Name and contact details of the controller in accordance with Article 4(7) GDPR
curea medical GmbH
DE 48565 Steinfurt
Contact person: Dr. Andreas Bolz
Phone: +49 (0) 36071 9009500
Fax: +49 (0) 36071 9009599
Data protection officer: Lena Ludwig, PSW GROUP GmbH & Co. KG, firstname.lastname@example.org
Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal data you make available to us, and protect such data from unauthorised access. We therefore take the utmost care and apply the latest security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have put in place technical and organisational measures to ensure regulations concerning data protection are observed both by us and our external service providers.
Definition of terms
The legislator specifies that personal data are to be processed in a lawful manner, in good faith and in a way that is comprehensible to the data subject (“lawfulness, processing in good faith, transparency”). To guarantee this, we are informing you about the individual legal definitions that are also used in this Data Protection Policy:
- Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations performed in conjunction with personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by forwarding, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing
“Restriction of processing” is the marking of stored personal data with the aim of limiting its future processing.
“Profiling” is any form of automated processing of personal data where that personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without use of additional information, provided such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
- File system
A “file system” is any structured collection of personal data that is accessible according to certain criteria regardless of whether this collection is maintained centrally, decentrally or according to functional or geographical aspects.
“Controller” is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for in accordance with Union or Member State law.
A “Processor” is a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller.
A “Recipient” is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task in accordance with Union or Member State law shall not be considered recipients. The processing of such data by those authorities shall be performed in accordance with the applicable data protection rules, in line with the processing purposes.
- Third party
A “Third party” is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor.
“Consent” of the data subject is any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Lawfulness of the processing
The processing of personal data is only lawful if a legal basis for the processing applies. In accordance with Article 6(1), Points a – f, GDPR, the legal basis for processing may, in particular, be:
- The data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes;
- The processing is required to execute a contract to which the data subject is party or for pre-contractual measures adopted at the data subject’s request;
- The processing is required to honour a legal obligation to which the controller is subject;
- The processing is required to protect the vital interests of the data subject or of another natural person;
- The processing is required to perform a task in the public interest or in exercising official authority vested in the controller;
- The processing is required for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Information about the collection of personal data
(1) The following information applies to the collection of personal data when using our website. Personal data are, for example, name, address, e-mail addresses and user behaviour.
(2) If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, where applicable) will be stored by us to answer your questions. We delete the data arising in this context once storage is no longer required, or processing is restricted if there are legal obligations to retain data.
Collection of personal data when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise forward information to us, we only collect the personal data that your browser forwards to our server. If you wish to view our website, we shall collect the following data, which is technically necessary for us to display our website to you and ensure that it is stable and secure (the legal basis is Article 6(1), Sentence 1, Point f, GDPR):
- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status /HTTP- status code
- Respective transferred data quantity
- Website from which the enquiry is made
- Operating system and its interface
- Language and version of the browser software.
(1) In addition to the aforementioned data mentioned, Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the Cookie with certain information. Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
(2) This website uses the following types of cookies, the scope and function of which are explained below:
- Transient Cookies (see a.)
- Persistent Cookies (see b.).
- Transient cookies are automatically deleted when you close the browser. These include, in particular, Session Cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. Session Cookies are deleted when you log out or close the browser.
- Persistent Cookies are automatically deleted after a set period of time, which may vary depending on the Cookie. You can delete the Cookies in the security settings of your browser at any time.
- You can configure your browser settings in line with your requirements and, for example, reject the acceptance of third party Cookies or all Cookies. So-called “Third Party Cookies” are Cookies that have been set by a third party and therefore not by the actual website you are currently visiting. Please note that by disabling Cookies you may not be able to use all the features of this website.
- The Flash Cookies used are not collected by your browser, but by your Flash Plug-in. We also use HTML5 storage objects that are stored on your terminal. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash Cookies to be processed, you need to install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your Cookies and browser history manually.
Additional functions of and services available on our website
(1) In addition to the purely informational use of our website, we render various services that you can use if you are interested. To that end you will usually have to provide further personal data, which we use to render the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services in conjunction with partners. You will receive more detailed information about this when you provide your personal data or obtain that information below in the offer description.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the offer description
Comment function on this website
With regard to the comment function on this site, in addition to your comment details of when the comment was created, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.
(1) Storage of the IP address: our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data to take action against the author in the event of legal violations such as insults or propaganda.
(2) Subscribing to comments: as a user of the site you can subscribe to comments after registering. You will receive a confirmation e-mail to verify that you are the owner of the e-mail address provided. You can unsubscribe from this function at any time via a link in the information e-mails.
As a matter of principle, our services are geared towards adults. Persons under the age of 18 should not forward any personal data to us without the consent of their parents or legal guardians.
Rights of the data subject
(1) Withdrawing consent
If the processing of personal data is based on a granted consent, you have the right to withdraw the consent at any time. Withdrawing the consent does not affect the legality of the processing that applied as a result of the consent up until the withdrawal.
You can contact us at any time to exercise the withdrawal right.
(2) Right to confirmation
You have the right to request confirmation from the controller as to whether we are processing personal data relating to you. You can request confirmation at any time using the contact details above.
(3) Right to obtain information
If personal data are processed, you may at any time request information about such personal data and about the following information:
- The processing purpose;
- The categories of personal data processed;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
- Where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing by the controller of personal data concerning you or the right to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- If the personal data are not collected from the data subject, any available information about the origin of the data;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards in accordance with Article 46 GDPR in conjunction with the transfer. We shall provide a copy of the personal data that are the subject of the processing. We may charge a reasonable fee based on administrative costs for any further copies you request from the individual. If you make the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise indicated. The right to receive a copy under sub-section 3 shall not prejudice the rights and freedoms of other persons.
(4) Right of rectification
(5) Right to erasure (“right to be forgotten”)
(6) Right to restriction of processing
(7) Right to data portability
(8) Right to object
You have the right to object at any time to processing of personal data concerning you, which is based on Point (e) or (f) of Article 6(1). This also applies to profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing is aimed at the establishment, exercise or defence of legal claims.
If our personal data are processed to implement direct advertising, you have the right to object at any time to the processing of personal data that affects you for the purpose of such advertising. This also applies to pooling where it is associated with such direct advertising. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and irrespective of Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to object to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), unless the processing is necessary to perform a task carried out in the public interest.
You may exercise the right to object at any time by contacting the relevant controller.
(9) Automated decisions in an individual case, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, unless the decision is necessary to enter into or execute a contract between you and us or with your explicit consent. We do not make automated decisions when you visit our website or during a contractual relationship with you.
(10) Right to lodge a complaint with a supervisory authority
(11) Right to an effective judicial remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Article 77, GDPR, you have the right to an effective judicial remedy if you consider that your rights in accordance with this Regulation have been infringed upon as a result of the processing of your personal data that is not in compliance with this Regulation.
Notice about forwarding data to the USA
Our website includes tools from companies based in the USA. If these tools are active, your personal data may be forwarded to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. To that end, US companies undertake to surrender personal data to supervisory authorities without you as the data subject having the opportunity to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. secret services) shall process, evaluate and permanently store your data located on US servers for monitoring purposes. We do not exert any influence on these processing activities.
Rendering IP details anonymous
We have activated the functions of IP anonymisation on this website. As a result, Google shortens your IP address in Member States of the European Union or in other contracting states to the Agreement on the European Economic Area prior to forwarding to the USA. Only in exceptional cases will the entire IP address be sent to a Google server in the USA and shortened there. By order of the operator of this website, Google shall use this information to evaluate your use of the website, put together reports on the website activities and render additional services associated with the website and internet use for the website operator. The IP address forwarded as part of Google Analytics from your browser shall not be grouped together with other data from Google.
You can prevent the storing of Cookies by making the appropriate settings in your browser. However, we would like to point out that by doing so you may not be able to use the full functionality of our website. Furthermore, you can prevent the collection of data generated by the Cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser Plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data recording
You can prevent the recording of your data by Google Analytics by clicking on the following link. An Opt-Out Cookie is placed that prevents the recording of your data during future visits to this website: deactivate Google Analytics.
Please see the Google Data Protection Policy for more information about dealing with user data: https://support.google.com/analytics/answer/6004245?hl=de.
Order data processing
We have entered into an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This website uses the YouTube embedding function to display and play videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Irrespective of playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.
Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6(1), Point a, GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website.
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. By using this service, our location is shown to you and a possible approach is made easier.
Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6(1), Point a, GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, please follow the option described above for making an objection.
Matomo with cookies
On this website, data are collected and stored using the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Article 6(1), Point f, GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used to that end. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. Among other things, the Cookies enable the recognition of the internet browser. The data collected via Matomo technology (including your pseudonymised IP address) are processed on our servers.
The information generated by the Cookie in the user profile rendered anonymous is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.
If you do not agree to the storage and evaluation of such data from your visit, you can object at any time via a click of the mouse to the storage and use of such data for the future. In such a case, a so-called opt-out Cookie is deposited in your browser, resulting in Piwik not gathering any visit data whatsoever. Please note that if you delete your Cookies completely, the opt-out Cookie will also be deleted and you may have to reactivate it. Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6(1), Point a, GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, please deactivate this service in the “Cookie Consent Tool” provided on the website.
Status: November 2021, Version 1.0