Data Privacy Statement
We, pfm medical ag (hereinafter referred to as “pfm medical”; for further information on pfm medical, please click here), are happy to welcome you as a visitor to our website. To us, data protection and data security during your utilisation of our website are of great significance. We therefore wish to seize this opportunity to provide you with information on which of your personal data we collect when you visit our website and for which purposes such data will be used.
As amendments of the law or changes to our company-internal processes may require an adjustment of this Data Privacy Statement, we request you to read this Data Privacy Statement at regular intervals. The Data Privacy Statement may be retrieved, stored and printed out under Data Privacy Statement at any time.
§ 1 Person/entity responsible and area of application
The person/entity responsible within the meaning of the EU General Data Protection Regulation and other national data protection laws of the member states or other data privacy provisions is:
This Data Privacy Statement shall apply to the website/Internet offer of pfm medical, which can be retrieved under the domain www.pfmmedical.com and the various sub-domains (hereinafter referred to as “our website”).
§ 2 Data protection officer
The external data protection officer of the person/entity responsible is:
Dr. Karsten Kinast, LL.M., barrister-at-law
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54 50672
Tel.: +49 (0)221 – 222 183 – 0
§ 3 Principles of data processing
Personal data is any information that relates to an identified or identifiable private individual. For instance, this includes information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or your user behaviour. Information that does not allow us to establish any relation with you as a person (or that only allows us to do through disproportionate expenditure), for instance due to anonymisation of the respective information, does not represent personal data. The processing of personal data (such as collection, retrieval, utilisation, storage or transmission) shall always require a legal basis or your personal consent. Processed personal data will be deleted as soon as the purpose of processing has been achieved and legally stipulated storage periods do not have to be complied with anymore.
Where we process your personal data to make certain offers/services available to you, we inform you hereafter on the specific processing activities, the scope and purpose of data processing, the legal basis of the data processing activities and the respective storage period.
§ 4 Individual processing activities
1. Provision and utilisation of the website
a. Kind and scope of data processing
Whenever our website is retrieved and used, we collect the personal data transmitted to our server automatically by your browser. This information is stored temporarily in a so-called log file. If you use our website, we will collect the following data that we require technically to display our website to you and to ensure its stability and security:
- IP address of the retrieving computer
- Date and time of retrieval
- Name and URL of the file retrieved
- Website from which our own website has been accessed (Referrer URL)
- The browser used and, where applicable, the operating system of your computer and the name of your access provider
b. Legal basis
For the data processing activities mentioned above, the legal basis is Article 6 Subsection 1 Letter f of the EU General Data Protection Regulation. Processing of the data mentioned above is necessary to make a website available and hence serves to protect a legitimate interest of our company.
c. Storage period
The aforementioned data shall be deleted as soon as they are no longer necessary to display the website. The collection of the data for provision of the website and the storage of the data in log files is indispensable for the operation of the web page. As a consequence, there is no possibility for the user to raise objections. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.
2. Contact forms
a. Kind and scope of data processing
On our website, we offer you the opportunity to get in touch with us via provided contact forms. During the process, by which you send us your inquiry via the contact form, this Data Privacy Statement will be referred to in order to obtain your consent. If you make use of the contact forms, the following of your personal data will be processed depending on the type of contact form:
- e-mail address
- Title and surname
In this context, the indication of your e-mail address as well as the title and surname serve the purpose of allocating your inquiry and sending you a personal response. The postcode and country serve the purpose of allocating your inquiry to the correct contact person within our company. Utilising the contact form will not result in your personal data being passed on to third parties.
b. Legal basis
The data processing activities for the establishment of contact as described above (cf. § 4 2. a.) are based on the following declaration of consent, which you provide voluntarily in accordance with Article 6 Subsection 1 Letter a of the EU General Data Protection Regulation:
"By entering my data and confirming the “Send” button, I declare that I agree with the processing of my e-mail address, title, surname, postcode and country for the purpose of getting a response to my contact inquiry. I may revoke my consent to the collection/recording of the personal data collected during my utilisation of the contact form at any time."
c. Storage period
As soon as the question asked by you and the respective circumstances have been finally clarified, the personal data processed via the contact form will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.
3. Application form
a. Kind and scope of data processing
You can apply for our job offers on our website using an application form. Our external service provider Umantis provides a form which is integrated into our website as an iFrame. In the course of sending your application using the form, reference is made to this data protection declaration in order to obtain your consent. The following personal data will be processed during the application procedure:
- First name and surname
- Postal address
- e-mail address
- Telephone number
In addition, application documents such as the cover letter, the CV, vocational, basic and advanced training certificates and job references will be recorded.
These data and information serve the purpose of assessing your application and sending you a response. These data will be stored, evaluated, processed or forwarded internally exclusively within the framework of your application. They will only be accessible to employees of the human resources department and to the persons responsible for personnel selection at pfm medical ag. Your data will not be forwarded to companies or persons outside pfm medical ag or used for other purposes unless you agree with a corresponding data transfer. The data may be processed for statistical purposes (such as reporting). However, this will not allow us to identify individual persons.
b. Legal basis
The data processing activities for job application purposes as described above (cf. § 4 3. a.) are based on the following declaration of consent, which you provide voluntarily in accordance with Article 6 Subsection 1 Letter a of the EU General Data Protection Regulation:
"By entering my data and confirming the “Send” button, I declare that I agree with the processing of my title, first name and surname, postal address, e-mail address and telephone number for the purpose of my application being processed by the company. I may revoke my consent to the collection/recording of the personal data collected during my utilisation of the application form at any time."
c. Storage period
If you have applied for a position but application has been turned down, your information will be stored for another 3 months after completion of the application procedure and afterwards be deleted in accordance with the applicable data protection regulations (profile and application). You will not receive a notification on the deletion of the data. Where you have provided your consent with data storage beyond a specific staffing process, your data will be stored over a period of up to 12 months.
§ 5 Data transfer
Individual processes and services are carried out by carefully selected and commissioned service providers. The service providers commissioned by us are: Haufe Group (Umantis). Service providers are obliged by us to comply with data protection and security requirements. A secure third country transfer takes place.
Apart from that we shall only transfer your personal data to third parties if:
- you have provided your explicit consent pursuant to Article 6 Subsection 1 Letter a of the EU General Data Protection Regulation
- this is legally admissible and necessary for the performance of a contractual relationship with you according to Article 6 Subsection 1 Letter b of the EU General Data Protection Regulation
- there is a statutory obligation to transfer the data pursuant to Article 6 Subsection 1 Letter c of the EU General Data Protection Regulation
- the data transfer is necessary, pursuant to Article 6 Subsection 1 Letter f of the EU General Data Protection Regulation, for the protection of legitimate company interests, and for the assertion, exercise or defence of legal claims, and if there is no reason to assume that you have an overriding interest, which is worthy of protection, in the non-transfer of your data.
a. Kind and scope of data processing
Various types of cookies are used on our website, the types and functions of which are explained hereafter.
Type of cookies
|Transient-Cookies||Transient Cookies are used on our website, which are deleted automatically as soon as you close your browser. This type of cookie allows us to record your Session ID. As a result, various inquiries from your browser can be allocated to one joint session, and we are able to recognise your terminal device if you visit our website again at a later time.|
|Persistent-Cookies||Persistent Cookies are used on our website. Persistent Cookies are cookies stored in your browser and transmitting information to us over a longer period of time. The respective storage periods differ depending on the cookie. You are able to delete Persistent Cookies independently via your browser settings.|
Function of cookies
|Necessary cookies||These cookies are necessary for technical reasons, enabling you to visit our website and use the functions offered by us. This relates for instance to the following application: Typo3. Moreover, these cookies make a contribution to safe utilisation of the website in accordance with the applicable regulations.|
|Performance-related cookies||The use of these cookies enables us to conduct an analysis of website utilisation and thus enhance the performance and functionality of our website. For example, information is recorded as to how our website is used by visitors, which pages are retrieved most frequently or whether error indications are displayed on certain pages.|
b. Legal basis
c. Storage period
As soon as the data transmitted to us via the cookies are no longer necessary to achieve the aforementioned purposes, this information will be deleted. More far-reaching storage may result, in the individual case, if stipulated accordingly under the law.
d. Configuration of the browser settings
Most browsers have default settings that accept cookies on a standardised basis. You are nevertheless able to configure your respective browser in such a manner that it will only accept certain cookies or cease accepting any cookies whatsoever. However, we advise you that you may no longer be able to use all the functions of our website if cookies on our website have been deactivated due to your browser settings. You are also able to delete cookies via your browser settings, which have already been stored in your browser, or to have their storage periods displayed to you. Furthermore, there is a possibility to configure your browser settings in such a way that you receive notification from the browser before cookies are stored. As the various browsers may differ in regards to their respective modes of operation, we request you to use the Help menu of your browser when it comes to the possibilities of configuration.
If you wish to receive a comprehensive overview of each and every third-party access to your Internet browser, we recommend you to install a plug-in designed specifically for this purpose.
Please be advised that you will not be able to use the aforementioned browser plug-in if you visit our website via the browser of a mobile terminal device (smartphone or tablet). If you use a mobile terminal device, you may prevent the recording of your usage data by Google Analytics by clicking on the following link: Deactivate Google Analytics. By clicking on this link, a so-called Opt-out Cookie will be placed in your browser. This cookie prevents that information relating to your visit of the website is transmitted to Google Analytics. Please note that the Opt-out Cookie is valid only for this browser and this domain. If you delete the cookies in this browser, the Opt-out Cookie will be deleted as well. To furthermore prevent the recording of data by Google Analytics, you will have to click on the link once again. Using the Opt-out Cookie is also possible as an alternative to the plug-in mentioned above in the context of the browser’s use on your computer.
To ensure the best possible protection of your personal data, Google Analytics has been extended on this website with the code “anonymizeIp”. This code causes the last 8 Bit of IP addresses to be deleted and your IP address becomes hence recorded in an anonymised manner (so-called IP Masking). In this context, your IP address is already truncated and thus anonymised by Google in principle prior to transmission within member states of the European Union or in other contracting countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated on a Google server in the USA.
This website also uses Google Analytics demographic reports, in which data from Google's interest based advertising as well as third party visitor data (i.e. age, gender and interests) is used. This data can not be traced back to a specific person and can be deactivated anytime via the ads personalization.
More details on the terms and conditions of use and data protection can be found at http://www.google.com/intl/de/analytics/learn/privacy.html.
§ 8 Plugins
A button of the network “Xing” is used on our website. If you click on this button, a short-term connection will be established via your browser with the servers of XING AG (hereinafter referred to as "XING"), by which the "XING Button" functions are provided.
XING will not store any personal data from you in relation to your retrieval of this website. In particular, XING will not store IP addresses. There will not be any evaluation either of your user behaviour via the utilisation of cookies in connection with the "XING Share Button".
The respective current data protection information in relation to the "XING Share Button" and supplementary information can be retrieved on the following website:
https://www.xing.com/app/share?op=data_protection und www.xing.com/privacy.
A button of the network “LinkedIn” is used on this website. By clicking on this website, a short-term connection will be established via your browser with the servers of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"), by which the "LinkedIn Button" functions are provided.
Clicking the button thus informs LinkedIn on the fact that our website has been visited with your IP address. If you click on the LinkedIn “Share Button” and are logged into your LinkedIn account at the same time, you have the possibility to create a link to content from our website on the profile page of your LinkedIn profile. By doing so, you enable LinkedIn to allocate your visit to our website to you personally or to your user account. Please bear in mind that we have no knowledge of the contents of the transmitted data and their utilisation by LinkedIn.
The respective current data protection information in relation to the "LinkedIn Share Button" and supplementary information is retrievable on the following website: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv
3. Google reCAPTCHA
To secure the transmission of formsWe use the service reCAPTCHA provided byGoogle Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
By using reCAPTCHA it can be determined in particular whether the input is made by a natural person or abusively by mechanical and automated processing. For analysis the service reCAPTCHA evaluates various personal data (e.g. IP address, duration of the web page visit, the behavior of the web page visitors, information about operating system, browser and dwell time, cookies, display instructions and scripts, the input behavior of the user as well as mouse movements). The data collected during the analysis is forwarded to Google.
The IP address transmitted within the scope of "reCAPTCHA" will not be merged with other Google data unless you are logged in to your Google account at the time you use the "reCAPTCHA" plug-in. If you want to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.
For the information and data obtained by reCAPTCHA and forwarded to Google the deviating data protection regulations of the company Google apply. Further information can be found at: www.google.de/intl/de/privacy
§ 9 Hyperlinks
Our website includes so-called hyperlinks to the websites of other providers. In the event of activation of such hyperlinks, you will be forwarded directly from our website to the websites of other providers. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on these third-party websites, as we do not exert any influence on these companies’ adherence the applicable data protection regulations. As for the treatment of your personal data by these companies, please gather information directly on their websites.
For instance, our website also includes hyperlinks to YouTube. If you click on that hyperlink, you will leave our website and be forwarded directly to the website of YouTube. You will notice that process, among other things, through the change of URLs. We are not able to assume any responsibility for the confidential treatment of your data on the website of YouTube, as we do not exert any influence on this company’s adherence to applicable data protection regulations. For information on the data collected/recorded by YouTube and their processing, please refer to the Data Privacy Statement of the social network at: https://policies.google.com/privacy?hl=en&gl=en.
§ 10 Rights of persons concerned
For you as a person concerned by the processing of personal data, the following rights result under the EU General Data Protection Regulation:
- Pursuant to Article 15 of the EU General Data Protection Regulation, you are entitled to demand information on your personal data processed by us. In particular, you are entitled to demand information from us on the purposes of data processing, the categories of personal data, the categories of recipients to which your data have been disclosed or are disclosed, the scheduled storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data unless they have been collected from us, the transmission to third countries or international organisations, and on the existence of an automated decision-making process including profiling and, where applicable, meaningful information on the details of such processes.
- Pursuant to Article 16 of the EU General Data Protection Regulation, you are entitled to demand the correction of any incorrect personal data stored by us or the completion of any incomplete personal data stored by us – in relation to you as a person – without delay.
- Pursuant to Article 17 of the EU General Data Protection Regulation, you are entitled to demand the deletion of any of your personal data stored by us as far as the data processing is not required to exercise the right of free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- Pursuant to Article 18 of the EU General Data Protection Regulation, you are entitled to demand restriction of the processing of your personal data as far as you dispute the correctness of the data, as far as the processing is unlawful, or as far as we no longer require the data, and if you refuse deletion of the data because you require them to assert, exercise or defend legal claims. You are also entitled to the right under Article 18 of the EU General Data Protection Regulation if you have raised an objection to the data processing activities pursuant to Article 21 of the EU General Data Protection Regulation.
- Pursuant to Article 20 of the EU General Data Protection Regulation, you are entitled to demand from us that you receive the personal data, which you have made available to us, in a structured, well-established and machine-readable format, or you may demand transmission of the data to another responsible person/entity.
- Pursuant to Article 7 Subsection 3 of the EU General Data Protection Regulation, you are entitled to revoke your provided consent in a notification transmitted to us at any time. The consequence thereof will be that we will not be allowed to continue the data processing activities conducted on the basis of that consent in the future.
- Pursuant to Article 77 of the EU Data Protection Regulation, you are entitled to lodge a complaint with a supervisory authority. As a rule, you may submit your complaint to the supervisory authority in charge of your usual place of domicile, your place of work or the registered office of our company.
§ 11 Right to object
Where your personal data is processed on the grounds of legitimate interests pursuant to Article 6 Subsection 1 Sentence 1 Letter f of the EU General Data Protection Regulation, you are entitled pursuant to Article 21 of the EU General Data Protection Regulation to raise an objection against the processing of your personal data, provided reasons are in place for such an objection that result from your particular situation, or provided the objection is raised against direct advertising activities. In the event of direct advertising activities, you have a general right to object, which is implemented by us without reference to/indication of a particular situation.
§ 12 Data security and safeguarding measures
We undertake to protect your privacy and to treat your personal data in confidence. To avoid manipulation, loss or abuse of your data stored by us, we take comprehensive technical and organisational safety precautions that are being reviewed at regular intervals and adjusted to technological progress. Among other things, this includes the use of recognised encryption procedures (SSL or TLS).
However, we advise you that, due to the structure of the Internet, it is possible that the rules of data protection and the aforementioned safeguarding measures may not be observed by other persons or institutions acting outside our area of responsibility. In particular, information transmitted without encryption – for instance in the event of transmission by e-mail – may also be read by third parties. We do not have any technological influence on such occurrences. It lies within the user’s scope of responsibility to protect the data made available by him/her from abuse through encryption or otherwise.
As of: May 2019