1) Information on the collection of personal data and contact details of the person in charge
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the Data Protection Ordinance (DSGVO) is Side Medizintechnik GmbH, Gumpling 1, 4925 Pramet, Austria, Tel.: +43 (0) 7754 36606, E-Mail: email@example.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to the responsible person), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for informational purposes only, i.e. when you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website:
– Our visited website
– Date and time of access
– Amount of sent data in bytes
– Source/reference from which you reached the page
– Used Browser
– Operating system used
– IP address used (if necessary: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be seen in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract, in accordance with Art. 6 Para. 1 letter a DSGVO in the case of a granted consent or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
4) Contact us
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain data.
5) Data processing when opening a customer account and for contract processing
In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide us with this information for the purpose of executing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with for the purpose of contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.
6) Data processing for order processing
6.1 In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.6.2 Transfer of personal data to shipping service providers
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 letter a DSGVO before the goods are delivered for the purpose of coordinating a delivery date or to announce delivery, provided that you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO. This information will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL or the delivery announcement is not possible.
The consent can be revoked at any time with future effect vis-à-vis the responsible person named above or the transport service provider DHL.
If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will pass on your e-mail address and your telephone number to DPD prior to delivery of the goods in accordance with Art. 6 Para. 1 letter a DSGVO for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent in the ordering process. Otherwise we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO. We will only pass this information on to you if it is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or the delivery announcement is not possible.
Consent can be revoked at any time with future effect vis-à-vis the person responsible as described above or vis-à-vis the transport service provider DPD.
– Austrian Post
If the delivery of the goods is carried out by the transport service provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will pass on your e-mail address to Österreichische Post before the goods are delivered in accordance with Art. 6 Para. 1 letter a DSGVO for the purpose of coordinating a delivery date or for announcing delivery, provided that you have given your express consent in the ordering process. Otherwise we will only pass on the name of the recipient and the delivery address to the Austrian Postal Service for the purpose of delivery according to Art. 6 para. 1 lit. b DSGVO. We will only pass this information on as far as it is necessary for the delivery of goods. In this case a prior coordination of the delivery date with the Austrian Postal Service or the transmission of status information of the delivery of the consignment is not possible.
Consent can be revoked at any time with future effect vis-à-vis the person responsible as described above or vis-à-vis the transport service provider Austrian Post.
6.3 Use of payment service providers (payment services)
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) within the scope of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract.
7) Tools and others
The health data you provide will be used strictly for the intended purpose and will be collected and processed in accordance with the applicable statutory data protection regulations. Your health data will not be disclosed to third parties. Only in the case of ordering prescription drugs will we forward your health data to your health insurance company for accounting purposes. Health data is a special type of personal data that directly or indirectly allows an inference to the physical and/or mental health of a person. The health data provided by you within the scope of the order (e.g. information on the type and quantity of the ordered drugs) will only be collected by us for the purpose of implementing the contract if you have given us your express consent by opt-in. With your consent, you give us your consent for the use of your personal health data within the meaning of Art. 6 para. 1 lit a and Art. 7 para. 2 lit a DSGVO. You can revoke your consent at any time with effect for the future to the person responsible for data processing.
8) Rights of the data subject
8.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below:
– Right to information in accordance with Art. 15 DSGVO: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, cancellation, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
– Right of rectification under art. 16 DPA: You have the right to have incorrect data concerning you corrected and/or incomplete data held by us completed without delay;
– Right to deletion in accordance with Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
– Right to limit processing in accordance with Art. 18 DSGVO: You have the right to demand the limitation of the processing of your personal data for as long as the accuracy of your data which you dispute is checked, if you refuse to delete your data because of unauthorized data processing and instead demand the limitation of the processing of your data, if you require your data for the assertion, exercise or defense of legal claims, after we no longer require this data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been established whether our justified reasons outweigh the objection;
– Right to information in accordance with Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
– Right to data transferability in accordance with Art. 20 DSGVO: You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically feasible;
– Right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke at any time with future effect any consent you have given to the processing of data. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
– right to appeal pursuant to Art. 77 DSGVO: If you believe that the processing of personal data relating to you is in breach of the DPA, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS DUE TO OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
9) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data is processed on the basis of an explicit consent pursuant to Art. 6 para. 1 letter a DSGVO, this data is stored until the person concerned revokes his or her consent.
If there are legal retention periods for data which are processed within the scope of legal or similar obligations on the basis of Art. 6 Para. 1 letter b DSGVO, these data are routinely deleted after expiry of the retention periods, provided that they are no longer required for the performance of the contract or the initiation of the contract and/or we have no justified interest in their further storage.
When personal data are processed on the basis of Art. 6 Para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 DSGVO, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
In the case of processing of personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 para. 2 DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.