We take privacy seriously

Server log files

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on your hard drive. The information stored in the cookies allows you to be automatically recognised the next time you visit our website, which will make it easier for you to use the site. The legal basis for the use of cookies is your consent in accordance with Art. 6 (1)(a) GDPR or, for necessary cookies, our legitimate interest in accordance with Art. 6 (1)(f) GDPR. Our legitimate interests are in maintaining the functionality and security of the website, protection against misuse and improving our service.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit, you can also refuse the use of cookies by changing the settings in your browser to “refuse cookies”. The respective procedure can be found in the settings of your browser. If you reject the use of cookies, however, there may be restrictions on the use of some areas of our website.

Google Tag Manager

Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, hereinafter “Google”, on our website. Google Analytics 4 uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information collected by means of these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities during those sessions) and to analyze user behavior across devices.

We use Google Signals. This allows Google Analytics 4 to collect additional information about users who have activated personalized ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

The anonymization of IP addresses is activated by default with Google Analytics 4. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of “events”. Events may include:

• Page views
• First visit to the website
• Start of the session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links 
• Internal search queries
• Interaction with videos
• Downloaded files
• Ads seen / clicked
• Language settings

The following is also recorded:

• Your approximate location (region)
• Your IP address (in truncated form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet provider
• The referrer URL (via which website/advertising medium you came to this website)
• User ID 
• Interests 
• Demographic data

Google will use this information for the purpose of evaluating your usage of our website, compiling reports on website activities for us, and carrying out further services relating to website activity and Internet usage. 

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google. The data will only be passed on to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data the retention period of which has been reached takes place automatically once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 Sent. 1 lit. a GDPR.

Google also offers an opt-out add-on for the most popular browsers, which gives you more control over what information Google collects about the websites you visit. The add-on indicates to the JavaScript (ga.js) of Google Analytics 4 that no information about the website visit should be transmitted to Google Analytics 4. However, the Google Analytics 4 opt-out browser add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For further information on installing the browser Add-On, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=en

If you visit our website from a mobile device (smartphone or tablet), you will need to click this link instead to prevent Google Analytics from tracking you within this site in the future. This is also possible as an alternative to the above browser Add-On. By clicking the link, an opt-out cookie is set in your browser and is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.

If you’ve agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, Google will use your information in conjunction with Google Analytics data to create target audience lists for remarketing purposes across multiple devices. Google Analytics 4 will first collect your Google-authenticated ID on our website, which is linked to your Google account (i.e. personal data). Google Analytics will then temporarily associate your ID with your Google Analytics 4 data to optimize our target audiences.

If you do not agree, you can turn it off via the corresponding settings in the “My Account” section of your Google Account.

You can find out more about the Google privacy policy and data protection regarding Google Analytics 4 at: https://marketingplatform.google.com/about/analytics/terms/us/   and at https://policies.google.com/?hl=en .

For further information on the use of “cookies” on our website and on revocation, please refer to the last section “Cookies”.

Pingdom

This website uses the monitoring service Pingdom, operated by the Swedish company Pingdom AB, Kopparbergsvägen 8, 722 13, Västerås, Sweden. Pingdom uses what are called “cookies”, which are small text files that are locally saved in the cache of the website visitor’s browser. These cookies help in identifying the browser and hence make it possible to analyse your accesses as well as the performance and availability of our website in order to improve the performance and the presentation of the contents on the website.
You can find the data protection guidelines of Pingdom under: www.pingdom.com/legal/privacy-policy/
For more information about the use of cookies on our site, please see the section "Cookies".

Cookiebot

A web service of Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure full functionality of our website. Your browser or personal data is transferred to cookiebot.com in this context.

The legal basis for data processing is Art. 6 (1)(f) GDPR and Art. 6 (1)(c) GDPR. 

The legitimate interest here is in trouble-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find more information on handling of the transferred data in the Data Protection Statement of cookiebot.com under: www.cookiebot.com/de/privacy-policy/

Customer account

We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.

The legal basis for this processing activity is art. 6 (1) (b) GDPR.

We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

For more information about the use of cookies on our site, please see the section "Cookies".

Security

Data transfers to third countries

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

Storage period

We will store your data,

• if you have consented to the processing thereof, only until you withdraw your consent;
• if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
• if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
• if statutory retention obligations exist, until the end of the retention periods.
   

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to appeal

Collection and storage of personal data; nature, purpose and use

When you enter into a contractual relationship with us, the following information is collected:

• Form of address, title, first name, last name
• Address
• E-mail address
• Telephone number (fixed line and/or mobile)
• Fax number, where applicable (if available and desired)
• Account data, where applicable
• Customer number, where applicable
• Shipping address number, where applicable
• Higher-level customer number, where applicable
• Date of birth, where applicable
• Access data, where applicable (if required for the cooperation)
• Creditworthiness data, where applicable (as warranted and on a spot check basis)
• Result of sanctions review, where applicable
• Technical information (e.g. log data, IP address, location), where applicable

Additionally as warranted for patients/end users

• For made-to-measure production: personal measurement data, together with the indication, where applicable (health data)
• For complaints: Photos, also with health background information, where applicable, e.g. intolerances or the like (health data)
• For medi vision: date and time of the scan, software version of the app, measurement data and circumferences up to the waist, 3D model (file with anonymised (or randomised) name)

In addition, all information required for performing the contract with you will be collected.

The collected data may also include special categories of personal data within the meaning of Art. 9 GDPR. This includes, for example, data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data and data concerning health. The data collected for the purpose of performing the contract primarily include, for example, insurance documents, correspondence, medical certificates and findings, or the like. With your consent, such data may possibly be requested of third parties (e.g. the attending physician) or the data will be transmitted by third parties (e.g. the hospital).

Personal data and also special categories of personal data are collected

• in order to identify you as a customer or supplier;
• in order to advise you appropriately;
• in order to fulfil our contractual obligations to you;
• in order to fulfil our legal obligations;
• in order to conduct correspondence with you;
• in order to bill you or send you payment reminders;
• for purposes of reliable direct advertising;
• in order to assert any claims against you.

We process your personal data for purposes of your query or placement of an order with us as required for the aforementioned purposes to process your order and fulfil the obligations under the underlying contract (legal basis Art. 6, 1b GDPR).

If you have subscribed to a newsletter or participate in a sweepstake, the collection and processing of your data are based on your consent (legal basis Art. 6, 1a GDPR). You can revoke this consent for the future at any time without observing requirements of form.

Collected personal data will be stored until the expiration of the statutory retention period for merchants (6 or 10 years after the end of the calendar year in which the contractual relationship was terminated) and erased after that. By way of exception, this does not apply if we are required to retain the data for a longer period of time by reason of obligations under tax or commercial law (under the German Commercial Code, Criminal Code or Tax Code) or if you have consented to data storage for a longer period of time.

Collection and storage of personal data; nature, purpose and use

If you use online forms, the following information will be collected:

• E-mail address, where applicable
• last name, where applicable
• first name, where applicable
• Form of address, where applicable
• title, where applicable
• address, where applicable
• technical information, where applicable
• Telephone number (fixed line and/or mobile)
• Indication type, where applicable
• Product distribution channels/location, where applicable
• Year of birth, where applicable
• Doctor job title, where applicable
• Professional practice, where applicable
• Name of company where profession is practiced, where applicable
• Customer number, where applicable
• User group, where applicable
• Usage behaviour, where applicable
• Search areas, where applicable
• Preferences, where applicable

The collected data may also include special categories of personal data within the meaning of Art. 9 GDPR. This includes, for example, health data and voice recordings.

Personal data and also special categories of personal data are collected

• in order to identify you as a user
• in order to offer you the requested service
• in order to contact you.

Personal data is processed when you register for an online service or in connection with a medi survey/sweepstake; it is required for the purposes mentioned for processing (legal basis Article 6 1b GDPR).

If you have subscribed to a newsletter or participate in a sweepstake, the collection and processing of your data are based on your consent (legal basis Art. 6, 1a GDPR). You can revoke this consent for the future at any time without observing requirements of form.

The information provided will be stored, used and processed for the purpose of providing the requested online service and, where applicable, to send the prize. The data collected will be stored for the duration of the use of an online service or until the end of a survey/sweepstake, but for a maximum of three years after collection.

Customers & Suppliers

We transmit your personal data to third parties only to the extent required to fulfil the contractual relationships with you. This particularly includes the transfer of data to service providers engaged by us (so-called job processors) or other third parties whose activity is necessary for contractual performance (with regard to suppliers: logistics service providers, printing company, service providers for canteen & catering, if the case may be architects; with regard to customers: logistics service providers, IT service providers, customer support software providers, sales service providers, payment service providers). In the relationship with these third parties, it will be assured that the third parties may only use the transferred data for the aforementioned purposes.

Users of online forms (regsitration, surveys, sweepstakes, etc.)

We transmit your personal data to third parties only insofar as this is necessary for the processing of a transaction with you. This may include, in particular, any forwarding of information to service providers authorised by medi GmbH & Co. KG (so-called processors) or other third-parties whose activities are necessary for the purpose of contract execution (survey providers, logistics service providers, IT service providers). Vis-a-vis these third-parties, it is ensured in every instance that the data forwarded may only be used by said third-parties for the stated purposes.

Funding agencies (statutory health insurer/workers’ compensation boards)

We transmit your personal data to third parties only insofar as this is necessary for the processing of information sent to you. This may include, in particular, any forwarding of information to service providers authorised by medi GmbH & Co. KG (so-called processors) or other third parties whose activities are necessary for the purpose of contract execution (logistics service providers, IT service providers, e-mail marketing providers). Vis-a-vis these third parties, it is ensured in every instance that the data forwarded may only be used by said third parties for the aforementioned purposes.