Privacy Policy

Data protection and security have the highest priority for medi. In order to comply with our legal obligation to report and to keep you up-to-date, we inform you that with the cyber attack on medi on the first weekend in August, the attackers also had access to data - in this context, we cannot exclude that this could also affect personal data.

Since in exceptional cases a disclosure of secrets, identity theft, financial disadvantage or other consequences cannot be ruled out in the event of a possible loss of such data, we recommend that in the near future, purely as a precaution, you pay close attention to irregularities regarding the data records stored at medi. As a user, you can change passwords with other providers for this purpose if they correspond to the medi password, check your e-mails more frequently for spam messages or keep an eye on your account movements.

Important: At this point in time, however, we do not have any indications that point to an illegal use of data!

If you have any questions, please contact us at datenschutz@medi.de.

You can reach our data protection officer by post at:

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg

or by e-mail:
dataprotection.medi@eprivacy.eu.

WE TAKE PRIVACY SERIOUSLY

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.

 

If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.

 

Responsible party:

medi GmbH & Co. KG

Department ITEM m6

Medicusstraße 1
95448 Bayreuth

Tel.: +49 (0) 921 / 912 1680
Fax: +49 (0) 921 / 912 8192
E-Mail: service@item-m6.com

PERSONAL DATA

Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.

 

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.

 

When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.

Stored DATA

 

Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us.

 

These are:

- Data and time of the request

- Name of the requested file

- Page from which the file was requested

- Access status (file transferred, file not found, etc.)

- the web browser and operating system used

- complete IP address of the computer making the request

- amount of data transmitted"

This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.

 

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on your hard drive. The information stored in the cookies allows you to be automatically recognised the next time you visit our website, which will make it easier for you to use the site. The legal basis for the use of cookies is your consent in accordance with Art. 6 (1)(a) GDPR or, for necessary cookies, our legitimate interest in accordance with Art. 6 (1)(f) GDPR. Our legitimate interests are in maintaining the functionality and security of the website, protection against misuse and improving our service.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit, you can also refuse the use of cookies by changing the settings in your browser to “refuse cookies”. The respective procedure can be found in the settings of your browser. If you reject the use of cookies, however, there may be restrictions on the use of some areas of our website.

A web service of Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure full functionality of our website. Your browser or personal data is transferred to cookiebot.com in this context.

The legal basis for data processing is Art. 6 (1)(f) GDPR and Art. 6 (1)(c) GDPR.

The legitimate interest here is in trouble-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find more information on handling of the transferred data in the Data Protection Statement of cookiebot.com under: www.cookiebot.com/de/privacy-policy/

This website uses Google Tag Manager. The Tag Manager does not collect personal data. The tool activates other tags, which may collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, it will continue to persist for all tracking tags implemented with Google Tag Manager. You can find Google’s privacy policy for this tool at: https://www.google.co.uk/analytics/tag-manager/use-policy.html

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, hereinafter “Google”, on our website. Google Analytics 4 uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information collected by means of these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities during those sessions) and to analyze user behavior across devices.

We use Google Signals. This allows Google Analytics 4 to collect additional information about users who have activated personalized ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

The anonymization of IP addresses is activated by default with Google Analytics 4. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of “events”. Events may include:

·         Page views
·         First visit to the website
·         Start of the session
·         Your “click path”, interaction with the website
·         Scrolls (whenever a user scrolls to the end of the page (90%))
·         Clicks on external links 
·         Internal search queries
·         Interaction with videos
·         Downloaded files
·         Ads seen / clicked
·         Language settings

The following is also recorded:

·         Your approximate location (region)
·         Your IP address (in truncated form)
·         Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
·         Your internet provider
·         The referrer URL (via which website/advertising medium you came to this website)
·         User ID 
·         Interests 
·         Demographic data

Google will use this information for the purpose of evaluating your usage of our website, compiling reports on website activities for us, and carrying out further services relating to website activity and Internet usage.

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google. The data will only be passed on to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The data sent by us and linked to cookies are automatically deleted after 14   months. The deletion of data the retention period of which has been reached takes place automatically once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 Sent. 1 lit. a GDPR.

Google also offers an opt-out add-on for the most popular browsers, which gives you more control over what information Google collects about the websites you visit. The add-on indicates to the JavaScript (ga.js) of Google Analytics 4 that no information about the website visit should be transmitted to Google Analytics 4. However, the Google Analytics 4 opt-out browser add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For further information on installing the browser Add-On, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=de

If you visit our website from a mobile device (smartphone or tablet), you will need to click this link instead to prevent Google Analytics 4 from tracking you within this site in the future. This is also possible as an alternative to the above browser Add-On. By clicking the link, an opt-out cookie is set in your browser and is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.

If you’ve agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, Google will use your information in conjunction with Google Analytics data to create target audience lists for remarketing purposes across multiple devices. Google Analytics 4 will first collect your Google-authenticated ID on our website, which is linked to your Google account (i.e. personal data). Google Analytics will then temporarily associate your ID with your Google Analytics 4 data to optimize our target audiences.

If you do not agree, you can turn it off via the corresponding settings in the “My Account” section of your Google Account.

You can find out more about the Google privacy policy and data protection regarding Google Analytics 4 at: https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

For further information on the use of “cookies” on our website and on revocation, please refer to the last section “Cookies”.

Remarketing technology by Google Ireland Limited (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is used for remarketing purposes and addresses users who visited our website by showing them interest-based advertising on Google’s partner network pages. The ads shown may contain the products that the user had previously viewed on our website (remarketing). Google Remarketing tracking pixels are integrated in our website for this purpose. They track user behavior on the website the technical characteristics of the visit (e.g. the browser used, IP address, etc.) and the buying behavior without reference to the individual, and send this information to Google. Google uses cookies to recognize and classify users. If users grant Google permission to link their web and app browser history with their Google account and we use information from the Google account for personalized ads that they see on the web, Google will use data from these registered users together with its own collected data to create and define target group lists for cross-device remarketing. IDs of these users are authenticated by Google Analytics and collected to support this feature. This personal data from Google is temporarily linked with Google Analytics data from us to form target groups.

 

More information on this and ways to disable this ad feature can be found at: https://adssettings.google.com/u/0/authenticated.

Doubleclick by Google is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were accessed. The cookies contain no personal information. The use of DoubleClick cookies only allows Google and its affiliates to display ads based on previous visits to our or other websites. The information generated by the cookies is transferred by Google to a server in the United States for evaluation and is stored there.

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google.

For more information about the use of cookies on our site, please see the section "Cookies".

In addition, you can prevent Google from collecting and processing the data generated by the cookies, as well as the data related to your use of the webpages, by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies with this opt-out.

"On this website, we offer you the option of using the “Facebook login” service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

This will allow you to use your existing Facebook account to log in to our website. After you have logged in with your Facebook login data, Facebook will notify you about the data that will be transmitted for authentication. No link beyond the authentication process will be established between the account you created with us and your Facebook account. The legal basis for the processing of your data is the execution of the login, Art. 6 (1)(b) GDPR."

We have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR, the terms of which you can view here.

For more information about how Facebook processes personal data, including how to assert your rights as a data subject against Facebook Ireland, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy.

Further information on the Facebook login: https://developers.facebook.com/docs/facebook-login/.

This website uses the “Facebook Pixel” service provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We use Facebook Pixel to display ads to you and other potentially interested users on Facebook and other websites and to measure the impact of our advertising. Through Facebook Pixel, your browser establishes a connection with Facebook and, once you have agreed to the use of cookies requiring consent, places a cookie for 180 days with the information that you have accessed our website or clicked on one of our ads. If you are registered with Facebook, Facebook can assign the visit to your account. The legal basis for the processing of your data is your consent, Art. 6 (1)(a) GDPR."

You can withdraw your consent at any time with future effect:

  1. a) by setting your browser accordingly;
  2. b) by logging in as a user of the social network Facebook at https://www.facebook.com/settings/?tab=ads#_ 
  3. c) by deactivating your consent on the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org."

For more information on the use of cookies and consent withdrawal options on our website, please refer to the “Cookies” section.

We have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR, the terms of which you can view here.

For more information about how Facebook processes personal data, including how to assert your rights as a data subject against Facebook Ireland, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy. Specific information and details about Facebook Pixel and how it works can also be found in the Help section of Facebook.

We operate a Facebook page (“fanpage”) on Facebook, a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Facebook collects and uses data to provide analysis services (“Page Insights”) to page operators in order to offer them insights into how people interact with their pages and the content associated with them. This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices users use, such as IP addresses, the operating system, browser type, language settings and cookie data.

We are jointly responsible with Facebook Ireland Ltd. for the collection and processing of data from visitors to our fanpage. The legal basis is our legitimate interest in this information for advertising purposes, Art. 6 (1)(1)(f) GDPR. That is why we have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR. The agreement with Facebook also stipulates in particular which security measures Facebook must observe and that Facebook must comply with the rights of data subjects.
You can find further information on page insights and on how to assert your data subject rights in “Information on page insights”. Click here to view the terms of the contract concluded with Facebook.

The Trusted Shops Trustbadge is integrated into this website so that we may display our Trusted Shops seal of approval and any ratings we have collected and to offer Trusted Shops products to buyers after they have placed an order.

This serves to protect our legitimate interests in the best possible marketing, which prevail in the context of a balancing of interests, by enabling secure shopping in accordance with Art. 6 (1)(1)(f) GDPR. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided in the context of contract data processing by a CDN (content delivery network) provider.

More information about privacy at Trusted Shops GmbH can be found here.

When the Trustbadge is viewed, the web server automatically stores a server log file, which also contains your IP address, the date and time of the request, the amount of data transferred and the requesting ISP (access data). The web server also documents the request itself. Individual access data is stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after their creation.

Further personal data will be transferred to Trusted Shops GmbH if, after completing an order, you decide to use Trusted Shops products or have already registered to use them. The contractual agreement between you and Trusted Shops shall apply. Personal data is automatically collected from the order data for this purpose. A neutral parameter (the email address hashed by cryptographic one-way function) is used to automatically check whether you are already registered for product use as a buyer. Before it is transmitted, the email address is converted into this hash value, which cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.

This is necessary so that we and Trusted Shops can fulfil our overriding legitimate interests in the provision of buyer protection for the specific order in each case and of the transactional rating services in accordance with Art. 6 (1)(1)(f) GDPR. Further details, also regarding your right to object, can be found in the Trusted Shops privacy policy, a link to which can be found above and in the Trustbadge.

 To improve the user friendliness and quality of our services, we use Conversion Tracking and Retargeting technology by The Trade Desk, Inc.42 N. Chestnut Street, Ventura, CA 93001.

Conversion Tracking: This website uses Conversion Tracking by The Trade Desk. A temporary cookie for Conversion Tracking is set when a user contacts an ad placed by The Trade Desk ."

Retargeting: This website uses Retargeting technology by The Trade Desk. This makes it possible to target users who have already shown interest in our website and products on our partners’ websites. The ads displayed through Retargeting are selected using cookie-based analysis of previous user behavior. The cookie is temporary and only valid for 60 days.

For more information on The Trade Desk’s privacy policy go to https://www.thetradedesk.com/general/privacy-policy 

For more information about the use of cookies on our site, please see the section "Cookies".

We use the YouTube embedding function to display and play videos from the provider YouTube (hereinafter “YouTube”), which belongs to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

The privacy-enhanced mode is used here, in which, according to the provider, the storage of user information is only triggered when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider uses YouTube cookies or comparable recognition technologies to collect information about user behaviour. According to information from YouTube, these are used for purposes including the collection of video statistics, the improvement of user-friendliness and the prevention of abusive behaviour. The YouTube server is informed about which of our pages you have visited. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not want your data to be assigned to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles which it then evaluates. Such an evaluation is carried out according to Art. 6 (1)(f) GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.

You can object to YouTube’s analysis of user behaviour and targeted advertising by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=en 

For more information about privacy at YouTube, please see their privacy policy: https://www.google.com/intl/policies/privacy

 

Our websiteuses the Visual Website Optimizer, an A/B test tool/web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter "Wingify").

Wingify uses cookies that enable analysis of your use of our website, shops and app. The information generated by the cookie about the use of our website, shops and app, along with your IP address, will be transmitted to a Wingify server in India and stored there. Wingify uses this information on our behalf to evaluate your use of the website and to optimise our webpages accordingly.

Further information on the cookies used can be found at this link: https://help.vwo.com/hc/en-us/articles/360033990873 

Details on how your personal data is handled can be found at the following link: https://vwo.com/privacy-policy/ .

For more information on the use of cookies on our website, please refer to the “Cookies” section.


To improve the user friendliness and quality of our service, we use Conversion Tracking and Retargeting technology by Adform ApS, Wildersgade 10B, 1, 1408 Copenhagen K, Denmark.

Conversion Tracking: This website uses Conversion Tracking by Adform. A temporary cookie for Conversion Tracking is set when a user contacts an ad placed by Adform."

Retargeting: This website uses Retargeting technology by Adform. This makes it possible to target users who have already shown interest in our website and products on our partners’ websites. The ads displayed through Retargeting are selected using cookie-based analysis of previous user behavior. The cookie is temporary and only valid for 60 days.

For more information on the use of cookies on our website, please refer to the “Cookies” section.

To ensure accurate collection of sales and/or lead data, affilinet GmbH, Sapporobogen 6-8, 80637 Munich places a cookie on the visitor’s device. The domain parners.webmaster-plan.com or banners.webmasterplan.com places this cookie.

 affilinet cookies only collect the ID of the referring partner and the serial number of the advertising media clicked by the visitor (banner, text link, etc.); this data is required for payment processing. The Partner ID is also used to allocate the commission to be paid to the referring partner when a transaction is concluded.

For more information on privacy visit: https://www.awin.com/us/privacy.

For more information about the use of cookies on our site, please see the section "Cookies".

We use the “Lead Ads” function provided by Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA) to voluntarily process the data of interested parties – so-called leads – via a contact form displayed there. The legal basis for this is the user’s consent in accordance with Art. 6 (1) Letter a GDPR and our legitimate interests in accordance with Art. 6 (1) Letter f GDPR in the use of this data for proprietary purposes and for direct advertising exclusively.
The use of data is linked to the purposes pursued with the respective Lead Ad campaign. These purposes are specifically presented in the Lead Ad before obtaining consent and before we receive the data provided. You can object to its processing at any time.

If you wish to object to the above-mentioned connection with Facebook, you can do so by clicking on 

We use the online advertising programme “Google Ads” on our website and, in this context, conversion tracking. Google Conversion Tracking is an analytical service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If your usual residence is in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller of your data. Google Ireland Limited is therefore the Google affiliate responsible for processing your data and complying with the applicable data protection laws. The cookie for “conversion tracking” is placed on your computer when you click on an ad displayed by Google. These cookies remain valid for a limited period, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the ad and been redirected to this page. Each Google Ads client receives a different cookie. There is thus no possibility for cookies to be tracked through the websites of Ads clients. The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who have clicked on one of our ads and been redirected to a page that has a conversion tracking tag. However, we do not receive any information that personally identifies users. Your data may under certain circumstances be transferred to the USA. The data processing, in particular the placing of cookies, is carried out with your consent on the basis of Art. 6 1(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on your prior consent until the point of its withdrawal.

Further information and the Google privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/ 

For more information on the use of cookies on our website and your right to withdraw consent, please refer to the “Cookies” section. 

This website uses a plugin from the Web analysis service New Relic. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. It enables statistical evaluations about the speed of the website to be made. With the plugin, New Relic receives the information that a user has called up the relevant page of the website. For this purpose, New Relic collects system data on your add-ons, browsers, hardware, software and usage times – so-called application data – by setting cookies in your browser.  If you are logged in to New Relic as a user during this time, New Relic can assign the visit to your account there. If you are not a member of New Relic, it is still possible for New Relic to obtain and store your IP address. You can read about the purpose and scope of the data collection, as well as information on the processing and usage of data by New Relic, and also setting options to protect the privacy of users in the Data protection information of New Relic.

If you are a member of New Relic and do not want New Relic to gather data about you on our website to link you with your membership data saved at New Relic, you should log out of New Relic before visiting our website.

For more information about the use of cookies on our site, please see the section "Cookies".

emarsys Web Extend technology

We use Web Extend technology supplied by emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany (“emarsys”) to optimize online and offline stimulus chains (re-targeting) in order to provide you with individually-tailored content when we show or send advertisements to you.

When you visit our website, cookies from emarsys are saved to your device. These cookies are used to pseudonymously identify the website user. The following data are collected: Browser and version number, operating system, referring URL, IP address (encrypted and abbreviated), session and cookie IDs, country, pseudonymous identifiers (external IDs or encrypted email address) from logged-in visitors as well as information on browsing behavior (products viewed and products placed in the shopping cart or purchased).

Your data is processed with your consent in accordance with Art. 6 (1)(a) GDPR. The emarsys cookies placed with your consent will be deleted automatically after one year. 

You can revoke your consent to the processing of your data for the purposes of individualized online advertising by this website at any time. 

emarsys uses Amazon Web Services Inc. as a data processor for the storage of the data collected by cookies. Your personal data is not transferred.

You can find more information on GDPR and Web Extend at https://help.emarsys.com/hc/en-us/articles/360005205113-GDPR-and-Web-Extend-all-you-need-to-know  and https://help.emarsys.com/hc/en-us/sections/360001104413-Data-Protection-Compliance.

See the “Cookies” section for details on how we use cookies on our website.

We use the Facebook Conversion API service provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) to show you and other interested users ads on Facebook and optimize campaigns. Facebook may use cookies, web beacons and other storage technologies for this purpose and collect your IP address along with other information (email address, gender, first/last name, city, state, zip code and country, mobile phone number, date of birth, external ID, client user agent, click ID, browser ID, subscription ID, FB login ID, lead ID). For details on which information is used, please visit:  https://developers.facebook.com/docs/marketing-api/conversions-api/parameters/customer-information-parameters. How Facebook uses the data for its own purposes, to what extent activities on Facebook are assigned to individual users, how long Facebook stores this data and whether data is shared with third parties is not conclusively and clearly stated by Facebook and is not known to us.  

Data processing takes place on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect; this does not affect the legality of processing carried out on the basis of your consent until the time of revocation. Beyond this, you may revoke your consent in your browser settings or as a user logged on to the Facebook social network site at  https://www.facebook.com/settings/?tab=ads#_. You can also disable user-based advertising by visiting the Network Advertising Initiative (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

To the extent that personal data is collected and shared with Facebook using the Facebook Conversion API as a Facebook Business Tool, we share limited joint responsibility for this data processing with Facebook. We have concluded an agreement with Facebook regarding this joint responsibility for processing your data in accordance with Art. 26 GDPR, the details of which you may view here. According to this agreement, we are responsible for providing information on data privacy and protection and for ensuring the tool is securely implemented on our website. Facebook is responsible for data security. Data subject rights regarding data processed by Facebook can be asserted directly with Facebook and will be forwarded to Facebook in the event they are asserted with us. For more information on which personal data is processed within the scope of this joint responsibility, please visit https://www.facebook.com/legal/terms/businesstools_jointprocessing. Data that is processed by Facebook after we have forwarded it is not processed jointly.

For more information on how Facebook processes personal data, including options for exercising your rights as a data subject vis-à-vis Facebook, please review the Facebook data privacy policy at https://www.facebook.com/about/privacy

Our website/app uses the Microsoft Advertising service. Microsoft Advertising is an online advertising program provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521). (“Microsoft”). As part of the Microsoft Advertising service, we use Universal Event Tracking (UET) to collect and store data from this website/app for marketing and optimization purposes. Your browsing behavior on our website/app is analyzed as part of this process, for example, which offers you viewed. Microsoft saves a cookie to your browser to do this. The cookie is used to collect information about your visits. The cookie is a unique identifier for your web browser and does not identify you personally. Under data protection law Microsoft is the sole processor of the data about you collected from our website/app. Your data may be transmitted to the USA by Microsoft for processing. The European Court of Justice has found that data protections in the United States are inadequate. In this context a risk exists that your data could be processed for monitoring or surveillance purposes by American institutions/authorities, and that in such a case no adequate legal remedy would be available to you. The legislative basis for this data processing is Art. 6 (1)(a) GDPR (consent). Further information on data protection is provided by Microsoft at: https://privacy.microsoft.com/de-DE/privacystatement. You can also exercise your data protection rights in respect of Microsoft (e.g., the right to deletion) via the link. The legislative basis for the data processing described above is Art. 6 (1)(a) GDPR (consent). You can disable the use of cookies by Microsoft and, by doing so, revoke your consent, granted to us, to the use of the Microsoft Advertising service, and/or your consent to the use of Microsoft Retargeting, by visiting this link: https://choice.microsoft.com/deDE/opt-out 

We use the web analytics service Tracify on our website or on parts of our website to record how our website is used by its visitors and to evaluate and optimize the effectiveness of our advertising/marketing measures. Tracify is a web analytics service provided by Tracify GmbH in Munich, Germany. Tracify GmbH acts for us as a data processor on the basis of a data processing agreement in accordance with Art. 28 GDPR.
Tracify enables an analysis of the use of the website and the customer journey without storing cookies or other information on the end device of the user, but only on the basis of browser and device information, such as the IP address of the user, the configuration of the respective user agent (user agent string), usage data, order information, contact data, the screen resolution, the installed fonts and plugins and the processor of the respective device.
The information transmitted to Tracify is completely and irreversibly anonymized immediately after transmission, so that a personal reference is excluded. Only the anonymized aggregated information is analyzed.
Data processing when using Tracify takes place entirely in Germany; there is no data transfer to unsafe third countries without an adequate level of data protection.
The legal basis for the use of Tracify is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in a demand-oriented design of the website and in the evaluation and optimization of our marketing measures.

PAYMENT

The controller has integrated PayPal components into this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. PayPal can also process virtual payments by credit card if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why no traditional account number exists. PayPal enables online payments to be made to third parties or received. PayPal also performs fiduciary functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, data relating to the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of the personal data required to process the payment. Data processing is necessary for our contract with you to be processed.

Cookies are placed when the service is used. For more information on the use of cookies on our website, please refer to the “Cookies” section.

PayPal's current privacy policy can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

 

The operating company of “Sofortüberweisung” is SOFORT GmbH, Fussbergstrase 1, 82131 Gauting, Germany. Privacy policy: https://documents.sofort.com/sue/datenschutzhinweise/

SOFORT GmbH is part of the Klarna Group. Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Website: https://www.klarna.com;  Privacy policy: https://www.klarna.com/uk/privacy  

“Sofortüberweisung” is a payment service that enables cashless payment for products and services on the Internet. “Sofortüberweisung” is a technical procedure through which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer as soon as the order is placed.

If the data subject selects “Sofortüberweisung” as payment option during the ordering process in our online shop, data relating to the data subject will be automatically transmitted to “Sofortüberweisung”. "

Data processing is necessary for our contract with you to be processed.

The buyer transmits the following data when purchasing via “Sofortüberweisung”: Name, account number, sort code, subject, amount, date; “Sofortüberweisung” then carries out further technical checks. Further information can be found in the Sofort GmbH privacy policy.

The online merchant is then automatically notified that the financial transaction has been carried out. The data is transmitted for the purpose of payment processing and fraud prevention."

For more information on the use of cookies on our website, please refer to the “Cookies” section.

 

On our website we offer payment via Giropay, Paypal, Visa and MasterCard, among others. The provider and technical payment provider for payment processing for the payment services is Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, D-96050 Bamberg, Germany (hereinafter “Computop”).

When you make a payment using the above payment methods, Computop collects various transaction data for forwarding to the bank with which you are registered. In addition to the data required for payment, Computop may collect other data, such as the delivery address or individual items in the shopping basket, in the course of processing the transaction.

Computop then authenticates the transaction using the bank’s authentication procedure. The payment amount will then be transferred from your account to ours. Neither we nor third parties have access to your account details."

Data processing is necessary for our contract with you to be processed.

For details on payment with Computop, please refer to the Terms and Conditions and the data protection provisions of Computop at: https://computop.com/uk/tos.

MORE INFORMATION

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.

Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

If you register for our newsletter, we will use the data you provide with your consent to send you our newsletter. The newsletter contains current information and offers from ITEM m6.

The personalised newsletter contains interesting offers, trends, birthday surprises and voluntary opinion polls, including notifications about goods not ordered in the shopping basket or when the price of an item on my wish list is reduced.

We use a service provided by emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany, to send our newsletter.

We also use the double opt-in procedure, which means that the newsletter service will only be activated after you have expressly confirmed to us that you wish to receive it.

If you would like to receive the newsletter offered on this website, we require a valid e-mail address from you to verify that you are the owner of the e-mail address provided and that you agree to receive this newsletter. We will then send you a notification via email requesting that you confirm that you wish to receive our newsletter by clicking on the link contained in the email.

When you subscribe to our newsletter, we store the date of registration. No further data is collected or is only collected on a voluntary basis. This information is only stored as evidence in the event that a third party misappropriates your email address to subscribe to the newsletter without your knowledge or permission. The data you enter in the newsletter subscription form is processed exclusively on the basis of your consent (Art. 6 (1) (a) General Data Protection Regulation (GDPR)).

If you have granted your consent, we will use the preferences collected using the pseudonymous user profile for the content and design of the newsletter and emarsys will only link your email address with the user profile for the purposes of personalizing the newsletter. No other form of analysis or use beyond this will take place.

Furthermore, emarsys offers various analysis options for how the newsletters we send are opened and used, e.g. how many users an email was sent to, whether the emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are solely group-based; we do not use them for individual assessment.

You may revoke your consent to the storage of your data and email address as well as their use for sending the newsletter at any time with future effect, for example via the “unsubscribe” link in the newsletter. Revoking your consent does not affect the legality of data processing operations carried out prior to receipt of your request. The data provided when signing up for the newsletter is used to distribute the newsletter until you cancel your subscription, after which the data is deleted. This does not affect the data we have stored for other purposes (e.g. email addresses for the Member’s Area).

For more information on the emarsys data privacy policy, please visit: https://help.emarsys.com/hc/en-us/sections/360001104413-Data-Protection-Compliance.

 

Direct email advertising to existing customers
Following the purchase of merchandise, we may send advertisements for similar products to the email address you used for your previous purchase – regardless of whether you have subscribed to our newsletter or not.

This data processing is required to protect our legitimate interest in advertising our products to existing customers (legal basis: Art. 7 (3) of the German Act against Unfair Competition (UWG); Art. 6 (1) sentence 1 (f) of the General Data Protection Regulation (GDPR)).

You may revoke your consent to the processing of your data at any time and unsubscribe from our direct email advertising by clicking the “unsubscribe” or “cancel” link contained in all of our advertising emails.

We use the reCaptcha service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

This query enables us to determine whether the entry has been created by a human or fraudulently by means of automated machine processing. The service includes the sending to Google of the IP address and, if necessary, additional data required by Google for the reCAPTCHA service. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be withdrawn at any time. The legality of any and all data processing operations previously carried out will not be affected by your withdrawal of consent.

Otherwise, in accordance with Art. 6 (1)(f) GDPR, the use is based on our legitimate interest in establishing individual responsibility on the Internet and preventing misuse and spam. If the data processing is based on our legitimate interest, you can object to the processing at any time with future effect.  In the event that IP anonymisation is activated on this website, your IP address will, however, previously be truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of this service. The IP address of your browser transmitted in the reCaptcha process will not be combined with other data by Google. This data is subject to the deviating Google data protection provisions."

You can find out more about the Google privacy policy at: https://www.google.com/intl/en/policies/privacy/.

For more information on the use of cookies on our website and your right to withdraw consent, please refer to the “Cookies” section.

We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.

The legal basis for this processing activity is art. 6 (1) (b) GDPR.

We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

For more information about the use of cookies on our site, please see the section "Cookies".

In order to offer our customers a diverse range of payment options, our company regularly checks your credit status for contracts and in certain cases where there is a legitimate interest, even for existing customers. For this we work together with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from whom we receive the necessary data. For this purpose, we will transmit your name and contact details to Creditreform Boniversum GmbH.

The information acc. Article 14 of the EU General Data Protection Regulation on data processing at Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/eu-dsgvo/for-consumers-information-under-eu-gdpr/.

We only forward your data if you agree to the review of your data in the ordering process. The legal basis for the transfer is your consent (Art. 6 (1a) DSGVO). If you do not agree to the examination, we will not transmit your data to Creditreform Boniversum GmbH and at the same time can not offer you the payment method ""Invoice"" for your order.

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

We will store your data,

- if you have consented to the processing thereof, only until you withdraw your consent;

- if we need the data to perform a contract, only for as long as the contractual relationship with you exists;

- if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;

- if statutory retention obligations exist, until the end of the retention periods.

YOUR RIGHTS

You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.

You can request information from us as to whether and to what extent we process your data

If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.



You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
  • the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
  • you have objected to the processing of the data.

You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that

  • we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and
  • that such processing is carried out using automated procedures.

If technically feasible, you may request us to transfer your data directly to another representative.



If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure that you have the latest version. If substantial changes are made to this privacy statement, we will post them on our website.

 

All interested parties and visitors to our website can contact us with questions about privacy at:

ePrivacy GmbH
Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Germany
E-Mail: datenschutz@medi.de