On this page, you will find the data privacy statement for the processing operations on our websites and the data privacy statement for processing operations that take place outside of our websites.

• Data privacy statement for websites
• Data privacy statement for other processing operations

We, pfm medical gmbh (hereinafter referred to as “pfmmedical”; for further information on pfmmedical, please click here), are happy to welcome you as a visitor to our website. To us, data protection and data security during your utilisation of our website are of great significance. We therefore wish to seize this opportunity to provide you with information on which of your personal data we collect when you visit our website and for which purposes such data will be used.

As amendments of the law or changes to our company-internal processes may require an adjustment of this Data Privacy Statement, we request you to read this Data Privacy Statement at regular intervals. The Data Privacy Statement may be retrieved, stored and printed out under Data Privacy Statement at any time.

The person/entity responsible within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states or other data privacy provisions is:

pfm medical gmbh
Wankelstrasse 60
50996 Cologne, Germany
T +49 2236 9641-0
e-mail: info@pfmmedical.com
Website: www.pfmmedical.com

This Data Privacy Statement shall apply to the website/Internet offer of pfmmedical, which can be retrieved under the domains www.pfmmedical.com or www.pfmmedical.de and the various sub-domains (hereinafter referred to as “our website”).

The external data protection officer of the person/entity responsible is:

Dr. Karsten Kinast, LL.M., barrister-at-law
KINAST Rechtsanwaltsgesellschaft mbH
Nordstraße 17a
50733 Cologne, Germany
T +49 221 222183-0
Email: dsb-pfmmedical(at)kinast(dot)eu
Website: https://www.kinast.eu

Personal data is any information that relates to an identified or identifiable private individual. For instance, this includes information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or your user behaviour. Information that does not allow us to establish any relation with you as a person (or that only allows us to do through disproportionate expenditure), for instance due to anonymisation of the respective information, does not represent personal data. The processing of personal data (such as collection, retrieval, utilisation, storage or transmission) shall always require a legal basis or your personal consent. Processed personal data will be deleted as soon as the purpose of processing has been achieved and legally stipulated storage periods do not have to be complied with anymore.

Where we process your personal data to make certain offers/services available to you, we inform you hereafter on the specific processing activities, the scope and purpose of data processing, the legal basis of the data processing activities and the respective storage period.

1. Provision and utilisation of the website

a. Kind and scope of data processing

Whenever our website is retrieved and used, we collect the personal data transmitted to our server automatically by your browser. This information is stored temporarily in a so-called log file. If you use our website, we will collect the following data that we require technically to display our website to you and to ensure its stability and security:

• IP address of the retrieving computer
• Date and time of retrieval
• Name and URL of the file retrieved
• Website from which our own website has been accessed (Referrer URL)
• The browser used and, where applicable, the operating system of your computer and the name of your access provider

b. Legal basis

For the data processing activities mentioned above, the legal basis is Art. 6 (1)(f) GDPR. Processing of the data mentioned above is necessary to make a website available and hence serves to protect a legitimate interest of our company.

c. Storage period

The aforementioned data shall be deleted as soon as they are no longer necessary to display the website. The collection of the data for provision of the website and the storage of the data in log files is indispensable for the operation of the web page. As a consequence, there is no possibility for the user to raise objections. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

2. Contact forms

a. Kind and scope of data processing

On our website, we offer you the opportunity to get in touch with us via provided contact forms. During the process, by which you send us your inquiry via the contact form, this Data Privacy Statement will be referred to in order to obtain your consent. If you make use of the contact forms, the following of your personal data will be processed depending on the type of contact form:

• e-mail address
• Title and surname
• Postcode
• Country

In this context, the indication of your e-mail address as well as the title and surname serve the purpose of allocating your inquiry and sending you a personal response. The postcode and country serve the purpose of allocating your inquiry to the correct contact person. When you use the contact form, your aforementioned data may be passed on to our subsidiaries or sales partners if this is necessary to answer your enquiry. Beyond this, your personal data will not be passed on to third parties.

b. Legal basis

The data processing activities for the establishment of contact as described above (cf. § 4 2. a.) are based on Art. 6 (1) (b,f) GDPR.

c. Storage period

As soon as the question asked by you and the respective circumstances have been finally clarified, the personal data processed via the contact form will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

3. Marketing consent

a. Kind and scope of data processing

We record your marketing consent, if you give it, within our contact forms. The following personal data is processed in this context:

• Consent to use your contact data for marketing purposes

Otherwise, your data will not be passed on to companies or persons outside the pfmmedical group, nor will it be used for other purposes, unless you consent to it being passed on for such purposes. 
 

b. Legal basis

The data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

4. Registration for workshops via online registration form

a. Kind and scope of data processing

You can register for our workshops and webinars using the registration form on the website. The following personal data is processed as part of the registration process:

• Greeting (optional)
• Title (optional)
• First and last name
• Job title
• Employer
• Postal address
• Email address
• Phone number
• Marketing consent (optional) – see also point 3
• Consent to photography during the event (optional) – see also point 6

We may also collect information about your CV. This will be passed on to the workshop leader and used to tailor the workshop content accordingly.

Otherwise, your data will not be passed on to companies or individuals outside the pfmmedical group or used for other purposes, unless you consent to such disclosure.

b. Legal basis

We process the data required for the fulfilment of the contract (workshop participation) on the basis of Art. 6 (1)(1)(b) GDPR. We process any additional information you provide voluntarily on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

5. Photographs taken at events

a. Kind and scope of data processing

During events organised by pfmmedical (e.g. surgical workshops), photos are taken, provided that you have given your consent, which are subsequently used in the corporate communications of the pfmmedical group.

The following personal data is processed in this context:

• Photos

Other than this, your data will not be passed on to companies or persons outside the pfmmedical group or used for other purposes, unless you consent to such disclosure.

b. Legal basis

The legal basis for the processing of the photos is Art. 6 (1)(1)(a) GDPR.. 

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

Individual processes and services are carried out by carefully selected and commissioned service providers. Service providers are obliged by us to comply with data protection and security requirements. A secure third country transfer takes place. 

Apart from that we shall only transfer your personal data to third parties if:

• you have provided your explicit consent pursuant to Art. 6 (1)(a) GDPR
• this is legally admissible and necessary for the performance of a contractual relationship with you according to Art. 6 (1)(b) GDPR
• there is a statutory obligation to transfer the data pursuant to Art. 6 (1)(c) GDPR
• the data transfer is necessary, pursuant to Art. 6 (1)(f) GDPR, for the protection of legitimate company interests, and for the assertion, exercise or defence of legal claims, and if there is no reason to assume that you have an overriding interest, which is worthy of protection, in the non-transfer of your data.

a. Kind and scope of data processing

We make use of cookies on our website. Cookies are small files transmitted by us to the browser of your terminal device and stored there in the framework of your visit to our web pages. Without the use of technically necessary cookies, some functions of our website cannot be offered. By contrast, other cookies enable us to conduct various analyses. For instance, cookies are able to recognise the browser used by you and transmit various information to us on the occasion of your renewed visit to our website. By means of cookies, we are able, among other things, to design our website in a more user-friendly and effective manner for you, e.g. by tracking your utilisation of our website and identifying your preferred settings (such as country and language settings). Where third parties process information via cookies, they collect this information directly from your browser. Cookies do not inflict any damage on your terminal device. They are not able to execute programs nor do they contain viruses.

Various types of cookies are used on our website, the types and functions of which are explained hereafter.

To change the saved cookie settings, please click here.

b. Legal basis 

On the grounds of the purposes of use described above (cf. § 6. a.), the legal basis for the processing of personal data including the use of cookies is Art. 6 (1)(f) GDPR.

c. Storage period

As soon as the data transmitted to us via the cookies are no longer necessary to achieve the aforementioned purposes, this information will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

d. Configuration of the cookie settings

When you access our website, a pop-up window will appear, giving you the opportunity to adjust the cookie settings. You can accept all cookies or reject non-functional cookies and save them.

These settings will be saved. You can adjust them at any time by clicking on the following link: https://www.pfmmedical.com/?showOptIn=1

e. Configuration of the browser settings

Most browsers have default settings that accept cookies on a standardised basis. You are nevertheless able to configure your respective browser in such a manner that it will only accept certain cookies or cease accepting any cookies whatsoever. However, we advise you that you may no longer be able to use all the functions of our website if cookies on our website have been deactivated due to your browser settings. You are also able to delete cookies via your browser settings, which have already been stored in your browser, or to have their storage periods displayed to you. Furthermore, there is a possibility to configure your browser settings in such a way that you receive notification from the browser before cookies are stored. As the various browsers may differ in regard to their respective modes of operation, we request you to use the Help menu of your browser when it comes to the possibilities of configuration.
If you wish to receive a comprehensive overview of each and every third-party access to your Internet browser, we recommend you install a plug-in designed specifically for this purpose.

We use tracking and analysis tools to optimise our website and make it more user-friendly. These tools help us to statistically record usage and improve our online offering. The use of these tools is justified under Article 6 (1)(f) GDPR. The following descriptions provide information about the tools, processing purposes and data.

1. Matomo

For statistical analysis, we use the web analysis tool ‘Matomo’ (formerly Piwik) on our websites, an open-source solution from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (hereinafter: Matomo).

We host Matomo on our web server in Germany and have concluded a data processing agreement with the operator. The data collected with Matomo is not passed on to third parties and is processed exclusively within the European Union.

We only collect anonymised data when tracking your IP address. In the first processing step, the last byte of IPv4 addresses is anonymised (e.g. 197.15.107.xx instead of 197.15.107.24), and for IPv6 addresses the last last 8 bytes (e.g. 2001:db8:0:8d3:xx:xx:xx:xx instead of 2001:db8:0:8d3:0:8a2e:70:7344).

When you visit our website, we store the following data:

• the first two bytes of the user's IP address
• the address of the resource accessed
• the website from which the user accessed the website (referrer)
• the time spent on the website
• the frequency of visits to the website
• the user's interactions with the site
• Information about the browser used

If you have given us your consent for ‘analysis cookies’ in the cookie layer, we use a version of the Matomo tracker with cookies for session tracking on our website. The Matomo cookies we use are described in detail in the cookie layer or in the data protection declaration.

If, on the other hand, you have not given us permission to use analysis cookies, we will use the cookie-free version of the Matomo tracker. No data will be stored on your end device.

The data will be deleted as soon as it is no longer needed for recording purposes. Currently, the anonymised raw access data is deleted after 180 days.

1. LinkedIn

A share button of the network LinkedIn is used on this website. By clicking on this button, a short-term connection will be established via your browser with the servers of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"), by which the share button functions are provided.

Clicking the button thus informs LinkedIn about the fact that our website has been visited with your IP address. If you click on the share button while you are logged into your LinkedIn account at the same time, you have the possibility to share our content in your LinkedIn profile. By doing so, you enable LinkedIn to allocate your visit to our website to you personally or to your user account. Please bear in mind that we have no knowledge of the contents of the transmitted data and their utilisation by LinkedIn.

The respective current data protection information by LinkedIn and supplementary information is retrievable on the following website: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv

2. X (Twitter)

A share button of the network “X” is used on this website. By clicking this button, a short-term connection will be established via your browser with the servers of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter referred to as "Twitter"), by which the X share button functions are provided.

Clicking the button thus informs Twitter about the fact that our website has been visited with your IP address. If you click on the X Share Button and are logged into your X account at the same time, you have the possibility to share our content in your X profile. By doing so, you enable Twitter to allocate your visit to our website to you personally or to your user account. Please bear in mind that we have no knowledge of the contents of the transmitted data and their utilisation by Twitter.

The respective current data protection information by Twitter and supplementary information is retrievable on the following website: https://x.com/en/privacy

3. Google reCAPTCHA

To secure the transmission of forms we use the service reCAPTCHA provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). 

By using reCAPTCHA it can be determined in particular whether the input is made by a natural person or abusively by mechanical and automated processing. For analysis the service reCAPTCHA evaluates various personal data (e.g. IP address, duration of the web page visit, the behavior of the web page visitors, information about operating system, browser and dwell time, cookies, display instructions and scripts, the input behavior of the user as well as mouse movements). The data collected during the analysis is forwarded to Google. 

The IP address transmitted within the scope of "reCAPTCHA" will not be merged with other Google data unless you are logged in to your Google account at the time you use the "reCAPTCHA" plug-in. If you want to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.

For the information and data obtained by reCAPTCHA and forwarded to Google the deviating data protection regulations of the company Google apply. Further information can be found at: www.google.de/intl/de/privacy

1. General

Our website includes so-called hyperlinks to the websites of other providers. In the event of activation of such hyperlinks, you will be forwarded directly from our website to the websites of other providers. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on these third-party websites, as we do not exert any influence on these companies’ adherence the applicable data protection regulations. As for the treatment of your personal data by these companies, please gather information directly on their websites.

2. YouTube

For instance, our website also includes hyperlinks to YouTube. If you click on that hyperlink, you will leave our website and be forwarded directly to the website of YouTube. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on the website of YouTube, as we do not exert any influence on this company’s adherence to applicable data protection regulations. For information on the data collected/recorded by YouTube and their processing, please refer to the Data Privacy Statement of the social network at: https://policies.google.com/privacy?hl=en&gl=en.

For you as a person concerned by the processing of personal data, the following rights result under the EU General Data Protection Regulation:

• Pursuant to Art. 15 GDPR, you are entitled to demand information on your personal data processed by us. In particular, you are entitled to demand information from us on the purposes of data processing, the categories of personal data, the categories of recipients to which your data have been disclosed or are disclosed, the scheduled storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data unless they have been collected from us, the transmission to third countries or international organisations, and on the existence of an automated decision-making process including profiling and, where applicable, meaningful information on the details of such processes.
• Pursuant to Art. 16 GDPR, you are entitled to demand the correction of any incorrect personal data stored by us or the completion of any incomplete personal data stored by us – in relation to you as a person – without delay.
• Pursuant to Art. 17 GDPR, you are entitled to demand the deletion of any of your personal data stored by us as far as the data processing is not required to exercise the right of free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Pursuant to Art. 18 GDPR, you are entitled to demand restriction of the processing of your personal data as far as you dispute the correctness of the data, as far as the processing is unlawful, or as far as we no longer require the data, and if you refuse deletion of the data because you require them to assert, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have raised an objection to the data processing activities pursuant to Art. 21 GDPR.
• Pursuant to Art. 20 GDPR, you are entitled to demand from us that you receive the personal data which you have made available to us, in a structured, well-established and machine-readable format, or you may demand transmission of the data to another responsible person/entity.
• Pursuant to Art. 7 (3) GDPR, you are entitled to revoke your provided consent in a notification transmitted to us at any time. The consequence thereof will be that we will not be allowed to continue the data processing activities conducted on the basis of that consent in the future.
• Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority. As a rule, you may submit your complaint to the supervisory authority in charge of your usual place of domicile, your place of work or the registered office of our company.

Where your personal data is processed on the grounds of legitimate interests pursuant to Art. 6 (1)(1)(f) GDPR, you are entitled pursuant to Art. 21 GDPR to raise an objection against the processing of your personal data, provided reasons are in place for such an objection that result from your particular situation, or provided the objection is raised against direct advertising activities. In the event of direct advertising activities, you have a general right to object, which is implemented by us without reference to/indication of a particular situation.

We undertake to protect your privacy and to treat your personal data confidently. To avoid manipulation, loss or abuse of your data stored by us, we take comprehensive technical and organisational safety precautions that are being reviewed at regular intervals and adjusted to technological progress. Among other things, this includes the use of recognised encryption procedures (SSL or TLS). However, we advise you that, due to the structure of the Internet, it is possible that the rules of data protection and the safeguarding measures may not be observed by other persons or institutions acting outside our area of responsibility. In particular, information transmitted without encryption – for instance in the event of transmission by e-mail – may also be read by third parties. We do not have any technological influence on such occurrences. It lies within the user’s scope of responsibility to protect the data made available by him/her from abuse through encryption or otherwise.

We at pfm medical gmbh (hereinafter referred to as ‘pfm medical’; information about pfm medical is available here) are pleased that you have contacted us. Data protection and data security are very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect during which contacts and for what purposes it is used.

As amendments of the law or changes to our company-internal processes may require an adjustment of this Data Privacy Statement, we request you to read this Statement at regular intervals. It may be retrieved, stored and printed out under Data Privacy Statement at any time.

The person/entity responsible within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states or other data privacy provisions is:

pfm medical gmbh
Wankelstrasse 60
50996 Cologne, Germany
T +49 2236 9641-0
e-mail: info@pfmmedical.com
Website: www.pfmmedical.com

This Data Privacy Statement applies to all the processing operations described herein.

The external data protection officer of the person/entity responsible is:

Dr. Karsten Kinast, LL.M., barrister-at-law
KINAST Rechtsanwaltsgesellschaft mbH
Nordstraße 17a
50733 Cologne, Germany
T +49 221 222183-0
Email: dsb-pfmmedical(at)kinast(dot)eu
Website: https://www.kinast.eu

Personal data is any information that relates to an identified or identifiable private individual. For instance, this includes information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or your user behaviour. Information that does not allow us to establish any relation with you as a person (or that only allows us to do through disproportionate expenditure), for instance due to anonymisation of the respective information, does not represent personal data. The processing of personal data (such as collection, retrieval, utilisation, storage or transmission) shall always require a legal basis or your personal consent. Processed personal data will be deleted as soon as the purpose of processing has been achieved and legally stipulated storage periods do not have to be complied with anymore.

Where we process your personal data to make certain offers/services available to you, we inform you hereafter on the specific processing activities, the scope and purpose of data processing, the legal basis of the data processing activities and the respective storage period.

1. Customer order/customer contact via fax

a. Kind and scope of data processing

When we receive an order from you by fax or telephone, we collect the following personal data:

• Salutation and Title
• First name and surname
• Email address
• Postal address
• Telephone number

The purpose of this information is to identify you as a customer, to correspond with you and to process orders.

b. Legal basis

The data processing described above (cf. § 4 4. a) is carried out in accordance with Art. 6 (1)(b) GDPR on a contractual or pre-contractual legal basis.

c. Storage period

The personal data collected by us will be stored until the end of the statutory storage obligation and deleted thereafter, unless we are obliged to store them for a longer period of time in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO).

2. Contact in the process of contract initiation and processing as well as for marketing purposes

a. Kind and scope of data processing

In the context of your enquiries, contract initiation and/or contract processing, we process your personal data as listed below. 

Furthermore, we use the data for the purpose of sending you marketing information on the following topics by post, telephone or mailing, provided we have your consent to do so: To advertise our products and services and to send you other information, including notices of professional events and training opportunities, news of studies and research findings, scientific information and newsletters that are within the scope of your practice.
In doing so, we collect your following personal data, depending on availability:

• Salutation / title
• First and last name
• Department
• Function
• Address (of employer, if applicable)
• Country / State
• Telephone number
• Email address
• Website
• Preferred method of communication
• Advertising consent
• Consent to the processing of personal data 

b. Legal basis

Data is processed either on the basis of your consent pursuant to Art. 6 (1)(a) GDPR or to protect our legitimate interest pursuant to Art. 6 (1)(f) GDPR. If we negotiate or conclude a contract, the data is processed in accordance with Art. 6 (1)(b) GDPR. 

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period. When contracts are terminated, your data is usually deleted within 3 years after the end of the contract, unless we are obliged to store it for a longer period in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

3. Submitting reports in the whistleblower system WeReport 

a. Kind and scope of data processing

pfmmedical processes the following kinds of personal data, among others, in the course of entering and processing reports in the internal whistleblower system WeReport:

• Information for the personal identification of the whistleblower, such as first and last name, gender, address, telephone number and e-mail address;
• Employee relationship to pfmmedical;
• Information about data subjects, i.e., natural persons designated in a notification as a person who committed the violation or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that allows identification;
• Information about violations that may allow conclusions to be drawn about a natural person. 

pfmmedical processes the personal data for the purpose of investigating the reports in order to prevent, detect and/or follow up on violations of applicable law or company policies (such as taking steps to verify the validity of the allegations made in the Report and, if necessary, to take action against the reported violation, including through internal inquiries, investigations, law enforcement actions, actions for (re)recoveryConvalescence (from the Latin "reconvalescere" - becoming strong again) means healing or recovery. of funds or conclusion of the case).   

b. Legal basis

We only process information for the personal identification of the whistleblower if the whistleblower has given us consent to do so in accordance with Art. 6 (1)(a) GDPR. According to this provision, processing is only lawful if the data subject has given his or her consent to the processing of personal data relating to him or her for one or more specific purposes.  

We process information on employee status, information on data subjects and other information that allows conclusions to be drawn about natural persons on the basis of Art. 6 (1)(f) GDPR. According to this, processing is lawful if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these interests.  

Our legitimate interest is - depending on the specific individual case to be examined - to process notifications in order to be able to carry out follow-up actions, such as measures to examine the validity of the allegations made in the notification and, if necessary, to take measures against the reported infringement, including through internal inquiries, investigations, prosecution measures, measures for the (re)recoveryConvalescence (from the Latin "reconvalescere" - becoming strong again) means healing or recovery. of funds or conclusion of the proceedings. Whether interests or fundamental rights and freedoms of the data subject conflict with such data processing will be examined on a case-by-case basis - including with regard to the breach.  

We may process personal data of employees on the basis of § 26 (1)(2) German Federal Data Protection Act. According to this, personal data of employees within the meaning of § 26 (8) German Federal Data Protection Act may be processed for the purpose of uncovering criminal offenses if factual indications to be documented give rise to the suspicion that the data subject has committed a criminal offense in the employment relationship, the processing is necessary for the purpose of uncovering the offense, and the interest of the employee worthy of protection in the exclusion of the processing does not prevail, in particular the type and extent are not disproportionate with regard to the reason.  

c. Storage period

Data is generally stored until follow-up action has been completed. As a rule, data from a notification will be deleted after 2 months, once the proceedings have been finally concluded, unless the initiation of further legal action requires continued storage (e.g. initiation of criminal proceedings or disciplinary proceedings). Personal data in connection with notifications will be deleted by us immediately if we consider them to be manifestly factually groundless or if you have revoked your declaration of consent to data processing.  

d. Information pursuant to Art. 13 (1)(e) GDPR

The provision of data through a notification in the whistleblower system WeReport is neither contractually required nor necessary for the conclusion of a contract. Under certain circumstances, depending on the individual case, there are legal obligations to provide us with a report. However, processing of the data is necessary for meaningful processing and investigation of a report that has been made. 

4. Registration for workshops via the registration form (PDF pr printed)

a. Kind and scope of data processing

You can register for our workshops and webinars using the registration form (offline). 

The following personal data is processed as part of the registration process:

• Salutation (voluntary)
• Title (voluntary)
• First name and surname
• Job title
• Employer
• Postal address
• Email address
• Telephone number
• Marketing consent  (voluntary) - see also point 6
• Consent to photographs being taken during the event (voluntary) - see also point 5

We may also collect your CV details. This information will be passed on to the workshop organisers and used to tailor the workshop content accordingly.

Beyond this, your data will not be passed on to companies or persons outside the organising company of the pfmmedical Group and pfm medical gmbh or used for other purposes unless you consent to such disclosure. 

b. Legal basis

We process your data required for the fulfilment of the contract (workshop participation) on the basis of Art. 6 (1)(1)(b) GDPR. We process your additional voluntary information on the basis of your consent in accordance with Art. 6 (1)(1)(a) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

5. Photographs and videos being taken during the events

a. Kind and scope of data processing

During events organised by pfmmedical (e.g. surgical workshops, events in trade fair booths), photos and videos are taken, provided that you have given your consent, which are subsequently used in the corporate communications of the pfmmedical group.

The following personal data is processed in this context:

• Photos and videos

Other than this, your data will not be passed on to companies or persons outside the pfmmedical group or used for other purposes, unless you consent to such disclosure.

b. Legal basis

The legal basis for the processing of the photos and videos is Art. 6 (1)(1)(a) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

6. Marketing consent

a. Kind and scope of data processing

We record your marketing consent, if you give it, within our contact forms (offline).

The following personal data is processed in this context:

• Consent to use your contact data for marketing purposes

Otherwise, your data will not be passed on to companies or persons outside the pfmmedical group, nor will it be used for other purposes, unless you consent to it being passed on for such purposes. 

b. Legal basis

The data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period to the contrary. As a rule, your data will be deleted within 3 years of the end of the contract, unless we are obliged to store it for longer in accordance with Art. 6 (1)(1)(c) GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

7. Business Partner Questionnaire

a. Type and scope of data processing

As part of our cooperation with your company as a business partner, we may process your personal data in accordance with the information provided by your company on our ‘Business Partner Questionnaire’ form, as listed below, in order to carry out a compliance check (purpose: to review the company officers with regard to their business activities, sanctions against individuals and possible conflicts of interest).

In doing so, we collect the following personal data, depending on availability:

• Form of address / title
• First name and surname
• Place and date of birth
• Nationality
• Function
• Address
• Country
• Telephone number
• Email address
• Website

In addition, we process the first name and surname, employer and position, and, if applicable, the telephone number of the contact persons of reference companies, public officials or healthcare professionals named to us, as well as information provided to us via the form, which is related to criminal offences or other legal violations by a person.

The data will not be passed on to companies or persons outside the pfmmedical group or used for any other purpose, unless we are legally obliged to do so. If there is reasonable suspicion of a criminal offence (e.g. money laundering, corruption), we reserve the right to pass the data on to the relevant investigating authorities.

b. Legal basis

Data processing is carried out to protect our legitimate interests in accordance with Article 6 (1)(f) GDPR. If we negotiate or conclude a contract, the data processing is carried out in accordance with Article 6 (1)(b) GDPR.

c. Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved, provided that there is no further legal obligation to store it.

Individual processes and services are carried out by carefully selected and commissioned service providers. Service providers are obliged by us to comply with data protection and security requirements. A secure third country transfer takes place. 

Apart from that we shall only transfer your personal data to third parties if:

• you have provided your explicit consent pursuant to Art. 6 (1)(a) GDPR
• this is legally admissible and necessary for the performance of a contractual relationship with you according to Art. 6 (1)(b) GDPR
• there is a statutory obligation to transfer the data pursuant to Art. 6 (1)(c) GDPR
• the data transfer is necessary, pursuant to Art. 6 (1)(f) GDPR, for the protection of legitimate company interests, and for the assertion, exercise or defence of legal claims, and if there is no reason to assume that you have an overriding interest, which is worthy of protection, in the non-transfer of your data.

pfmmedical operates various social media channels (LinkedIn company pages, Facebook fan pages and Instagram profiles). When you access these, the platform operators (LinkedIn, Meta) process various data. Depending on the operator, your data may be linked to other platforms. We have no influence on this. The site operators process this data in different forms and provide it to us in aggregated form.

LinkedIn

The primary controller for the processing of LinkedIn data in accordance with the GDPR is LinkedIn.  As the operator of the company page, we do not make any decisions regarding the processing of data and all other information arising from Art. 13 GDPR, including the legal basis, the identity of the controller and the storage duration of cookies on user terminals.

Details of the data processed by LinkedIn can be found on the page https://www.linkedin.com/legal/privacy-policy

Rights of data subjects under the GDPR can be asserted against LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and pfm medical gmbh.

Meta (Facebook & Instagram)

The primary controller under the GDPR for the processing of Insights data on Facebook and Instagram is Meta. Meta fulfils all the obligations under the GDPR with regard to the processing of Insights data. As the operator of the fan page, we do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user terminals.

Details of the data processed by Meta can be found on the website www.facebook.com/legal/terms/information_about_page_insights_data.

Rights of data subjects under the GDPR can be asserted against Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland and against pfm medical gmbh.

For you as a person concerned by the processing of personal data, the following rights result under the EU General Data Protection Regulation:

• Pursuant to Art. 15 GDPR, you are entitled to demand information on your personal data processed by us. In particular, you are entitled to demand information from us on the purposes of data processing, the categories of personal data, the categories of recipients to which your data have been disclosed or are disclosed, the scheduled storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data unless they have been collected from us, the transmission to third countries or international organisations, and on the existence of an automated decision-making process including profiling and, where applicable, meaningful information on the details of such processes.
• Pursuant to Art. 16 GDPR, you are entitled to demand the correction of any incorrect personal data stored by us or the completion of any incomplete personal data stored by us – in relation to you as a person – without delay.
• Pursuant to Art. 17 GDPR, you are entitled to demand the deletion of any of your personal data stored by us as far as the data processing is not required to exercise the right of free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Pursuant to Art. 18 GDPR, you are entitled to demand restriction of the processing of your personal data as far as you dispute the correctness of the data, as far as the processing is unlawful, or as far as we no longer require the data, and if you refuse deletion of the data because you require them to assert, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have raised an objection to the data processing activities pursuant to Art. 21 GDPR.
• Pursuant to Art. 20 GDPR, you are entitled to demand from us that you receive the personal data which you have made available to us, in a structured, well-established and machine-readable format, or you may demand transmission of the data to another responsible person/entity.
• Pursuant to Art. 7 (3) GDPR, you are entitled to revoke your provided consent in a notification transmitted to us at any time. The consequence thereof will be that we will not be allowed to continue the data processing activities conducted on the basis of that consent in the future.
• Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority. As a rule, you may submit your complaint to the supervisory authority in charge of your usual place of domicile, your place of work or the registered office of our company.

Where your personal data is processed on the grounds of legitimate interests pursuant to Art. 6 (1)(1)(f) GDPR, you are entitled pursuant to Art. 21 GDPR to raise an objection against the processing of your personal data, provided reasons are in place for such an objection that result from your particular situation, or provided the objection is raised against direct advertising activities. In the event of direct advertising activities, you have a general right to object, which is implemented by us without reference to/indication of a particular situation.

We undertake to protect your privacy and to treat your personal data confidently. To avoid manipulation, loss or abuse of your data stored by us, we take comprehensive technical and organisational safety precautions that are being reviewed at regular intervals and adjusted to technological progress. Among other things, this includes the use of recognised encryption procedures (SSL or TLS). However, we advise you that, due to the structure of the Internet, it is possible that the rules of data protection and the safeguarding measures may not be observed by other persons or institutions acting outside our area of responsibility. In particular, information transmitted without encryption – for instance in the event of transmission by e-mail – may also be read by third parties. We do not have any technological influence on such occurrences. It lies within the user’s scope of responsibility to protect the data made available by him/her from abuse through encryption or otherwise.

As of: December 2024