The following is to inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations, in particular the European Union's General Data Protection Regulation (GDPR).
Personal data as defined by the GDPR is any data that can be personally connected to you, so for example, name, address, e-mail addresses, and user behaviour. Which data is processed in detail and how it is used depends largely on the services we use.
We use various other terms in our data protection information in accordance with the GDPR, including such terms as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority, and international organisation. Art. 4 GDPR provides the corresponding definitions for these terms.
1. Who is responsible for data processing and whom can I contact?
The data controller is:
CA DIGITAL GmbH
Walder Str. 53
+49 2104 8004100
+49 2104 8004199
You can contact our data protection officer at:
mip Consult GmbH
Lawyer Dietrich Felgner
Wilhelm Kabus-Straße 9
+49 2104 8004100
firstname.lastname@example.org || email@example.com
2. What sources and data do we use?
We process personal data that we have received from you when you use our website and in the context of any business relationship with you. If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specifically accessed website), access status/HTTP status code, data volume transmitted in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, notification of successful retrieval. We also receive your personal data if you contact us via the contact form or email or if you register in our Treatment Manager. Personal data is here e.g. name of the practice/company, contact person, address, email, phone number (hereinafter referred to as "contact data"), homepage, VAT ID.
3. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:
If you have given us your consent to the processing of personal data for specific purposes (e.g. when registering for order processing, contacting us via our contact form or by e-mail for processing and handling the inquiry, sending newsletters, advertising by telephone, e-mail, SMS, etc.), the legality of this processing is given on the basis of your consent. You may revoke your consent at any time. Please note that such revocation only applies with future effect. Processing operations that are performed prior to the revocation are not affected. The revocation can be sent to us using the contact details above or to firstname.lastname@example.org.
Consent, art. 6 para. 1a GDPR
When contacting us (via contact form or e-mail), your details will, if applicable, not only be used to process the contact enquiry, but also based on the implementation of pre-contractual measures, according to art. 6 para. 1b GDPR. We also process your data for contract processing, specifically for the manufacture of products and the sale of products that can be found on our website or in our catalogue.
Implementation of pre-contractual measures on request of the person, Art. 6 para. 1b GDPR
When contacting us (via contact form or email) in connection with your job application, we will process your data to verify your suitability for the position (or any other open positions in our companies) and to complete the recruiting/hiring process. Your application data will be reviewed by the human resources department upon receipt. Suitable applications are then forwarded internally to the hiring managers for the respective open position. They will then decide on the further course of action. Within the company, your data will be provided only to those persons who need it to ensure proper handling of our recruiting and hiring process.
Justification of an employment relationship, § 26 BDSG (Federal Data Protection Act) and after completion of the application process in case of rejection of legitimate interest, Art. 6 para. 1f GDPR (defence against claims), if necessary, unless granted permission, Art. 6 para. 1a
We process your access data (see above under item 2) for the protection of our legitimate interests or those of third parties, particularly the following legitimate interests:
In the context of balancing of interests in order to safeguard legitimate interests, Art. 6 para. 1F GDPR.
4. Who will receive my data?
Within the company, only those employees who need your data to fulfil our contractual and legal obligations will have access to it. Contractors used by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These include companies providing IT services, logistics, printing services, accounting, controlling, telecommunications, collection, consulting, and sales/marketing services. If we use contract processors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
Outside our company, we may disclose information about you to third parties if one of the legal bases listed under “For what purpose do we process your data (purpose of processing) and on what legal basis?” applies or you have consented to the data transfer. In this context, we share your information with the following recipients:
- Scheu Dental GmbH (intra-group company)
- SMILE Dental Handelsgesellschaft mbH (intra-group company)
- State authorities (including financial, fiscal, administrative, criminal or judicial authorities),
- private testing companies.
Data will only be passed on to third parties within the framework of legal requirements.
5. How long will my data be stored?
For security reasons (e.g. to investigate misuse or fraud) log file information is stored for a maximum of 30 days and then deleted (see point 2 above). Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified. If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or by email.
The data for job applicants will be deleted after 6 months if not hired. In case you have agreed to further storage of your personal data, we will add your data to our applicant pool. In this case, the data will be deleted if you revoke your consent or after 5 years at the latest. If we hire you, your data will be stored in our personnel management system.
In addition, we are subject to various retention and documentation obligations based on such laws as the German Commercial Code (HGB) and the Tax Code (AO) as well as the guideline 93/42/EWG on medical products. The period for retention and documentation specified in these regulations can range from two to ten years or depending on the case for a lifetime. Finally, the retention period is also determined based on statutory limitation periods, the regular limitation period according to Art. 195 ff. of the German Civil Code (BGB) is three years, but in certain cases may also up to thirty years.
6. Is data transferred to a third country or to an international organization?
The data provided will be processed within the European Union and in the USA. Please note that we either ensure with recipients of your data for countries without a Commission adequacy decision under Article 45 GDPR, as is the case with the US, that they are certified under the EU-US Privacy Shield (such as Google) or that we have agreed EU standard data protection clauses with these recipients. This is in order to protect your data and to achieve an appropriate level of protection for your personal data. You have the option of obtaining or viewing copies of the EU standard data protection clauses. If required, please contact us using the contact details given above under point 1.
7. What data protection rights do I have?
Each person concerned has
- the right of information acc. to art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
- the right of correction acc. to art. 16 GDPR (i.e. in case your personal data is incorrect or incomplete, you can request that it be corrected),
- the right of deletion acc. to art. 17 GDPR and the right to restrict the processing according to art. 18 GDPR (i.e. you may have the right to request cancellation or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and further data retention is not required by legal retention requirements),
- the right of data portability pursuant to Art. 20 GDPR, (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, common, machine-readable format and to transfer this data to another person in charge without hindrance).
You may also revoke your consent at any time with future effect. In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG, the German Federal Data Protection Act). You can find the supervisory authority responsible for you here .
In addition, we would like to point out your right to object to the processing of your data acc. to art. 21 GDPR:
Information On your right of objection acc. to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your specific situation, to the processing of personal data concerning you under art. 6 para. 1 lit e GDPR (data processing in the public interest) and art. 6 para. 1 lit f GDPR (data processing based on a balance of interests), this also applies to a profiling based on this provision within the meaning of Article 4 no. 4 GDPR, which we use for questionnaire evaluation or for advertising purposes.
If you lodge your objection, we will no longer process the personal data that concerns you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we will process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it in conjunction with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and there are no other costs than the transmission costs according to the basic tariffs.
The objection should, if possible, be addressed to:
CA DIGITAL GmbH
Walder Str 53
or by e-mail to:
8. TO WHAT EXTENT IS THERE AUTOMATED DECISION MAKING IN INDIVIDUAL CASES INCLUDING PROFILING
When accessing our website or contacting us by form or email, we do not use fully automated automatic decision making as defined in Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the framework of our website/Treatment Manager you must provide the personal data that is technically required or required for IT security reasons for the use of our website. If you do not provide the above information, you may not use our website.
When contacting us by form or e-mail, you only need to provide the personal data required to process your request. Otherwise we cannot process your request.
The following is to inform you about our newsletter and the registration, distribution and statistical evaluation procedures associated with it, as well as your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and agree to the procedures described. Newsletter contents: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as the "newsletter") only with the express consent of recipients or with statutory permission. If we specifically describe individual newsletters upon registration, this description is decisive for the consent of a newsletter subscriber. If there is no separate description, you will receive information about our products, offers and promotions as well as information about our company in our newsletters. Double opt-in: Registration for our newsletter takes place using the so-called double-opt-in procedure. This means that upon subscribing, you will receive an email requesting confirmation of the subscription. This confirmation serves to ensure that only persons who also have access to the specified email address sign up to our newsletter. A record of subscriptions to the newsletter is kept in order to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Any changes to your data registered with the newsletter distribution platform will also be recorded.
According to its own information, the dispatch platform service provider uses the data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services. However, the dispatch platform service provider will not use the data of our newsletter recipients to approach recipients directly nor will it pass the information on to third parties. To subscribe to the newsletter, simply enter your email address. Optionally, we ask you to enter a name for the newsletter, so that we can address you personally. The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved by the server of the dispatch platform service provider when the newsletter is opened. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for technical improvement of the service, as technical data or target group data that can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses), or download times. Statistical data collection also includes an analysis of when the newsletters are being opened and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor the dispatch platform service provider's intention to observe individual users. Data analysis is more importantly used to recognise patterns in the reading behaviour of our users, and to adapt contents accordingly or send different content according to the interests of our users.
To subscribe to the newsletter, simply enter your email address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
The dispatch of the newsletter and the measurement of success are based on the consent of the recipients in accordance with Art. 6 Para. 1a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG (German Fair Trade Practices Act) or on the basis of legal permission in accordance with § 7 Para. 3 UWG (German Fair Trade Practices Act).
The logging of the registration procedure is based on our legitimate interests in accordance with Art. 6 para. 1f GDPR and serves as proof of consent to receive the newsletter.
You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. You will find an unsubscribe link at the end of each newsletter. If the users have only subscribed to the newsletter and cancelled this subscription, your personal data will be deleted.
https://optout.networkadvertising.org/ or the American webseite https://www.aboutads.info/choices or the European website https://www.youronlinechoices.com/uk/your-ad-choices/.
12. Google Analytics
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law, see https://www.privacyshield.gov/.
Google will use this information on our behalf to evaluate the use of our website by our users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website. Pseudonym usage profiles of users may be created from the processed data.
We use Google Analytics with activated IP anonymisation. This means that the IP address of the user is abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.
Alternatively, you can prevent Google Analytics from recording the data by clicking on the following link. An opt-out cookie is set to prevent future collection of your information when you visit this site: Click here to set the opt-out cookie for Google Analytics. This opt-out cookie applies only to the device on which you accessed this link and only for the period this cookie is not deleted.
You can find further information on data use by Google, setting and objection possibilities on the web pages of Google: https://www.google.de.
13. Other services
We use service offers from third parties on our website within the scope of our legitimate interests in the sense of Art. 6 Para. 1f GDPR, i.e. our interest in an optimal web presence. The IP address of the user is transmitted to these third parties. The IP address is required for technical reasons, i.e. to display the contents. Third party providers may use so-called web pixels (invisible graphics, also known as "web beacons") for evaluation or marketing purposes. These tracking pixels can be used to evaluate information, such as the number of visitors to the website using them. The third parties may store information in cookies on your device.
We use the following third-party providers on our website:
14. OUR SOCIAL MEDIA PRESENCES
We are also presented on social networks and platforms to communicate with you there and to inform you about our services. We would like to point out that your data may be processed outside the European Union and that the data is generally processed there for market research and advertising purposes. User profiles can be created from the user behaviour and the associated user interests. The user profiles can in turn be used, for example, to display advertisements that presumably correspond to the interests of the users, both within and outside of the platforms. For this purpose, cookies may be stored on the users' computers, in which the usage behaviour and interests of the users are stored. Other data may also be stored in these user profiles, especially if the users are members of the respective platforms and are logged in to them.
The processing of users' personal data is based on our legitimate interests in the broadest possible communication with our users in accordance with Art. 6 Para. 1 letter f GDPR. If the respective social networks obtain consent for the data processing, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. For information about the respective processing and the respective possibilities of objection, we refer to the following linked data protection information of the providers:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland), Facebook pages, based on an agreement on joint processing of personal data - Privacy Information: https://www.facebook.com/about/privacy/ https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – privacy information: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated<g id="27">.</g> https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Information / Opt-Out: http://instagram.com/about/legal/privacy/
- Twitter, (Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA) – privacy informatio: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Information https://www.linkedin.com/legal/privacy-policy Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
- XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany – privacy information/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Datenschutzinformation/ Opt-Out: about.pinterest.com/de/privacy-policy
In the case of requests for information and the assertion of user rights, we recommend that these are asserted directly with the providers, as the providers have direct access to the data. If you still need further assistance, you can contact us using the contact details above.