Data Privacy Statement

We, pfm medical ag (hereinafter referred to as “pfm medical”; for further information on pfm medical, please click here), are happy to welcome you as a visitor to our website. To us, data protection and data security during your utilisation of our website are of great significance. We therefore wish to seize this opportunity to provide you with information on which of your personal data we collect when you visit our website and for which purposes such data will be used.

As amendments of the law or changes to our company-internal processes may require an adjustment of this Data Privacy Statement, we request you to read this Data Privacy Statement at regular intervals. The Data Privacy Statement may be retrieved, stored and printed out under Data Privacy Statement at any time.

The person/entity responsible within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states or other data privacy provisions is:

pfm medical ag
Wankelstrasse 60 50996
Cologne, Germany
T +49 2236 9641-0
e-mail: info[at]pfmmedical(dot)com
Website: www.pfmmedical.com

This Data Privacy Statement shall apply to the website/Internet offer of pfm medical, which can be retrieved under the domain www.pfmmedical.com and the various sub-domains (hereinafter referred to as “our website”).

The external data protection officer of the person/entity responsible is:

Dr. Karsten Kinast, LL.M., barrister-at-law
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne, Germany
Tel.: +49 (0)221 – 222 183 – 0
e-mail: mail[at]kinast.eu
Website: http://www.kinast.eu

Personal data is any information that relates to an identified or identifiable private individual. For instance, this includes information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or your user behaviour. Information that does not allow us to establish any relation with you as a person (or that only allows us to do through disproportionate expenditure), for instance due to anonymisation of the respective information, does not represent personal data. The processing of personal data (such as collection, retrieval, utilisation, storage or transmission) shall always require a legal basis or your personal consent. Processed personal data will be deleted as soon as the purpose of processing has been achieved and legally stipulated storage periods do not have to be complied with anymore.

Where we process your personal data to make certain offers/services available to you, we inform you hereafter on the specific processing activities, the scope and purpose of data processing, the legal basis of the data processing activities and the respective storage period.

1.    Provision and utilisation of the website

a.    Kind and scope of data processing

Whenever our website is retrieved and used, we collect the personal data transmitted to our server automatically by your browser. This information is stored temporarily in a so-called log file. If you use our website, we will collect the following data that we require technically to display our website to you and to ensure its stability and security:

• IP address of the retrieving computer
• Date and time of retrieval
• Name and URL of the file retrieved
• Website from which our own website has been accessed (Referrer URL)
• The browser used and, where applicable, the operating system of your computer and the name of your access provider

b.    Legal basis

For the data processing activities mentioned above, the legal basis is Article 6 Subsection 1 Letter f of the EU General Data Protection Regulation. Processing of the data mentioned above is necessary to make a website available and hence serves to protect a legitimate interest of our company.

c.    Storage period

The aforementioned data shall be deleted as soon as they are no longer necessary to display the website. The collection of the data for provision of the website and the storage of the data in log files is indispensable for the operation of the web page. As a consequence, there is no possibility for the user to raise objections. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

2.    Contact forms

a.    Kind and scope of data processing

On our website, we offer you the opportunity to get in touch with us via provided contact forms. During the process, by which you send us your inquiry via the contact form, this Data Privacy Statement will be referred to in order to obtain your consent. If you make use of the contact forms, the following of your personal data will be processed depending on the type of contact form:

• e-mail address 
• Title and surname
• Postcode
• Country

In this context, the indication of your e-mail address as well as the title and surname serve the purpose of allocating your inquiry and sending you a personal response. The postcode and country serve the purpose of allocating your inquiry to the correct contact person. When you use the contact form, your aforementioned data may be passed on to our subsidiaries or sales partners if this is necessary to answer your enquiry. Beyond this, your personal data will not be passed on to third parties.

b.    Legal basis

The data processing activities for the establishment of contact as described above (cf. § 4 2. a.) are based on the following declaration of consent, which you provide voluntarily in accordance with Article 6 Subsection 1 Letter a of the EU General Data Protection Regulation:

"By entering my data and confirming the “Send” button, I declare that I agree with the processing of my e-mail address, title, surname, postcode and country for the purpose of getting a response to my contact inquiry. I may revoke my consent to the collection/recording of the personal data collected during my utilisation of the contact form at any time."

c.    Storage period

As soon as the question asked by you and the respective circumstances have been finally clarified, the personal data processed via the contact form will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

3.    Application form

a.    Kind and scope of data processing

You can apply by post, by e-mail or on our website via an application form. On our website our external service provider umantis Deutschland GmbH provides a form which is integrated into our website as an iFrame. We also enter applications sent by post or e-mail into the umantis Deutschland GmbH system for administration purposes. The following personal data will be processed during the application procedure:

• Title
• First name and surname
• Postal address
• e-mail address 
• Telephone number

In addition, application documents such as the cover letter, the CV, vocational, basic and advanced training certificates and job references will be recorded.

These data and information serve the purpose of assessing your application and sending you a response. These data will be stored, evaluated, processed or forwarded internally exclusively within the framework of your application. They will only be accessible to employees of the human resources department and to the persons responsible for personnel selection at pfm medical ag. Your data will not be forwarded to companies or persons outside pfm medical ag or used for other purposes unless you agree with a corresponding data transfer.

As part of the process of submitting your application via the form, reference is made to this data protection declaration in order to obtain your consent. With your consent, you give us permission to store your data for a period of 12 months after a rejection has been issued. This is for the purpose of including you in our talent pool with the background of contacting you should further capacities arise for which you are eligible.

The data may be processed for statistical purposes (such as reporting). However, this will not allow us to identify individual persons.

b.    Legal basis

The data processing activities for job application purposes as described above (cf. § 4 3. a.) is carried out on the basis of a contract and thus in accordance with Art. 6 para. 1 lit. b DSGVO. If you consent to us additionally including your application in the talent pool, the data processing will be based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO.

c.    Storage period

If you have applied for a position but application has been turned down, your information will be stored for another 3 months after completion of the application procedure and afterwards be deleted in accordance with the applicable data protection regulations (profile and application). You will not receive a notification on the deletion of the data. Where you have provided your consent with data storage beyond a specific staffing process (inclusion in the talent pool), your data will be stored over a period of up to 12 months.

4.    Customer order/customer contact via fax

a.    Kind and scope of data processing

When we receive an order from you by fax or telephone, we collect the following personal data:

• Salutation and Title
• First name and surname
• e-mail address 
• Postal address
• Telephone number

The purpose of this information is to identify you as a customer, to correspond with you and to process orders.

b.    Legal basis

The data processing described above (cf. § 4 4. a) is carried out in accordance with Art. 6 para. 1 lit. b GDPR on a contractual or pre-contractual legal basis.

c.    Storage period

The personal data collected by us will be stored until the end of the statutory storage obligation and deleted thereafter, unless we are obliged to store them for a longer period of time in accordance with Article 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO).

5.    Contact in the process of contract initiation and processing as well as for marketing purposes

a.    Kind and scope of data processing

In the context of your enquiries, contract initiation and/or contract processing, we process your personal data as listed below. 
Furthermore, we use the data for the purpose of sending you marketing information on the following topics by post, telephone or mailing, provided we have your consent to do so: To advertise our products and services and to send you other information, including notices of professional events and training opportunities, news of studies and research findings, scientific information and newsletters that are within the scope of your practice.
In doing so, we collect your following personal data, depending on availability:

• Salutation / title
• First and last name
• Department
• Function
• Address (of employer, if applicable)
• Country / State
• Telephone number
• E-mail address
• Web site
• Preferred method of communication
• Advertising consent
• Consent to the processing of personal data 
• Photo

b.    Legal basis

Data is processed either on the basis of your consent pursuant to Art. 6 (1) a) GDPR or to protect our legitimate interest pursuant to Art. 6 (1) f) GDPR. If we negotiate or conclude a contract, the data is processed in accordance with Art. 6 (1) (b) GDPR. 

c.    Storage period

Your data will be deleted as soon as the purpose of the processing has been achieved and provided that there is no further legal retention period. When contracts are terminated, your data is usually deleted within 3 years after the end of the contract, unless we are obliged to store it for a longer period in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have expressly consented to us continuing to contact you.

Individual processes and services are carried out by carefully selected and commissioned service providers. The service providers commissioned by us are: umantis Deutschland GmbH and Pagero HBS GmbH. Service providers are obliged by us to comply with data protection and security requirements. A secure third country transfer takes place. 

Apart from that we shall only transfer your personal data to third parties if:

• you have provided your explicit consent pursuant to Article 6 Subsection 1 Letter a of the EU General Data Protection Regulation
• this is legally admissible and necessary for the performance of a contractual relationship with you according to Article 6 Subsection 1 Letter b of the EU General Data Protection Regulation
• there is a statutory obligation to transfer the data pursuant to Article 6 Subsection 1 Letter c of the EU General Data Protection Regulation 
• the data transfer is necessary, pursuant to Article 6 Subsection 1 Letter f of the EU General Data Protection Regulation, for the protection of legitimate company interests, and for the assertion, exercise or defence of legal claims, and if there is no reason to assume that you have an overriding interest, which is worthy of protection, in the non-transfer of your data.

a.    Kind and scope of data processing

We make use of cookies on our website. Cookies are small files transmitted by us to the browser of your terminal device and stored there in the framework of your visit to our web pages. Without the use of technically necessary cookies, some functions of our website cannot be offered. By contrast, other cookies enable us to conduct various analyses. For instance, cookies are able to recognise the browser used by you and transmit various information to us on the occasion of your renewed visit to our website. By means of cookies, we are able, among other things, to design our website in a more user-friendly and effective manner for you, e.g. by tracking your utilisation of our website and identifying your preferred settings (such as country and language settings). Where third parties process information via cookies, they collect this information directly from your browser. Cookies do not inflict any damage on your terminal device. They are not able to execute programs nor do they contain viruses.

Various types of cookies are used on our website, the types and functions of which are explained hereafter.

To change the saved cookie settings, please click here.

Essential cookies

These cookies are required for technical reasons so that you can visit our website and use functions offered by us. This refers, for example, to the following application: Typo3. Furthermore, these cookies contribute to a safe and compliant use of the website.

Cookies for external videos

Videos from the following third-party providers are embedded in our website:

• YouTube (Google Inc., San Bruno/California, USA / Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
• Vimeo (Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA)

YouTube

We use the YouTube no-cookies function for embedding the videos and have thus activated the extended data protection. This ensures that YouTube does not initially save any cookies on your device. Only after your consent via the cookie banner or as soon as you start playback of an embedded video by clicking on it, does YouTube store cookies to collect information about user behaviour. Due to the extended data protection mode, no personally identifiable data is contained in the cookies unless you are currently logged into a Google service. These cookies can be prevented by appropriate browser settings and extensions. For information on which cookies can be set, please refer to YouTube's cookie policy at: https://policies.google.com/technologies/cookies?hl=de.

You can find further information on data protection at YouTube in the provider's data protection declaration at: https://www.google.de/intl/de/policies/privacy/

Vimeo

We use the embedding function of Vimeo for embedding video. This ensures that no cookies are initially stored on your device by Vimeo. Only after your consent via the cookie banner or as soon as you start playback of an embedded video by clicking on it, does Vimeo store cookies in order to collect information about user behaviour. The type of cookies may vary depending on whether you are currently logged in to Vimeo. These cookies can be prevented by appropriate browser settings and extensions. To find out which cookies can be set, please refer to Vimeo's cookie policy at: https://vimeo.com/cookie_policy.

Further information on data protection at Vimeo can be found in the provider's data protection statement at: https://vimeo.com/privacy

b.    Legal basis 

On the grounds of the purposes of use described above (cf. § 6. a.), the legal basis for the processing of personal data including the use of cookies is Article 6 Subsection 1 Letter f of the EU General Data Protection Regulation.

c.    Storage period

As soon as the data transmitted to us via the cookies are no longer necessary to achieve the aforementioned purposes, this information will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.

d.    Configuration of the cookie settings

When you access our website, a pop-up window will appear, giving you the opportunity to adjust the cookie settings. You can accept all cookies or reject non-functional cookies and save them.

These settings will be saved. You can adjust them at any time by clicking on the following link: https://www.pfmmedical.com/?showOptIn=1

e.    Configuration of the browser settings

Most browsers have default settings that accept cookies on a standardised basis. You are nevertheless able to configure your respective browser in such a manner that it will only accept certain cookies or cease accepting any cookies whatsoever. However, we advise you that you may no longer be able to use all the functions of our website if cookies on our website have been deactivated due to your browser settings. You are also able to delete cookies via your browser settings, which have already been stored in your browser, or to have their storage periods displayed to you. Furthermore, there is a possibility to configure your browser settings in such a way that you receive notification from the browser before cookies are stored. As the various browsers may differ in regards to their respective modes of operation, we request you to use the Help menu of your browser when it comes to the possibilities of configuration.
If you wish to receive a comprehensive overview of each and every third-party access to your Internet browser, we recommend you to install a plug-in designed specifically for this purpose.

We currently use no tracking and analysis tools.

1.    Xing

A button of the network “Xing” is used on our website. If you click on this button, a short-term connection will be established via your browser with the servers of XING AG (hereinafter referred to as "XING"), by which the "XING Button" functions are provided.

XING will not store any personal data from you in relation to your retrieval of this website. In particular, XING will not store IP addresses. There will not be any evaluation either of your user behaviour via the utilisation of cookies in connection with the "XING Share Button".

The respective current data protection information in relation to the "XING Share Button" and supplementary information can be retrieved on the following website:
https://www.xing.com/app/share?op=data_protection und www.xing.com/privacy.

2.    LinkedIn

A button of the network “LinkedIn” is used on this website. By clicking on this website, a short-term connection will be established via your browser with the servers of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"), by which the "LinkedIn Button" functions are provided.

Clicking the button thus informs LinkedIn on the fact that our website has been visited with your IP address. If you click on the LinkedIn “Share Button” and are logged into your LinkedIn account at the same time, you have the possibility to create a link to content from our website on the profile page of your LinkedIn profile. By doing so, you enable LinkedIn to allocate your visit to our website to you personally or to your user account. Please bear in mind that we have no knowledge of the contents of the transmitted data and their utilisation by LinkedIn.

The respective current data protection information in relation to the "LinkedIn Share Button" and supplementary information is retrievable on the following website: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv

3.    Google reCAPTCHA

To secure the transmission of formsWe use the service reCAPTCHA provided byGoogle Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). 

By using reCAPTCHA it can be determined in particular whether the input is made by a natural person or abusively by mechanical and automated processing. For analysis the service reCAPTCHA evaluates various personal data (e.g. IP address, duration of the web page visit, the behavior of the web page visitors, information about operating system, browser and dwell time, cookies, display instructions and scripts, the input behavior of the user as well as mouse movements). The data collected during the analysis is forwarded to Google. 

The IP address transmitted within the scope of "reCAPTCHA" will not be merged with other Google data unless you are logged in to your Google account at the time you use the "reCAPTCHA" plug-in. If you want to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.

For the information and data obtained by reCAPTCHA and forwarded to Google the deviating data protection regulations of the company Google apply. Further information can be found at: www.google.de/intl/de/privacy

1.    General

Our website includes so-called hyperlinks to the websites of other providers. In the event of activation of such hyperlinks, you will be forwarded directly from our website to the websites of other providers. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on these third-party websites, as we do not exert any influence on these companies’ adherence the applicable data protection regulations. As for the treatment of your personal data by these companies, please gather information directly on their websites.

2.    YouTube

For instance, our website also includes hyperlinks to YouTube. If you click on that hyperlink, you will leave our website and be forwarded directly to the website of YouTube. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on the website of YouTube, as we do not exert any influence on this company’s adherence to applicable data protection regulations. For information on the data collected/recorded by YouTube and their processing, please refer to the Data Privacy Statement of the social network at: https://policies.google.com/privacy?hl=en&gl=en.

For you as a person concerned by the processing of personal data, the following rights result under the EU General Data Protection Regulation:

• Pursuant to Article 15 of the EU General Data Protection Regulation, you are entitled to demand information on your personal data processed by us. In particular, you are entitled to demand information from us on the purposes of data processing, the categories of personal data, the categories of recipients to which your data have been disclosed or are disclosed, the scheduled storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data unless they have been collected from us, the transmission to third countries or international organisations, and on the existence of an automated decision-making process including profiling and, where applicable, meaningful information on the details of such processes.
• Pursuant to Article 16 of the EU General Data Protection Regulation, you are entitled to demand the correction of any incorrect personal data stored by us or the completion of any incomplete personal data stored by us – in relation to you as a person – without delay.
• Pursuant to Article 17 of the EU General Data Protection Regulation, you are entitled to demand the deletion of any of your personal data stored by us as far as the data processing is not required to exercise the right of free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Pursuant to Article 18 of the EU General Data Protection Regulation, you are entitled to demand restriction of the processing of your personal data as far as you dispute the correctness of the data, as far as the processing is unlawful, or as far as we no longer require the data, and if you refuse deletion of the data because you require them to assert, exercise or defend legal claims. You are also entitled to the right under Article 18 of the EU General Data Protection Regulation if you have raised an objection to the data processing activities pursuant to Article 21 of the EU General Data Protection Regulation.
• Pursuant to Article 20 of the EU General Data Protection Regulation, you are entitled to demand from us that you receive the personal data, which you have made available to us, in a structured, well-established and machine-readable format, or you may demand transmission of the data to another responsible person/entity.
• Pursuant to Article 7 Subsection 3 of the EU General Data Protection Regulation, you are entitled to revoke your provided consent in a notification transmitted to us at any time. The consequence thereof will be that we will not be allowed to continue the data processing activities conducted on the basis of that consent in the future.
• Pursuant to Article 77 of the EU Data Protection Regulation, you are entitled to lodge a complaint with a supervisory authority. As a rule, you may submit your complaint to the supervisory authority in charge of your usual place of domicile, your place of work or the registered office of our company.

Where your personal data is processed on the grounds of legitimate interests pursuant to Article 6 Subsection 1 Sentence 1 Letter f of the EU General Data Protection Regulation, you are entitled pursuant to Article 21 of the EU General Data Protection Regulation to raise an objection against the processing of your personal data, provided reasons are in place for such an objection that result from your particular situation, or provided the objection is raised against direct advertising activities. In the event of direct advertising activities, you have a general right to object, which is implemented by us without reference to/indication of a particular situation.

We undertake to protect your privacy and to treat your personal data in confidence. To avoid manipulation, loss or abuse of your data stored by us, we take comprehensive technical and organisational safety precautions that are being reviewed at regular intervals and adjusted to technological progress. Among other things, this includes the use of recognised encryption procedures (SSL or TLS).
However, we advise you that, due to the structure of the Internet, it is possible that the rules of data protection and the aforementioned safeguarding measures may not be observed by other persons or institutions acting outside our area of responsibility. In particular, information transmitted without encryption – for instance in the event of transmission by e-mail – may also be read by third parties. We do not have any technological influence on such occurrences. It lies within the user’s scope of responsibility to protect the data made available by him/her from abuse through encryption or otherwise.
 

As of: August 2023