Privacy statement


We are pleased to welcome you to the www.zytomed-systems.com website and welcome your interest in our company. The protection of your personal data is of great concern to us. Personal data is all information concerning the personal circumstances or material conditions of a determinable natural person. These include, for example, name, address, telephone number and date of birth, but also all other data that could lead to the identification of a particular person.

Because personal data enjoys special legal protections, we only collect it to the extent necessary for hosting our website and for the provision of our services. We describe below which personal information we will record during your visit on our website and how this information will be used. Our data protection practices are in accordance with the current legal regulations, especially those provided by the German Data Protection Law (BDSG), the German Telemedia Act (TMG) and the General Data Protection Regulation (GDPR). We will collect, use and store your personal data only insofar as it is necessary for operating a functioning website and for providing our content and services, as well for processing enquiries and, where applicable, executing orders/contracts, but in every such case only insofar as there is a legitimate interest within the meaning of Art 6 (1) (f) GDPR or some other permission for use. Usage of your data for further purposes that are specifically authorized such as, for example, conveying of commercial information by newsletter, will only occur if you have given your prior consent.

Responsible party

The responsible party (controller) in accordance with the General Data Protection Regulation of the Member States as well as other date protection regulations is:

Zytomed Systems GmbH
Anhaltinerstraße 16
14163 Berlin
Deutschland
E-Mail: info@zytomed-systems.de
Tel.: +49 30 804984990
Fax: +49 30 804984999

Name and address of the controller´s data protection officer

The responsible party (controller) in accordance with the General Data Protection Regulation of the Member States as well as other date protection regulations is:

Nicole Rosenfeld, NR Datenschutz c/o Zytomed Systems GmbH, Datenschutz
Anhaltinerstraße 16
14163 Berlin
Deutschland
E-mail: datenschutz@zytomed-systems.de

Operating the website and creating log files

Every visit to our website triggers the automatic collection of data and information from the accessing computer system. The following data are thereby collected:

The extent of the data being processed

(1) Information as to the type of browser and the version being used
(2) The operating system of the accessing device
(3) The IP address of the accessing device
(4) Date and time of the access to the website
(5) Webpages and resources (pictures, files, other website content) that are accessed on our website.
(6) The webpages from which the user´s system was linked to our website (Referrer-Tracking)

This data is stored in our system´s log files. This data is never stored together with the personal data from a concrete user, which therefore makes it impossible to identify individual website visitors.

Legal basis for the processing of personal data

Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest consists of ensuring our ability to achieve the purposes outlined below.

Purpose of data processing

Logging is carried out to ensure the compatibility of our website for as many visitors as possible and for combating abuse as well as for troubleshooting. To this end, logging the technical data of the accessing device is necessary in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors impairing the functionality of our website. Moreover, the data help us optimize our website and safeguard the overall security of our information technology system.

Duration of the retention of personal data

The technical data mentioned above will be deleted as soon as it is no longer required for ensuring the compatibility of our website for all its users or at the very latest 3 months after the accessing of our website.

Opportunity to object and remove

The opportunity to object and remove complies with the general regulations dealing with the legally protected right to object and right to deletion that are depicted hereafter in this Privacy Statement.

Special functions on our website

Our website offers various functions, the use of which includes the collecting, processing and storing by us of your personal data. In the following section we explain what happens with your data:

Login sectionScope of the processing of personal data
The data provided by you for registration and login.

Legal basis for the processing of personal data
Art. 6 (1) (a) GDPR (implicit acceptance)

Purpose of data processing
You have the opportunity on our website to access and use a separate login area. If you have forgotten your password or user name for this area you can have them sent to you by first providing your contact data (email address). Data relevant to the use of the login area are only collected, stored and processed to prevent misuse of the services, for troubleshooting purposes or for maintenance of functionality. A use for other purposes or the forwarding of data to third parties does not occur.

Duration of the retention of personal data
Any feedback that you provide will be stored and published for an indefinite amount of time. We reserve the right of removal without stating any reasons and without notifying you beforehand or afterwards. Data collected within the framework of the “user name or password forgotten” function is only used for the renewed sending of the forgotten access data.

Opportunity to object and remove
The opportunity to object and remove complies with the general regulations dealing with the legally protected right to object and right to deletion that are depicted hereafter in this Privacy Statement.

Statistical analysis of our website´s visitors - Webtracker

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was requested, the name of the file, date and time of the request, amount of data transmitted and notification that the retrieval of the data was successful (the so-called web log file). We use this access data exclusively in a nonpersonalized form for the continual improvement of our website services and for statistical purposes. We additionally utilize the following webtrackers in order to analyse the visits to the website:

Google-Analytics

Scope of the processing of personal data
This website uses Google Analytics, a Web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter: Google Analytics). Google Analytics uses “cookies” for webtracking purposes. Cookies are text files stored on your computer that enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis based on the tracking services of Google Analytics in order to continually optimize our Internet services and to make them more accessible. When using our website, data like your IP address and your user activity will normally be transmitted to Google Ireland Limited´s server and processed and stored in areas outside of the European Union such as, for example, the United States.
The EU Commission has determined that an adequate data protection level can be achieved when the company that is processing the data is subject to the US-EU Privacy Shield framework and that exporting data to the USA is thus acceptable under these circumstances. Through the activation of IP anonymization within Google Analytics’ tracking codes on this website, your IP address will be anonymized by Google Analytics before it is transmitted. On this website, Google Analytics includes the code extension "gat._anonymizeIp ()." in order to guarantee an anonymized collection of IP addresses (known as IP masking).

Legal basis for the processing of personal data
Art. 6 (1) (a) GDPR (implicit acceptance) occurs either by virtue of registering at Google (opening a Google Account and accepting the data protection provisions found there) or, if you do not register with Google, by virtue of an explicit acceptance when visiting our site.

Purpose of data processing
On our behalf, Google will use this information to evaluate your use of our web pages in order to compile reports about the website activities and to provide to us further services related to website usage and Internet usage. The IP address sent by your browser in the context of Google Analytics will not be pooled with other data from Google.

Duration of the retention of personal data
Google will only store the data needed for providing the webtracking service for as long as is necessary for the fulfillment of the contracted web service. The collection and storage of data is done in an anonymous manner. If the data collected about you could be associated with you, this possibility will be eliminated immediately and the personal data erased without undue delay. In such cases, the deletion will proceed after the statutory waiting period has expired.

Opportunity to object and remove
You can prevent the collection and transmission of your personal data to Google (particularly your IP address) as well as the processing of this data by Google by deactivating the execution of script code in your browser, by installing a script blocker in your browser (blockers can, for example, be found under or www.ghostery.com , or by activating your browser´s “Do Not Track” setting. Furthermore, you can prevent Google's collection and use of the data generated by cookies associated with your use of the site (particularly your IP address) as well as Google's processing of that data by downloading and installing the browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Google-Analytics´ security and privacy policy can be found under https://policies.google.com/privacy 

Involvement of external web services and data processing outside of the EU

On our website we utilize active Java script content from external providers - so-called web services. When you visit our website, these external providers potentially receive personal information regarding your visit to our website. In this case there is the possibility of the data being processed outside of the EU. You can prevent this by installing a JavaScript blocker such as, for instance, the browser plug-in `NoScript´(www.noscript.net) or by deactivating JavaScript in your browser. This can, however, lead to functional limitations on all the websites that you visit.
We utilize the following external web services:).

Wir verwenden folgende externe Webservices:

  • website-check.de
    A web service from the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, DE (hereafter: website-check.de) is installed on our website. We use this data in order to provide full functionality on our website. Within this context your browser may transmit personal data to website-check.de. The legal basis for processing personal data is Article 6(1)(f) GDPR (legitimate interest). The legitimate interest is in this case the trouble-free operation of the website. The data will be erased as soon the purpose for which it was collected has been fulfilled. Further information regarding the handling of the transmitted data can be found in the website-check.de Privacy Policy: https://www.website-check.de/datenschutzerklaerung/. You can prevent the collection and processing of your personal data by websitecheck. de by deactivating the execution of script code in your browser or by installing a script blocker in your browser (examples of blockers can be found under www.noscript.net or www.ghostery.com).

  • CloudFlare
    A web service from the company CloudFlare Inc., 101 Townsend St in 94107 San Francisco, USA (hereafter: CloudFlare) is installed on our website. We use this data in order to provide full functionality on our website. Within this context your browser may transmit personal data to CloudFlare. The legal basis for processing personal data is Article 6(1)(f) GDPR. The legitimate interest is the trouble-free operation of the website. The data will be erased as soon as the purpose for which it was collected has been fulfilled. Further information regarding the handling of the transmitted data can be found in the CloudFlare Privacy Policy: https://www.cloudflare.com/security-policy/ . You can prevent the collection and processing of your personal data by CloudFlare by deactivating the execution of script code in your browser or by installing a script blocker in your browser (examples of blockers can be found under www.noscript.net or www.ghostery.com).

  • Google-Apis
    A web service from the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter: Google-Apis) is installed on our website. We use this data in order to provide full functionality on our website. Within this context your browser may transmit personal data to Google-Apis. The legal basis for processing personal data is Article 6(1)(f) GDPR. The legitimate interest is in this case the trouble-free operation of the website. Google Apis is certified under the EU-U.S. Privacy Shield Framework (see https://www.privacyshield.gov/list). The data will be erased as soon the purpose for which it was collected has been fulfilled. Further information regarding the handling of the transmitted data can be found in the Google Apis Privacy Policy: https://policies.google.com/privacy/update You can prevent the collection and processing of your personal data by Google Apis by deactivating the execution of script code in your browser or by installing a script blocker in your browser (examples of blockers can be found under www.noscript.net or www.ghostery.com).

  • gstatic
    A web service from the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter: gstatic) . We use this data in order to provide full functionality on our website. Within this context your browser may transmit personal data to gstatic. The legal basis for processing personal data is Article 6(1)(f) GDPR. The legitimate interest is in this case the trouble-free operation of the website. gstatic is certified under the EU-U.S. Privacy Shield Framework (see https://www.privacyshield.gov/list). The data will be erased as soon the purpose for which it was collected has been fulfilled. Further information regarding the handling of the transmitted data can be found in the gstatic Privacy Policy: https://policies.google.com/privacy/update. You can prevent the collection and processing of your personal data by gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser (examples of blockers can be found under www.noscript.net or www.ghostery.com).

Information about the use of cookies

  • Scope of the processing of personal data
    We use cookies on various pages of our website to make visiting it a more attractive experience and to facilitate the use of certain functions. So-called “cookies” are small text files that your browser can store on your computer. These text files contain a character string that enables an unambiguous identification of a browser when our website is revisited. The process of storing a cookie file is also called ‘placing a cookie’.

  • Legal basis for the processing of personal data
    Art. 6 (1) (f) GDPR (legitimate interest) Our legitimate interest is that of maintaining the full functionality of our website and enhancing its user-friendliness as well as our need to be able to address customers on an individual basis. It is only possible for us to identify an individual customer with cookies if the site visitor has provided us with the relevant personal data on the basis of a separate prior consent.

  • Purpose of data processing
    Cookies are placed on our website in order to maintain the full functionality of our website and to improve its user-friendliness. In addition, the cookie technology enables us to recognize individual visitors through pseudonyms such as, for example, singular but arbitrary IDs and thus to be able to offer individualized service.

  • Duration of the retention of personal data
    Our cookies are stored until they are deleted in your browser or, in the case of session cookies, until the session is completed.

  • Opportunity to object and remove
    You can configure your browser yourself in such a way that it will prevent the placing of cookies in general or that you can decide on accepting cookies on a case-by-case basis or that cookies will always be accepted. Cookies can be placed for various purposes such as, for example, establishing that your computer has previously connected to our website (permanent cookies) or recording and saving the last viewed products and services (session cookies). We basically utilize cookies in order to provide you with increased user-friendliness. We recommend that you allow the placement of cookies for our website so you can utilize all of our convenience features.

    The opportunity to object and remove complies with the general regulations dealing with the legally protected right to object and the right to remove that are depicted hereafter in this Privacy Statement.

Cookie name

Server

Provider

Purpose

Legal basis

Storage duration

Typ

XSRF-TOKEN

www.zytomed-systems.de

Webseiten­betreiber

This cookie is used to prevent CSRF attacks.

Art. 6 para. 1 lit. f DSGVO (legitimate interests)

about two hours

Security

zytomedwebsitesession

www.zytomed-systems.de

Webseiten­betreiber

This cookie is necessary for the operation of our website. Without this cookie, our website cannot be run.

Art. 6 para. 1 lit. f DSGVO (legitimate interests)

about two hours

Basic functionality

Data security and data protection, communication via email

We employ all possible technological and organizational measures to assure that your personal data is collected, stored and processed in such a way that it will not be accessible to third parties. In the case of unencrypted communication via email we are not able to guarantee the complete security of the transmission route to our IT systems. We therefore recommend that for information requiring a high level of secrecy you use either an encrypted communication method or the postal service.

Withdrawing consent – Obtaining information about data and requesting changes – Deleting and blocking data

You have the right to obtain information about your stored data free of charge one time per year. You additionally have the right to rectify, block or delete your data. Your data will be deleted by us at the first request as long as doing so will not contravene legal regulations. If you have given us permission to use your personal data, you can withdraw it at any time. If you would like to obtain information about your data, or wish to have it deleted or rectified, or if you have any queries, you can forward them to the following address at any time:

Zytomed Systems GmbH
Anhaltinerstr. 16
14163 Berlin
Germany

E-Mail: info@zytomed-systems.de
Fax: +49 (0) 30-804 984 999

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 I GDPR

Insofar as you suspect that the processing of your data infringes the GDPR you can of course precipitate litigation of the issue at any time. Notwithstanding the above, you also have the option of referring the matter to a supervisory authority. You are entitled to the right to lodge a complaint in the EU Member State of your habitual residence, your place of work and/or the place of the alleged infringement. This means that you can appeal to the supervisory authority of your choice from among the places named above. The supervisory authority with which the complaint has been lodged will inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Prepared by:

© DURY LEGAL Rechtsanwälte – www.dury.de

© Website-Check GmbH – www.website-check.de