1 An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
2 General information and mandatory information
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
medi GmbH & Co. KG
95448 Bayreuth, Germany
Phone: +49 921 912-0
Fax: +49 921 912-370
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment. Payment transactions using common means of payment (Visa/MasterCard) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible. In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3 Data protection officer/representative
Statutory data protection officer/representative
We have appointed a data protection officer for our company. Our external Data protection officer is:
Dr. Marion Herrmann from Datenschutz Symbiose GmbH
Phone: + 49 (0) 921 15011-26
Fax: + 49 (0) 921 15011-27
4 Data collection on our website
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration. We will process the data provided during registration only based on your consent per Art. 6 (1a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Product reviews on this site
For the rating of products on this page, in addition to your comment, details of when the comment was created and the nickname you chose are also published. You can choose the nicknames freely and this does not have to match your real name. Before the reviews are published, we will review them. Duration of the ratings Approved ratings and related data (e.g., IP address) are stored and remain on our website until the rated product has been completely deleted or the rating needs to be deleted for legal reasons (e.g., offensive content). Legal basis The storage of the assessments is based on your consent (Art. 6 (1a) DSGVO). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the already completed data processing operations remains unaffected by the revocation.
Registering as a tester
You can register on our website as a study participant/product tester if you would like to be considered for future product tests. The data you register with will be saved in the medi product tester pool. We will use the data only for the purposes of carrying out product tests, for example, to collect evaluations of the products being tested, and in the event of any queries arising.
The data you provide at registration will be stored by us until you either ask us to delete it or revoke your consent for it to be stored, or until the purpose for which the data has been stored no longer applies. Statutory data retention periods remain unaffected.
Evaluations as part of product testing
As a registered product tester you will receive invitations from us to participate in product tests. In the course of the test you will be asked to fill in an online evaluation form. The data collected will be processed for the purpose of improving the quality and comfort of our products as part of our internal ongoing product development.
The data you provide will be stored for 30 days. After this period the data are only retained anonymously in the data processing tool and without any association to you.
Data collection and processing tool
The data provided at registration as a product tester and during product tests are collected, saved and processed using the online survey tool Lamapoll. The tool is supplied by Lamano GmbH & Co. KG., Prenzlauer Allee 36G, 10405 Berlin, https://www.lamapoll.de/. The data are not shared with any other third parties.
The basis for data collection at registration and during product tests
Your evaluations are saved on the basis of your consent (Art. 6 (1a) DSGVO). You can revoke your consent at any time. Simply send an email to us (firstname.lastname@example.org) – no official form is required. The data processed before we receive your request may still be legally processed.
Deletion of your data
If you revoke your consent or withdraw from the product tester group, we anonymize your data so that no connection to you personally is possible, and we delete your personal data insofar as no statutory data retention periods apply.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same. Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmitted when entering into a contract with online shops, retailers, and mail order
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent. The basis for data processing is Art. 6 (1b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
5 Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Google Analytics Remarketing
Google AdWords and Google Conversion-Tracking
Google Tag Manager
The Google Tag Manager is a service provided by Google Inc. ("Google") with which tags can be created, updated and managed. Tags are small code elements on our website which, among other things, serve to measure traffic and visitor behavior, to capture the impact of online advertising and social channels. When you visit our website/app, the current tag configuration is sent to the user's browser. It contains instructions on which tags to trigger. The tool itself does not collect any personal data. However, the tool makes it possible to trigger other tags, which may in turn collect data. For more information about how Google Tag manager works, see: Support-Tag-Manager and the usage guidelines: https://www.google.de/tagmanager/use-policy.html.
Double Click by Google
Our website uses Pingdom, a service of the company Pingdom AB, Kopparbergsvägen 8, 72213 Vasteras, Sweden. Pingdom used among others Cookies that are stored on your computer and that provide an analysis of use the website allows. In the context of the use data, in particular the IP address and activities of the users can be transmitted to a server of the company Pingdom AB and stored there. You can record and forward personal information Prevent data (especially your IP address) and the processing of this data, by disabling the execution of java script in your browser or using a tool like Install "NoScript". Further information on data protection in the use of You can retrieve pingdom at the following link: https://www.pingdom.com/legal/privacy-policy.
Iotec-Pixel and Remarketing
Within our online offering, based on our legitimate interest, Art. 6 (1c) DSGVO, one pixel from iotec Global Ltd., 1 Research Way, Plymouth Science Park, Plymouth, PL6 8BT, UK, is used to analyze, optimize and operate our online offer pseudonymysed tracking cookie placed. With the help of the iotec pixel, only non-personal data is collected that is used to create statistic-based data models and analyzes. This data can not be used to personally identify the visitor to this website. The collected data will only be used to improve the offer. There is no other use or disclosure to third parties.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
The medi newsletter contains so-called Web beacons. A web beacons is a miniature graphic that is embedded in such e-mails, which are sent in HTML format in order to enable a log file recording and a log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded counting pixel, medi can detect if and when an e-mail was opened by an affected person and which links in the e-mail were accessed by the data subject. Such personal data collected via the Web beacons in the newsletters are stored and evaluated by the Controller for the newsletter to optimise the content of future newsletters and even better the Interests of the person concerned. This personal data will not be passed on to third parties. Persons concerned are entitled at any time to revoke the separate declaration of consent given by the double opt-in procedure. After revocation, this personal data will be deleted by the controller. A withdrawal from receipt of the newsletter indicates Medi automatically as a revocation.
7 Plugins und Tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1f) DSGVO. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
8 Payment Provider
On our website we offer u.m. Payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). If you choose to pay via PayPal, the payment details you enter will be sent to PayPal. The transfer of your data to PayPal takes place on the basis of Art. 6 (1a) DSGVO (consent) and Art. 6 (1b) DSGVO (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of historical data processing operations.
On our website we offer u.m. Payment by "Sofortüberweisung". Provider of this payment service is the Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH"). With the help of the procedure "Sofortüberweisung" we receive a payment confirmation from Sofort GmbH in real time and can immediately start to fulfill our obligations. If you have decided to use the "Sofortüberweisung" method of payment, please forward the PIN and a valid TAN to Sofort GmbH, with which you can log in to your online banking account. Sofort GmbH automatically checks your account balance after logging in and transfers the money to us using the TAN you have submitted. Afterwards it will send us a transaction confirmation without delay. After logging in, your sales, the credit line of the credit line and the existence of other accounts as well as their stocks are also checked automatically. In addition to the PIN and the TAN, the payment data entered by you as well as personal data will be transmitted to Sofort GmbH. The personal data are first name, surname, address, telephone number (s), e-mail address, IP address and possibly further data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud. The transmission of your data to the Sofort GmbH is based on Art. 6 (1a) DSGVO (consent) and Art. 6 (1b) DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of historical data processing operations.
In order to offer our customers a diverse range of payment options, our company regularly checks your credit status for contracts and in certain cases where there is a legitimate interest, even for existing customers. For this we work together with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from whom we receive the necessary data. For this purpose, we will transmit your name and contact details to Creditreform Boniversum GmbH. The information acc. Article 14 of the EU General Data Protection Regulation on data processing at Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/ We only forward your data if you agree to the review of your data in the ordering process. The legal basis for the transfer is your consent (Art. 6 (1a) DSGVO). If you do not agree to the examination, we will not transmit your data to Creditreform Boniversum GmbH and at the same time can not offer you the payment method "Invoice" for your order. This is due to our legitimate interest in protecting us from payment defaults (Art. 6 (1f) DSGVO).