Data Privacy Statement

A.    Data Privacy Statement pursuant to GDPR


I.    Name and address of responsible body (controller)

The controller pursuant to the General Data Protection Regulation and other national laws on data protection by the member states and provisions on data protection is:

Andreas Fahl
Medizintechnik-Vertrieb GmbH
August-Horch-Str. 4a – 6
D-51149 Cologne (Porz-Gremberghoven)
Germany

Tel.: 02203 2980 0
E-mail: E-mail: datenschutz(at)fahl.de
Website: www.fahl.com


II.    Contact data of the data protection officer

Tel.: 02203 2980 0
E-mail: datenschutz(at)fahl.de


III.    General information on processing of data

1. Scope of the processing of personal data

We generally only collect and use personal data if this is required to provide a functional website as well as our contents and services. We only routinely collect and use our users' personal data after the user's consent. An exception is made where obtaining prior consent is not possible for factual reasons and processing the data is permitted by law.

2. Legal basis for processing personal data

If we require the data subject's consent for processing operations, the legal basis is Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR).

If personal data are processed because this is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 (1) lit. b GDPR. This also applies to processing operations required to perform precontractual processes.

If personal data are processed because this is required to comply with a legal obligation by which our company is bound, the legal basis is Art. 6 (1) lit. c GDPR.

If vital interests of the data subject or another natural person require personal data to be processed, the legal basis is Art. 6 (1) lit. d GDPR.

If the processing is required to pursue a legitimate right of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, the legal basis for the processing is Art. 6 (1) lit. f GDPR.

3. Erasure of data and storage period

The data subject's personal data will be erased or blocked as soon as the purpose for the storage no longer applies.

Data may furthermore be stored if European or national legislation provides for this in EU regulations or laws or other provisions to which the controller is subject.

The data may also be blocked or erased if a storage period prescribed by the mentioned rules expires unless it is required to continue to store the data in order to conclude or perform a contract.
 

IV.    Provision of the website and recording log files

1. Description and scope of the processing of data

Each time our Internet site is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • IP
  • directory protection user
  • date
  • time
  • accessed pages
  • status code
  • data volume
  • referrer
  • user agent

The data are also stored in the log files of our system. These data are not stored together with other personal data concerning the user.

2. Legal basis for processing the data

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f GDPR.

3. Purpose of processing the data

Storage in log files is required to ensure the functionality of the website. We furthermore use the data to optimise the website and ensure the security of our IT systems. The data will not be analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 (1) lit. f GDPR.

4. Storage period

The data are deleted as soon as they are no longer required to achieve the purpose of their collection.

In the case of data being stored in log files, this is the case after seven days at the latest.

Error logs recording instances of failed site access are deleted after seven days. In addition to the error messages, they contain the accessing IP address and, depending on the error, the accessed webpage.

5. Right to object and remove

Collecting the data to provide the website and storing the data in log files is a mandatory requirement for operating the Internet site. Therefore, the user cannot object.

VI.    Use of cookies

1. Description and scope of the processing of data

Our website uses cookies. Cookies are text files saved in the internet browser or on the user's computer system by the Internet browser.

If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that make it possible to unambiguously identify the browser if the website is accessed again.


We use cookies to make our website more user-friendly. Some elements of our Internet site require that the accessing browser can also be re-identified after switching between pages.

[Placeholder Cookie Table from Cookie First]


To that end, the following data are stored and transmitted in the cookies:

(1)    Saved articles

Diese Cookie-Tabelle wurde erstellt und aktualisiert von der CookieFirst consent management platform.

Web analysis using Matomo (formerly Piwik)

Scope of the processing of personal data

We use the software "Matomo" (www.matomo.org) on this website, a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The software places a cookie (a text file) on your computer, which can be used to recognise your browser. If sub-pages of our website are accessed, the following data are stored:

  • the IP address of the user, shortened by the last two bytes (anonymised)
  • the accessed sub-page and time of access
  • the page from which the user accessed our website (referrer)
  • which browser with which plug-ins, which operating system and which screen resolution is being used
  • the length of time spent on the website
  • the pages that are accessed from the visited sub-page

The information collected by the cookies is generally transmitted to a Matomo server in Germany and stored there, so that technically speaking a third country transfer does not take place. To the extent that any data transfer to InnoCraft's place of business is outside the EEA, it is covered by an EU Adequacy Decision for New Zealand.

Legal basis

The legal basis on which we process personal data using Matomo is Art. 6 (1) lit. f of the GDPR.

Purpose of processing the data

We require the data to analyse the surfing behaviour of users and to obtain information about the use of the individual components of the website. This enables us to constantly optimise the website and its user-friendliness. These purposes also constitute our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. By anonymising the IP address, we take into account the interest of users in the protection of personal data. The data are never used to personally identify the user of the website and are not merged with other data.

The user data collected this way are pseudonymised by technical means. Therefore, it is no longer possible to trace the data back to the accessing user. The data are not stored together with other personal data relating to the users.


When users access our website, a banner informs them that cookies are used for analytical purposes, and reference to this Data Privacy Statement is made. In this context, they are also informed about how storing cookies can be disabled in the browser settings.


When users access our website, they are informed about the fact that cookies are used for analytical purposes, and their consent to the processing of the personal data used in this context is obtained.

In this context, reference to this Data Privacy Statement is also made.

2. Legal basis for processing the data

The legal basis for the processing of personal data using cookies that are required from a technological point of view is Art. 6 (1) lit. f GDPR.


The legal basis for the processing of personal data using cookies for analytical purposes - provided that the user has consented - is Art. 6 (1) lit. a GDPR.

3. Purpose of processing the data

The purpose of using cookies that are required from a technological point of view is to make websites easier to use for the users.

Some functions of our Internet site cannot be offered unless cookies are used. For these, it is necessary to re-identify the browser after switching between pages.

We must use cookies for the following applications:

(1)    Shopping cart

The user data collected by cookies that are required from a technological point of view are not used to create user profiles.


The purpose of using analytical cookies is to improve the quality of our website and its contents. Analytical cookies tell us how the website is used, and we can thus continually optimise what we offer. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 (1) lit. f GDPR.

4. Storage period, right to object and remove

Cookies are stored on the user's computer and transmitted from it to our site.

Therefore, you as user also have full control over the user of cookies. By changing settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically.

VII.    Contact forms and contact by e-mail

1. Description and scope of the processing of data

Our Internet site has a contact form that can be used to contact us electronically, by phone and/or personally. If a user makes use of this form, the data entered into it are transmitted to us and stored. These data are: (*=mandatory field)

Personal information:

I am ... (selection box)

  • Patient*
  • Medical professional
  • Relative*
  • Interested

Customer number (input field)
Salutation (input field)
Title (input field)
First name* (input field)
Surname* (input field)

Contact information:

E-mail* (input field)
Telephone (input field)
Street and house number (input field)
Postal code (input field)
Place of residence (input field)

My request ... (input field)

  • Arranging a consultation appointment
  • A question about my delivery
  • A question about the billing
  • Return
  • Product information
  • Feedback
  • Miscellaneous

Message (free text to be entered by user)

Note on data protection: (checkbox)

By submitting this form, I consent to Andreas Fahl Medizintechnik-Vertrieb GmbH using my data in the ways stated above, in particularly with regard to contacting me in person. I confirm that I have read and understood the Data Privacy Statement.*

Means of contact: (checkbox)

Yes, I wish to receive information in the future and agree that my personal data provided by me may be stored, processed and used by Andreas Fahl Medizintechnik-Vertrieb GmbH for current information and news on products and services, as well as for market and opinion research by post, by e-mail or by telephone.   

Furthermore, a catalogue order form is available on our website, which allows the user to order the Fahl product catalogue digitally or in a printed format. If a user makes use of this form, the data entered into it are transmitted to us and stored. These data are: (*=mandatory field)

Personal information:

I am ... (selection box)

  • Patient*
  • Medical professional
  • Relative*
  • Interested

Customer number (input field)

Salutation (input field)

Title (input field)

First name* (input field)

Surname* (input field)

I would like to order the catalogue in the following format:* (checkboxes)

  • Printed book
  • Digital download
  • Both book and digital download

E-mail* (input field)
Street and house number* (input field, only for physical order)
Postal code* (input field, only for physical order)
Place of residence* (input field, only for physical order)
Country* (input field, only for physical order)

Message (free text to be entered by user)

Note on data protection: (checkbox)

By submitting this form, I consent to Andreas Fahl Medizintechnik-Vertrieb GmbH using my data in the ways stated above, in particularly with regard to contacting me in person. I confirm that I have read and understood the Data Privacy Statement.*

Means of contact: (checkbox)

Yes, I wish to receive information in the future and agree that my personal data provided by me may be stored, processed and used by Andreas Fahl Medizintechnik-Vertrieb GmbH for current information and news on products and services, as well as for market and opinion research by post, by e-mail or by telephone.   

Furthermore, a newsletter form is available on our website, which allows the user to subscribe to the Fahl Newsletter. If a user makes use of this form, the data entered into it are transmitted to us and stored. These data are: (*=mandatory field)

E-mail address* (input field)

About which topic would you like to be informed?* (input field)

  • Medical professional
  • Patients, relatives or interested persons

I would like to receive a newsletter and accept the Data Privacy Statement.* (checkbox)

Furthermore, a form is available on our website, which allows the user to register for various events. If a user makes use of this form, the data entered into it are transmitted to us and stored. These data are: (*=mandatory field)

Name, date and place of the event

Personal information:

Company/organisation* (input field)
Job description (input field)
Salutation (input field)
Title (input field)
First name* (input field)
Surname* (input field)

Contact information:

E-mail* (input field)
Telephone (input field)
Fax (input field)
Street and house number* (input field)
Postal code* (input field)
Place of residence* (input field)

 

I would like to register additional persons:

First name (input field)
Surname (input field)
Job description (input field)

 

Note on data protection: (checkbox)

By submitting this form, I consent to Andreas Fahl Medizintechnik-Vertrieb GmbH using my data in the ways stated above, in particularly with regard to contacting me in person. I confirm that I have read and understood the Data Privacy Statement.*

Means of contact: (checkbox)

Yes, I wish to receive information in the future and agree that my personal data provided by me may be stored, processed and used by Andreas Fahl Medizintechnik-Vertrieb GmbH for current information and news on products and services, as well as for market and opinion research by post, by e-mail or by telephone.   

 

At the point in time the message is sent, the following data are stored additionally:

(1)    Date and time of registration
 

Your consent to processing the data will be obtained during the submission process, and reference to this Data Privacy Statement is made.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data transmitted along with the e-mail are stored.

In this context, data will not be shared with third parties. The data are solely used for processing the conversation.

2. Legal basis for processing the data

The legal basis for processing the data - provided that the user has consented - is Art. 6 (1) lit. a GDPR.

The legal basis for processing the data transmitted within the context of sending an e-mail is Art. 6 (1) lit. f GDPR. If the objective of the contact by e-mail is concluding a contract, an additional legal basis for processing is Art. 6 (1) lit. b GDPR.

3. Purpose of processing the data

The sole purpose of processing the personal data from the form is to establish contact. If we are contacted by e-mail, this also constitutes the required legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Storage period

The data are deleted as soon as they are no longer required to achieve the purpose of their collection. For the personal data from the input mask of the contact form, the catalogue order, the event registration and the newsletter registration, this is the case when the respective conversation with the user has been completed. The conversation with the user is completed when it can be deduced from the circumstances that the relevant issue has been resolved conclusively.

The personal data additionally collected during the submission process are deleted after a time period of seven days at the latest.

5. Right to object and remove

The user at any time has the option to withdraw his/her consent to the processing of personal data. If the user contacts us by e-mail, s/he can at any time object to his/her personal data being stored. In such a case, the conversation cannot be continued.

This declaration of consent is voluntary and can be revoked at any time in writing by e-mail to vertrieb@fahl.de or by post to Andreas Fahl Medizintechnik-Vertrieb GmbH, August-Horch-Straße 4a, 51149 Cologne, using the subject line "Revocation of consent".

All personal data stored within the context of the contact are deleted in this case.

VIII.    Data subject's rights

If personal data concerning you are processed, you are a data subject pursuant to GDPR and have the following rights towards the controller:

1. Right of access

You can request from the controller confirmation as to whether personal data concerning you are being processed by us.

Where that is the case, you can request the following information from the controller:

(1)       the purposes of the processing of the personal data;

(2)       the categories of personal data that are being processed;

(3)       the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4)       the envisaged period for which the personal data concerning you will be stored, or, if it is not possible to provide concrete information, the criteria used to determine that period;

(5)       the existence of the right to rectification or erasure of personal data concerning you and the right to request from controller restriction of processing of personal data concerning you or to object to such processing;

(6)       the right to lodge a complaint with a supervisory authority;

(7)       where the personal data are not collected from the data subject, all available information as to their source;

(8)       the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request to know whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller rectification and/or completion provided that processed personal data concerning you are inaccurate or incomplete. The controller shall rectify the data without undue delay.

3. Right to restriction of processing

Under the following circumstances, you may request from the controller the restriction of processing the personal data concerning you:

(1)       if the accuracy of the personal data concerning you is contested by you for a period enabling the controller to verify the accuracy of the personal data;

(2)       the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3)       the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

(4)       if you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of you.

If processing of the personal data concerning you has been restricted, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the union or of a member state. If the restriction of processing has been restricted as per the above requirements, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase these data without undue delay where one of the following grounds applies:

(1)       The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2)       You revoke your consent on which the processing was based according to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.

(3)          You object to the processing pursuant to Art.  21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4)       The personal data concerning you have been unlawfully processed.

(5)       The personal data concerning you have to be erased for compliance with a legal obligation in union or member state law to which the controller is subject.

(6)                   The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, takes reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

(1)       for exercising the right of freedom of expression and information;

(2)       for compliance with a legal obligation which requires processing by union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)       for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and Art. 9 (3) GDPR;

(4)       for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)       for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have exercised your right to rectification, erasure or restriction of the processing towards the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You are entitled to request from the controller to be notified of these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You furthermore have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1)       the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and

(2)       the processing is carried out by automated means.

In exercising this right, you furthermore have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing contributes to the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revocation of consent under data protection law

You have the right to revoke your consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out up to the revocation on the basis of the consent.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1)       is necessary for entering into, or performance of, a contract between you and the controller,

(2)       is authorised by union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3)       is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. In the cases referred to in (1) and (3), the controller implements suitable measures to safeguard rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.