally or intentionally manipulated, lost, destroyed or accessed by unauthorised persons. Therefore, we are using SSL encryption for the transmission of confidential content e.g. enquires which you send to us as the site operator. An encrypted connection can be recognised when the web address changes from “http://” to “https://” and a padlock symbol is shown in your browser bar. When SSL encryption is activated, third parties cannot read the data that you transmit to us. Our security measures are kept up-to-date.

 

  • Contact us

If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal data will be stored and processed by us for the purpose of processing the enquiry and any related follow-up questions pursuant to Art. 6 (1) b GDPR (within the framework of pre-contractual / contractual measures) or pursuant to Art. 6 (1) f GDPR (general enquiries). This data is not transferred to third parties without your consent.

The data entered into the contact form remain with us until you request that they be deleted, you withdraw your consent to the storage of your data, or the purpose of the data storage is no longer given (i.e. after the successful processing of your request), provided there are no legal storage obligations to the contrary.

 

  • Customer information / direct mail

We use your contact details to inform you about current topics, new or updated products and services of our company that may be of interest to you. This information is sent on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f EU GDPR in direct advertising and insofar as this is permitted by law, e.g. in the case of existing customer advertising under the legal requirements of Section 7 para. 3 UWG. You will receive this information from us regardless of whether you have subscribed to a newsletter.

You can object to the use of your data for the purpose of direct advertising or the sending of customer information at any time without giving reasons in accordance with Art. 21 EU GDPR, without incurring any costs other than the transmission costs according to the basic tariffs. A notification in text form is sufficient for this.

 

  • Customer area

If you receive access to our customer area in order to obtain goods, services and information in our online portal, personal data will be collected. Registration allows access to services and content that are only available to registered users. If necessary, registered users have the option of changing or deleting the data provided during registration at any time. Your data may be passed on to service providers commissioned by us for processing. Your data will not be passed on to third parties beyond this. The processing of your personal data is carried out on the basis of the execution of the contract (in accordance with Art. 6 Para. 1 lit. b EU GDPR). Deletion of this data takes place in accordance with the statutory retention obligations.

 

  • Analysis-Tools

The analysis measures listed below and used by us are carried out on the basis of Art. 6 (1) a GDPR (consent). With the use of these analysis measures, we want to ensure that our website is designed to meet requirements and is continuously optimised. Using the analysis tools, we record the use of our website under a pseudonym and evaluate it for the purpose of optimising our services.

You can withdraw this processing at any time in accordance with Art. 7 (3) GDPR.

 

Google Analytics

This website uses the functions of the web analysis service Google Analytics. It is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and make it possible to analyse your use of the website. Deletion of the user and results data takes place after 14 months.

IP Anonymisation

We have activated an IP anonymisation function on this website. Through this, Google shortens your IP address prior to its transfer to the USA provided that you are within a member states of the European Union or in another contracting state to the Agreement on the European Economic Area. In exceptional circumstances only, the full IP address is transmitted to a server of Google in the USA and shortened there. Google uses this data on behalf of the website operator to evaluate the use of the website, to compile reports about website activities and to provide other website services related to website and internet usage on behalf of the website provider. Your IP address, collected in the context of Google Analytics, is not combined with other data provided by Google.

Browser Plugin / Prevention of data collection

You can prevent the storage of cookies with the appropriate settings in your browser. Please note, however, that if you do so not all features of the website will be available to you. Furthermore, you can prevent Google from gaining access to the data created by the cookie and your usage data (incl. your IP address) and prevent Google from processing such data by downloading the following plug-in for your browser: https://tools.google.com/dlpage/gaoptout?hl=en

More information regarding the handling of user data by Google Analytics is available at Google under the following link: https://support.google.com/analytics/answer/6004245?hl=en

Order Processing

We have entered into a data processing contract with Google and we strictly apply the regulations of the supervisory authorities when using Google Analytics.

 

  • Contents and Services of Third Parties

Based on the legitimate interest of the provider according Art. 6 (1) f GDPR, a situation can arise where contents, services and benefits of third parties are integrated which complement our service offerings. With the use of the following services, we want to ensure a customised design and the continuous optimisation of our website.

 

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA) on our website. reCAPTCHA is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (“Google”). In order to ensure sufficient data security when forms are transmitted, we use the Google reCAPTCHA service in certain cases. This serves above all to differentiate whether the input is made by a natural person or whether it is misused by mechanical and automated processing. To this end, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as you visit the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user).

However, if IP anonymisation is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Google uses this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other data from Google. These data are subject to the differing data protection regulations of Google. The processing takes place on the basis of our legitimate interest to protect our web offers from abusive automated spying and from SPAM.

Further information regarding Google reCAPTCHA as well as Google’s Data Privacy Policy can be found under the following links. https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

 

Google Web Fonts

In order to promote the consistent presentation of fonts, this site uses so-called web fonts which are made available by Google. When visiting a web page, your browser downloads the required web fonts into its cache so that texts and typefaces are rendered correctly.

To this end, your browser must connect with Google servers. Thereby, Google becomes aware that our website has been accessed using your IP address. The use of Google Web Fonts is carried out for the sake of a uniform and appealing presentation of our online offer. This is considered legitimate interest under Art. 6 (1) f GDPR. If your browser does not support web fonts, a standard font from your computer is used instead.

Further information on Google Web Fonts are available under https://developers.google.com/fonts/faq and Google’s Data Privacy Policy: https://www.google.com/policies/privacy/.

 

YouTube

On our website videos of the platform YouTube are integrated. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Videos are integrated into our website via the extended data protection mode. The domain will be replaced by the official YouTube Nocookie domain. When this variant is used, information about visitors to the website is only stored when the video is played. As with most websites, YouTube makes use of cookies to gather information about the visitors to their website. YouTube uses these to collect video statistics, to prevent fraud and to improve user experience. Further information regarding privacy on YouTube can be found at: http://www.youtube.com/t/privacy_at_youtube. There you will also find further information about your rights and possible settings to protect your privacy.

 

Links to websites of third parties

Based on the legitimate interest of the provider, it may occur that contents, services and benefits of third parties are integrated which complement our service offerings. When you access web pages which are linked on this website, information such as your name, IP address, browser details etc. can retrieved again. This Privacy Statement does not govern the collection, dissemination or the processing of personal data by any third parties. In this regard, please also pay attention to the individual privacy statements of the respective third-party providers and service providers to which we link on our website.

 

  • Social Media

We maintain publicly accessible online presences in social networks to communicate with the customers and interested parties active there and to present our services.

We would like to point out that user data may be processed outside the area of the European Union. Furthermore, user data is usually processed for market research and advertising purposes. To the best of our knowledge, the providers also use cookies, which store your usage behaviour (even across different end devices). This enables us to play out targeted advertising within our own platform as well as on third-party sites.

The processing of users’ personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with users in accordance with Art. 6 (1) f GDPR. If the users are asked by the respective providers of the platforms for consent to data processing or if the user voluntarily sends information to our online presences, the legal basis for processing is Art. 6 (1) a GDPR in conjunction with Art. 7 GDPR. If such information contains contract-relevant contents, Art. 6 (1) b GDPR serves as the legal basis.

For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.

Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

 

Facebook Fanpage

If you interact with our Facebook fan page (comment, link posts or send us a message) your data will be stored by us.

The operation of a fan page is a joint responsibility under data protection law between Facebook Ireland Ltd. and our company pursuant to Art. 26 GDPR. Accordingly, we have concluded an agreement with Facebook Ireland in which the respective obligations under the GDPR are regulated: https://www.facebook.com/legal/terms/page_controller_addendum_controller_addendum.

The legal bases for the processing of the data are:

  • If you “like” a contribution from us, comment on it or upload content to our Facebook page, Art. 6 (1) a GDPR serves as the legal basis. You can withdraw this processing for the future at any time in accordance with Art. 7 (3) GDPR by deleting the comment or content.
  • If you send us a contract-relevant inquiry, Art. 6 (1) b GDPR serves as the legal basis.

Facebook provides fan page operators with statistics and insights into the types of actions our fan page visitors take (“Page Insights”). We have no control over the collection of this information by Facebook. According to Facebook, this information is provided to us anonymously so that the user cannot be identified from the information.

Personal data is deleted as soon as the purpose for which it was stored no longer applies. Storage can also take place if this is provided for by statutory retention obligations to which our company is subject.

Please note that when you use and access our Facebook page, your personal data will also be processed by the provider “Facebook”. Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and by US-based Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Facebook processes your data in addition to the above-mentioned processing for analysis and advertising purposes. To the best of our knowledge, Facebook also uses cookies to remember your usage patterns (even across different devices). This enables Facebook to play targeted advertising on its own platform and on third-party sites. Further information can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. Facebook also offers the possibility to object to certain data processing; relevant notices and opt-out options can be found at: https://www.facebook.com/settings?tab=ads=ads. Please note that in accordance with Facebook Privacy Policy, user data is also processed in the United States or other third countries. Facebook only transfers user data to countries for which a European Commission adequacy decision pursuant to Art. 45 GDPR has been issued or on the basis of suitable guarantees pursuant to Art. 46 GDPR. With regard to data processing via our Facebook fan page, you have the option of asserting your data subject rights against Facebook as well. Further information can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

 

  • Minors

We principally address adult persons with our online offer. Personal information of persons under 16 years of age may only be made available to us with the explicit consent of their legal guardian (Art. 8 GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors unless we have the consent of a parent or guardian.

 

III. Information for applicants

 

  • Purpose and legal basis for the collection and processing

Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 GDPR i. c. w. § 26 BDSG-neu. If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily communicated as part of the application procedure, their processing is also carried out in accordance with Art. 9 (2) b GDPR.

  • Recipient of your data

The recipients of your data are the departments involved in the human resources management process (including human resources, managers and heads of department) of the controller. Your data will be treated as strictly confidential and will not be passed on to third parties without your consent. A transfer to third countries or international organisations is not intended.

  • Storage of your data

Your application data will be deleted 180 days after filling the position. If you are interested in future vacancies, we need your written consent for longer storage of your application documents. You can withdraw this consent at any time for the future in accordance with Art. 7 (3) GDPR. To do so, please send an e-mail with a corresponding note to the contact address given above.

 

IV. Information for business partners

 

  • Purpose and legal basis for the collection and processing

The primary purpose of data processing is the creation, execution or termination of the contractual relationship. The primary legal basis for this is Art. 6 (1) b GDPR. Without this type of use of your data, the business relationship existing between you and us cannot be carried out.

We also process your data on the basis of Art. 6 (1) f GDPR to protect our legitimate interests or those of third parties (e.g. public authorities). This may be necessary, for example, to maintain IT security and IT operations or for purposes of corporate management, internal communication and other administrative purposes. You can object to this processing by giving special reasons in accordance with Art. 21 GDPR.

 

In addition, we process your data to fulfil legal obligations, such as regulatory requirements, commercial and tax law storage obligations or documentation obligations. The legal basis for this is Art. 6 (1) c GDPR in conjunction with the nationally applicable laws.

In individual cases, it may also happen that we process your data on the basis of your separately granted consent in accordance with Artt. 6 (1) a, 7 GDPR (e.g. in the context of registering for our newsletter or publishing photo and video recordings). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can withdraw it at any time with effect for the future. To do so, please send corresponding enquiries to the contact address given above.

Should we process your personal data for a purpose not mentioned above, we will inform you of this in advance.

  • Recipient of your data

Within our company, only those persons receive your personal data who need it to fulfil our contractual and legal obligations. In addition, we sometimes use different service providers to fulfill these obligations, so that it may be necessary to transfer your personal data to other recipients outside the company to the extent necessary to fulfill our contractual and legal obligations. These third parties can be, for example, authorities, financial institutions, suppliers, etc.

To process your data technically, we sometimes use external service providers. It is possible that we may transfer and process your data outside the country in which you have your residence / company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information by using the contact information above.

  • Storage of your data

We store your personal data only as long as they are necessary for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the time during which claims can be made against us (statutory limitation period of three or up to thirty years).

 

Data Protection Officer

Christoph Schultejans

Procedo Unternehmensberatung GmbH

Ammerländer Heerstrasse 364
26129 Oldenburg

+49 441 7792930
schultejans@procedo-gmbh.de