Responsible body and data protection officer
91315 Höchstadt/ Aisch
Tel. +49 9193 500900
Contact data protection officer:
Responsible data protection supervisory authority
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Tel.: +49 981 531300
Data protection declaration of medwork GmbH
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU Data Protection Basic Regulation (EU DS-GMO) and the country-specific implementation laws applicable to us. With the help of this data protection declaration we inform you comprehensively about the processing of your personal data by medwork GmbH and the rights to which you are entitled.
Personal data is the information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address but also your IP address.
Anonymous data exists if no personal reference to the user can be established.
Your rights as a data subject
- The right to information (Art. 15 EU DS-GMO),
- The right to cancellation (Art. 17 EU DS-GMO),
- The right to rectification (Art. 16 EU DS-GMO),
- The right to data transfer (Art. 20 EU DS-GMO),
- The right to restrict data processing (Art. 18 EU DS-GMO),
- The right to object to data processing (Art. 21 EU DS-GMO).
Rights of objection
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling in so far as it is connected with direct advertising.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, if possible to: firstname.lastname@example.org.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
When processing your personal data, the provisions of the EU DS-GMO, the BDSG (new) and all other applicable data protection regulations are observed. Legal bases for data processing result in particular from Art. 6 EU DS-GMO.
We use your data for business initiation, to fulfil contractual and legal obligations, to execute the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent is also a data protection permission regulation. Here we inform you about the purposes of data processing and about your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent (Art. 6 I 1 a EU DS-GMO).
Processing of special categories of personal data in the sense of Art. 9 (1) EU DS-GMO only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of processing prevails (Art. 6 I 1 f EU DS-GMO).
Passing on to third parties
We will only pass on your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, data will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of data / categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfil their contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers.
Transfer to a third country / Intention to transfer to a third country
Data will only be transmitted to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual obligation, is required by law or you have given us your consent.
We transfer your personal data to a service provider or to group companies outside the European Economic Area: USA.
Compliance with the data protection level is ensured by: EU standard contractual clauses.
Data storage time
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously checked in cooperation with security experts and adapted to new security standards.
The data exchange from and to our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption for contact forms. Only we can decrypt this data. It is also possible to use alternative communication channels (e.g. by post).
Obligation to provide the data
Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
Categories, sources and origin of data
The context determines which data we process: This depends on whether you place an order online or enter an enquiry in our contact form, whether you send us an application or submit a complaint.
Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
When you visit our website, we may collect and process the following data
- Name of the Internet service provider
- Information about the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your Internet Service Provider
- Requested files, transferred data volume, downloads/file export
- Information about the websites you visit, including date and time
- For reasons of technical security (in particular to prevent attempts to attack our web server) these data are stored in accordance with Art. 6 paragraph 1 letter F EU-DS-GMO. After 7 days at the latest, anonymization takes place by shortening the IP address, so that no reference to the user is established.
In the context of a contact inquiry we can collect and process the following data
- Name, first name
- Information about wishes and interests (your message to us including the subject of your inquiry)
For online applications we can process the following data
- All data that you provide to us by e-mail. We do not request the transmission of certain data.
For newsletters we collect and process the following data
- Name, first name
- form of address
Automated individual case decisions
We do not use purely automated processing processes to bring about a decision.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. As far as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of these pages.
At the time of linking, the linked pages were checked for possible legal infringements and recognisable infringements. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. Upon notification of violations of the law, such links will be removed immediately.
Cookies (Art. 6 para. 1 lit. f EU DS-GMO / Art. 6 para. 1 lit. a EU DS-GMO with consent)
Our Internet pages use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive).
These cookies enable us to analyse how users use our websites. In this way we can design the website content according to the visitor’s needs. In addition, cookies enable us to measure the effectiveness of a particular ad and to have it placed depending, for example, on the user’s thematic interests.
Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer if they are valid (usually six months) or if you delete them yourself before they expire.
Most web browsers automatically accept cookies. However, you can usually change the settings of your browser if you prefer not to send the information. You can still use the offers on our website without restrictions (exception: configurators).
Please note: If you deactivate the setting of cookies, not all functions of our website may be fully usable.
Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The tool tag manager itself (that implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
Google Analytics – User profiles / Webtracking methods
On the basis of our legitimate interest (i.e. our interest in the analysis, optimisation and economic operation of our online services as defined in Art. 6 Para. 1 lit. f. of the German Civil Code), we make no representations or warranties with respect to the accuracy, completeness or quality of the information provided.
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, by activating IP anonymisation on this website, your IP address will be shortened by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information for the purpose of evaluating website usage, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Sessions and campaigns are terminated after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns end after six months. Users’ personal data is deleted or anonymised after 14 months.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link [https://tools.google.com/dlpage/gaoptout?hl=de].
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data from this website in the future: Disallow Google Analytics to track me
An opt-out cookie is stored on your device. If you delete your cookies, you must click this link again.
We would like to point out that on this website Google Analytics was extended by the code “gat._anonymizeIp” in order to guarantee an anonymous recording of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the DoubleClick cookie (see Google Adwords and DoubleClick) as well as the data from the Google advertising functions for purely statistical purposes. If you do not wish to do this, you can deactivate it via the ad default manager (https://www.google.de/settings/adsor https://www.google.com/settings/ads/onweb/?hl=de).
By certifying to the EU-US Privacy Shield
Google guarantees that the EU’s data protection requirements are also met when processing data in the USA.
On our website we use Google Fonts to display external fonts.
This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.Google LLC, based in the USA, is certified for the US European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
To enable the display of certain fonts on our website, a connection is established to the Google server in the USA when our website is accessed.
Legal basis is Art. 6 Para. 1 lit. f) EU DS-GMO. Our justified interest lies in the optimisation and economic operation of our Internet presence.
By means of the connection to Google established when our Internet presence is accessed, Google can determine which website has sent your enquiry and to which IP address the representation of the text is to be transmitted.
Integration of third-party services and content
We use third-party content or services within our website on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the EU DS-GMO).
This always presupposes that the third party providers of these offers receive the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called tracking pixels (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These tracking pixels can be used to evaluate information such as visitor traffic on the pages of this website.
This information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.
Integration of videos via YouTube
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our online offer. The videos were embedded in extended privacy mode.
By embedding the video in advanced privacy mode, no cookies are set to capture usage behavior in order to personalize the video playback. However, the Advanced Privacy Mode only applies to tracking user behavior, not ad delivery.
When you visit our site, a device ID is generated in the local storage of your web browser and stored beyond the session, and when you visit the site, you connect to the Google Marketing Platform. When you start the video, it may trigger further data processing. We have no control over this.
If you’re logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you will need to log out before activating the video.
YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or tailoring its website to suit your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Possibility of appeal: https://adssettings.google.com/authenticated
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Notes on data protection in the social media
medwork GmbH maintains various appearances in the “social media” in order to communicate with the users registered there and inform them about our offers.
We draw your attention to the fact that the use of these platforms with the functions made available by them is your own responsibility. This applies in particular to your specific usage behaviour on these platforms. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
We would also like to point out that when using the platforms, your data may be processed outside the European Union. By being certified according to the EU-US Privacy Shield, the US providers guarantee that the data protection requirements of the EU are also complied with when processing data in the USA.
In addition, your usage and user-related information may be processed for market research and advertising purposes. For example, user profiles can be created on the basis of your usage behaviour and the resulting interests. In this way, for example, advertisements can be placed inside and outside the platforms. Cookies are usually stored on your end device for this purpose. Irrespective of this, data that is not collected directly from your terminal device can also be stored in the user profiles (especially if you are a member of the respective platforms and are logged in to them).
The processing of users’ personal data is carried out on the basis of our legitimate interests in effective information for users and communication with users pursuant to Art. 6 Para. 1 lit. f. EU-DS-GVO. If you are asked by the respective providers for their consent to data processing (e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 Para. 1 lit. a., Art. 7 EU-DS-GVO.
Possibility of objection
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored member data in the respective network, you must
- log out from the respective network before you visit our website,
- delete the cookies present on the device and
- close and restart your browser.
After logging in again, however, you will be recognizable to the network again as a specific user.
For a detailed description of the respective processing and the opt-out options, we refer you to the following linked information from the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can best be asserted with the providers. Because only the providers have access to the user data and can react directly to your inquiry and give information. Should you nevertheless need help, you can contact us.
Notes on copyright and art copyright
Should you wish to publish pictures, texts, plans, videos, music etc. on our website, you should be aware that you may assign all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights owner yourself.
Contact by e-mail (Art. 6 par. 1 lit. a, b EU-DS-GMO)
If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your inquiry. If you only provide us with the mandatory information, you will not suffer any disadvantages. If you do not provide the mandatory information, we will unfortunately not be able to answer your message.
Newsletter (Art. 6 para. 1 lit. a EU DS-GMO)
You can subscribe to a free newsletter on our website. The e-mail address and your name provided with the newsletter registration will be used for sending the personalised newsletter.
The principle of data economy and data avoidance is observed here, as only the e-mail address (if applicable name for personalised newsletters) is marked as a mandatory field. For technical reasons and for legal protection, your IP address is also processed when ordering the newsletter.
Of course, you can cancel your subscription at any time via the unsubscription option provided in the newsletter and thus revoke your consent. Furthermore, it is also possible to unsubscribe directly from the newsletter mailing at any time via our website.
Advertising purposes Existing customers (Art. 6 para. 1 lit. f EU DS-GMO)
medwork GmbH is interested in maintaining customer relations with you and sending you information and offers about our products, services and events. Therefore, we process your data in order to send you relevant information and offers by e-mail.
If you do not wish to do so, you can object at any time to the use of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is connected with direct marketing. If you file an objection, we will no longer process your data for this purpose.
The objection can be made free of charge and free of form without giving reasons and should be addressed to +49 9193 500900, by e-mail to email@example.com or by post to “medwork GmbH, Medworkring 1, 91315 Höchstadt, Germany”.
Online offers for children
Persons under 16 years of age may not transmit any personal data to us or submit a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children’s online activities and interests.
Registration / Customer account (Art. 6 para. 1 lit. a, f EU-DS-GVO)
On our website, we offer our dealers the opportunity to register by providing personal data. The advantage is that you receive information about our latest products. Registration is possible if you are one of our sales partners.
Here the principle of data economy and data avoidance is observed, as only the data necessary for registration is collected. These are first and last name, user name, e-mail address and password including password repetition.
Registration on our website also saves the user’s IP address, the date and time of registration (technical background data). By clicking the “Register now” button, you give your consent to the processing of your data.
Please note: Your password will be stored encrypted. Employees of our company cannot read this password. They cannot therefore give you any information if you have forgotten your password.
In this case, use the “Lost your password?” function, which will send you an automatically generated new password by e-mail. No employee is entitled to request your password by telephone or in writing. Therefore, please never give your password if you receive such requests.
Upon completion of the registration process, your data will be stored with us for use in the protected customer area. As soon as you log on to our website with your e-mail address or your user name and password, this data will be made available on our website (e.g. for downloading product information).
Of course, you can also cancel or delete the registration or your medwork.news account. If you have any questions, please do not hesitate to contact us.
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Maps is a web service that displays interactive (land) maps to help you visualize geographic information. Using this service will show you our location and make it easier for you to get to us.
Already when you call up the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google’s servers in the USA and stored there. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in at Google, your data will be directly assigned to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. In particular, such evaluation is carried out in accordance with Art. 6 para. 1 lit.f DSGVO on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the design of its website to meet needs. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
By certifying to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active=a2zt000000001L5AAI&status=Active, Google guarantees that the EU’s data protection requirements are also met when processing data in the USA.
Google AJAX Search API
On our site the Java-Script Code of Google is used. With this tool an optimisation of the loading speeds is achieved. For this program libraries from Google servers and the CDN (Content delivery network) from Google.
If you have Java-Script enabled in your browser and do not have a Java-Script-Blocker your browser can transmit personal data to Google.
To prevent the execution of Java Script code by Google as a whole, you can install a Java-Script-Blocker for your browser.
Processing is based on Art. 6 para. 1 lit. f EU DS-GMO. The Website operator has a legitimate interest in the functionality of his website using the Google AJAX Search API.