Please find below information on how we process your personal data as well as your claims and rights in accordance with data protection regulations.
This Data Protection Declaration informs you about the type, scope and purpose of the processing of personal data on our website (hereinafter jointly referred to as “website”). The Data protection Declaration applies regardless of the domains, systems and devices (such as desktop, mobile, etc.) used.
Personal data includes all data that refers to you as a person, such as name, address, email address and user behaviour. Which data is processed in particular and how primarily depends on the service requested from us.
1. Who is responsible for data processing and whom can I contact?
The responsible instance is:
CA DIGITAL GmbH
Walder Str. 53
+49 2104 8004100
+49 2104 8004199
You can contact our Data Protection Officer at:
mip Consult GmbH
Rechtsanwalt Dietrich Felgner
Alte Jakobstr. 77
+49 2104 8004100
2. Which sources and data do we use?
We process personal data that we receive from you when you use our website and from potential business relationships.
When using the website purely for information purposes only, in other words when you do not register or transfer information to us via other channels, we only collect the personal data which your browser sends to our server. When you access our website, we collect the following access data which we need for technical purposes so as to display our website to you and ensure its stability and security. This access data includes your IP address, date and time of request, time zone differences to Greenwich Mean Time (GMT), content of request (i.e. name of the specific website accessed), access status / HTTP status code, data volume transferred, referrer URL (previously visited website), browser type and version, operating system and its interface, browser language and version, report on successful access.
We also receive your personal data if you contact us through the contact form or by email and if you register in our Treatment Manager. In this case, personal data includes name of clinic / company, contact person, address, email, phone number (hereinafter referred to as “contact details”), website and VAT ID.
3. What is the reason and legal basis for processing your data (purpose of processing)?
We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data protection Act (Bundesdatenschutzgesetz – BDS) for the following purposes and on the following legal bases:
|It is legal to process your data on the basis of your consent given if you have given us permission to process personal data for specific purposes (e.g. when registering so as to process an order, when contacting us through our contact form and/or per email so as to process and handle the request, for sending newsletters, for advertising per phone, email, SMS, etc.). You can withdraw your consent at any time. Please be aware that such withdrawal only takes effect for future activities. It does not apply to any past processing activities that took place before the withdrawal.||Approval in accordance with Art. 6 (1) lit. a GDPR|
|When contacting us (per contact form or email), your information is processed in accordance with any consent issued by you for processing and handling the contact request and on the basis of the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR.||Implementation of pre-contractual measures regarding requests made by the person in accordance with Art. 6 (1) lit. b GDPR.|
We process your access data (see data stated in Section 2 above) to maintain the justified interests of our company and third parties. We primarily maintain the following justified interests:
For the purpose of assessing and maintaining justified interests in accordance with Art. 6 (1) lit. f GDPR.
4. Who is given my data?
Within the company, employees are given access to your data who need it for fulfilling our contractual and legal obligations.
Your data may also be transferred to order processors (Art. 28 GDPR) engaged by us for the above purposes. These include companies in the IT services, logistics, printing services, accounting, controlling, telecommunications, debt collection, advisory, consulting, sales and marketing sectors. In the event of us engaging order processors for providing our services, we implement suitable legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
We only transfer data to third parties in accordance with legal requirements. We only transfer user data to third parties if this is required for contractual purposes in accordance with Art. 6 (1) lit. b GDPR or for maintaining justified interests in the profitable and effective operation of our business in accordance with Art. 6 (1) lit. f GDPR or if you have given your consent for us to transfer the data. We never transfer data to third parties if you use our website for information purposes only.
5. How long do you store my data?
For security reasons (e.g. for resolving misuse or fraudulent actions), log file information is stored for a maximum period of 30 days, after which it is deleted (see Section 2 above). Data which needs to be stored for longer periods as evidence is not deleted until the respective incident has been resolved in full and final. If required, we process and store your personal data for the duration of our business relationship, which may also include the initiation and processing of an agreement through the contact form or per email.
We further have to comply with various retention and documentation obligations stipulated by legislation such as the German Commercial Code (Handelsgesetzbuch – HGB), German Tax Code (Abgabenordnung – AO) and the Medical Devices Directive 93/42/EEC. The retention and/or documentation periods stipulated in these laws range from two to ten years, or may apply for life, depending on the case at hand.
Finally, the retention period is also based on the legal statutes of limitations, which usually are three years in accordance with Sections 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), but may also last for up to 30 years in certain cases, with the regular statutes of limitations being three years.
6. Is data being transferred to third countries or international organisations?
We do not transfer any data to third countries (countries outside the European Union – EU).
7. What are my rights regarding data protection?
Each affected person has
The right to information in accordance with Art. 15 GDPR,
The right to correction in accordance with Art. 16 GDPR,
The right to deletion in accordance with Art. 17 GDPR,
The right to limitation of processing activities in accordance with Art. 18 GDPR, and
The right to data transferability in accordance with Art. 20 GDPR.
You may also withdraw your consent, always with future effect.
You further have the right to complain to data protection authorities (Art. 77 GDPR in conjunction with Section 19 BDSG).
We would further like to draw your attention to your right to object in accordance with Art. 21 GDPR:
Information on your right to object in accordance with Art. 21 GDPR
You have the right to object against the processing of the personal data relating to you which occurs in accordance with Art. 6 (1) lit. e GDPR (data processing in the interest of the public) and Art. 6 (1) lit. f GDPR (data processing based on the assessment of interests) for reasons resulting from your specific situation. This also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR, which we use for assessing questionnaires and advertising purposes.
If you object, we shall no longer process your personal data, unless we have proof of compelling reasons for the processing activities that are worth protecting and which outweigh your interests, rights and freedoms, or the processing activities serve to enforce, execute or defend legal claims. In some cases, we process your personal data for direct advertising purposes. You have the right to object at any time against the processing of personal data relating to you for such advertising purposes. The same applies to profiling related to such direct advertising. If you object to the processing of your data for direct advertising purposes, we shall stop processing your personal data for such purposes.
Your objection may be informal and shall not incur any costs except basic fees for the transfer of your communication.
If possible, please send your objection to:
CA DIGITAL GmbH
Walder Str. 53
or email: datenschutz @ca-digit.com
8. To what extent is my data used for individual decisions based solely on automated processing, including profiling?
When accessing our website and/or when contacting us per contact form or email, we never use decision based solely on automated processing in accordance with Art. 22 GDPR. We shall inform you separately should we use this method in individual cases, if required to do so by law.
We do not process your data on an automated basis with the aim to assess personal aspects (profiling).
9. Am I obliged to provide data?
You have to provide the data which is required for the use of our website for technical and/or IT security reasons when using our website / Treatment manager. You cannot use our website if you fail to provide the above data.
When contacting us per contact form or email, you only have to provide the personal information required for processing your request. Failure to do so means that we will not be able to process your request.
The following provisions aim to inform you about our newsletter as well as the subscription, dispatch and assessment methods as well as your rights to objection. By subscribing to our newsletter you agree to receive the newsletter and to the methods described.
Newsletter content: We only send newsletters, emails and other electronic messages containing advertising information (hereinafter referred to as “newsletter”) if the recipient has given consent for us to do so or on the basis of a legal permit. If we describe individual newsletters in detail during the subscription process, such description shall form the basis for the subscriber’s consent. If no separate description is given, you shall receive newsletters containing information on our products, offers and campaigns as well as general information relating to our company.
Double opt-in: We use the double opt-in method when you subscribe to our newsletter. In other words, once you have subscribed to our newsletter, we will send you an email in which we will ask you to confirm your subscription. This confirmation serves to ensure that only persons who actually have access to the email provided subscribe to our newsletter. We record your newsletter subscription to have evidence of the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation as well as your IP address. We also record the changes made to your data stored with the dispatcher.
The newsletter is sent via “Newsletter 2 Go”, a newsletter dispatch platform provided by Newsletter2Go Gmbh, Köpenicker Str. 126, 10179 Berlin, Germany. You can read the data protection policy of the dispatcher here: https://www.newsletter2go.de/datenschutz/. According to the information provided by the dispatcher, the latter uses the pseudonymous data, i.e. without allocating it to a user, for optimising or improving its own services. However, the dispatcher does not use the data of our newsletter recipients for writing to them directly and does not forward it to third parties. You only need to provide your email address for subscribing to the newsletter. We optionally ask for a name so that we can address you in person in the newsletter.
The newsletters contain a web beacon, i.e. a one-pixel file which is requested by the dispatcher’s server when opening the newsletters. During this request, technical information on your browser, system, IP address and time of access is initially collected This information is used for implementing technical improvements to the service based on the technical data or the target group and their reading behaviour, using access locations (that can be determined through the IP address). The statistical collections also include the determination if and when the newsletters have been opened and which links have been clicked. Although information can be allocated to individual newsletter recipients for technical reasons, we nor the dispatcher aim to monitor individual users. The analyses rather serve to give us an insight into the reading behaviour of our users and to adjust our contents accordingly or to send different contents based on the interests of our users.
The dispatch of the newsletter and success measurement are based on the recipient’s consent in accordance with Art. 6 (1) lit. a and Art. 7 GDPR in conjunction with Section 7 (2) no. 3 of the German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG).
The subscription process is recorded on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as evidence of the consent given to receive the newsletter.
You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. An unsubscribe link is contained at the bottom of every newsletter. The personal data of any user who has only subscribed to the newsletter and unsubscribed again is deleted.
Cookies contain information that is transferred from our or third-party web servers to the user’s browser where they are stored for later access. Cookies are small files or other types of information storage. Cookies are used for creating security or are required for operating our website (e.g. for the optimal display of the website on various devices) or for storing your decision when clicking on our cookie banner.
We use session cookies which are only stored for the duration of the current visit to our website and which are essential for using our online contents. A session cookie stores a randomly generated, unique identification number, a so-called session ID. Cookies also contain information on its origin and storage period. Session cookies are deleted, at the latest, once you have left our website and close the browser.
If you do not wish for cookies to be stored on your computer, you can deactivate this option in the system settings of your browser. Stored cookies can be deleted in your browser’s system settings. Please note that the deactivation of cookies may limit the functionality of this website.
12. Google Analytics
Google is certified under the Privacy Shield treaty and therefore guarantees compliance with European data protection laws (see https://www.privacyshield.gov/
Google uses this information by our order for analysing the use of our website by users, for creating reports on the activities on our website and for providing us with further services relating to the use of this website. The processed data may be compiled into pseudonymous user profiles in the process.
We use Google Analytics with activated IP anonymisation, meaning that Google abbreviates the user’s IP address within the member states of the European Union and in other contracting states of the European Economic Area. The full IP address is only transferred to a Google server located in the USA and abbreviated there in exceptional circumstances. The IP address transferred by the user’s browser is not compiled with other Google data. Users can prevent the storage of cookies by adjusting their browser settings accordingly. They can further prevent the collection of the data created by the cookie and relating to their use of the website and its transfer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de For further information on data use by Google, settings and objection options, go to Google’s website at: https://www.google.de
13. Further services
We include third-party provider services on our website based on our justified interest within the meaning of Art. 6 (1) lit. f GDPR, i.e. our interest in an optimal advertising content. The IP addresses of users are transferred to these third-party providers. The IP address is required in technical terms to be able to display the contents. Third-party providers may use web pixels (invisible graphics, also called web beacons) for analysis and marketing purposes. Web pixels make it possible to analyse information such as visitor’s traffic on the website. The third-party providers may store information in cookies on the users’ devices. We include the following third-party providers on our website:
- External fonts by Google, LLC., https://www.google.com/fonts („Google Fonts“). The Google Fonts are integrated by sending a request to the Google server (usually located in the USA). Data protection declaration: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
- We use “Google Maps”, which is provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/ Opt-Out: https://www.google.com/settings/ads/
- We use the “YouTube” platform, which is provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://policies.google.com/privacy Opt-Out: https://adssettings.google.com/authenticated