Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Bavaria Medizin Technologie GmbH. The use of the Internet pages of the Bavaria Medizin Technologie GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Bavaria Medizin Technologie GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the Bavaria Medizin Technologie GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

 

1. General information

With these data protection notices we inform you about the data processing in our company. As the responsible body, we take all legally required measures to protect your personal data. If you have any questions about this privacy policy, please contact our management:

 

The controller in the context of the data protection law is:

Bavaria Medizin Technologie GmbH
Represented by the Managing Directors: Knut Sauerteig, Ulrich Winkhaus
Argelsrieder Feld 8
82234 Wessling
Telephone +49 8153 / 401 – 0
Email: info[at]bavaria-medizin.de

 

Contact details of the Data Protection Officer:

Bavaria Medizin Technologie GmbH 

DATA PROTECTION OFFICER
Argelsrieder Feld 8
82234 Wessling
Telephone +49 8153 / 401 – 0

The company's Data Protection Officer is available at the address mentioned above and at dsb(at)bavaria-medizin.de.

The corporate object is the development, manufacturing and distribution of medical devices.

Scope of this privacy policy

This privacy policy concerns personal data of interested parties and customers of our company who are natural persons, and all other natural persons who are in contact with us, e.g. representatives or employees of legal persons, but also visitors to our website.

 

2. Data Processing

Personal data is information about your identity. This includes information such as name, address, telephone number or email address.

Data processing takes place for the fulfilment of the contract in the context of our services as well as for the fulfilment of legal obligations. We process data of interested parties to protect our legitimate interests or to initiate a contract.

In certain cases, we need further information such as your name and address, in order to be able to process your inquiry or provide the requested services. This additional personal data is only collected and stored if you provide this information voluntarily, for example as part of an inquiry, a registration, an application as an employee or a potential supplier.

In order to fulfil our contractual obligations, we cooperate with other companies. These include hosting service providers (internet, email), IT service providers and software providers (including remote maintenance).

 

We process the following personal data:

  • first name and surname, form of address, and, if necessary, title
  • mailing address
  • telephone number
  • if required, fax number
  • email address
  • information required for the proper execution of an order and customer care

 

3. We process personal data for the purpose of

  • execution and settlement of the contractual relationship and settlement of the customer service including the necessary correspondence,
  • fulfilment of our contractual and legal obligations as a company, and
  •  processing within the framework of mutual claims resulting from contracts with our customers (e.g. invoicing, performance and compensation demands, liability claims etc.)

 

4. The legal basis for data processing in our company is as follows:

  • Art. 6, par. 1, subpar. 1, letter b General Data Protection Regulation (hereinafter referred to as GDPR) for the fulfilment of contracts with our customers,
  •  Art. 6, par. 1, subpar. 1, letter c GDPR for the fulfilment of legal obligations to which we are subject as a company,
  • Art. 6, par. 1, subpar. 1, letter f GDPR, insofar as data processing is necessary to protect our legitimate interests or those of a third party; in particular, the continuous business relationship with our customers is in our legitimate interest,
  • Art. 6, par.1, subpar. 2, letter a GDPR, if you have given your consent to the processing of your personal data for certain purposes.

 

5. Disclosure of personal data

Your personal data will only be passed on to third parties if this is necessary for the purpose of carrying out the activities mentioned above or if you have previously given us your consent to passing it on. These third parties may not use your data for any other purpose.

 

We only disclose personal information about customers if we are required to do so by law or court order, or if the disclosure is necessary to enforce or protect our General Terms and Conditions or other agreements. This applies mutatis mutandis to the storage of data. The disclosure of data does not take place for commercial purposes.

Our employees as well as our commissioned companies are obliged by us to maintain confidentiality.

 

6. Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary to execute the contract with our customer (e.g. payment orders) or if you have given us your consent or if this is otherwise legally permissible. In this case, we will take measures to ensure the protection of your data, for example through contractual regulations. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR on transfer to third countries (art. 44 to 49 GDPR).

 

7. Storage, deletion

The deletion of stored personal data takes place as soon as the legal retention periods have expired.

Stored personal data will also be deleted if you revoke your consent to their storage and there is no other legal basis for doing so, if their use is no longer required to fulfil the purpose for which they were stored, or if their storage is inadmissible for other legal reasons, unless legal storage regulations contradict their deletion, then a restriction on processing (blocking) is initiated instead.

The deletion of stored personal data also takes place if your personal data has been unlawfully processed or must be deleted in order to comply with legal requirements.

In the event that the deletion cannot be carried out or only at a disproportionate expense, the processing will be restricted.

 

 

8. Information and correction

You can request information about your personal data which we process. Upon written request, we will gladly inform you about the personal data we are storing about you.

When communicating via email, we cannot guarantee complete data security. Therefore, we recommend that you communicate confidential information by mail.

If your data is not (or no longer) accurate, you may request it to be corrected. If your data is incomplete, you can request it to be completed. If we have disclosed your details to third parties, we will inform these third parties of your correction - provided that this is required by law.


9. Restrictions on the processing of personal data

You have the right to request a restriction on the processing (blocking) of your personal data for one of the following reasons:

If you dispute the accuracy of your personal data and we have had the opportunity to verify its accuracy.

If the processing does not take place lawfully and you demand a restriction of use instead of deletion.

If we no longer need your data for the purposes of processing, but you need it to assert, exercise or defend against legal claims.

If you lodged an objection, as long as it is not clear yet whether your interests prevail.

 

10. Right to data transfer

You have the right to receive the personal data you have provided us with in a transmittable format.

 

11. Right to objection, contact, complaint

You can revoke your consent to our collection and storage of your personal data at any time. If you have any questions about our data policy or any requests regarding correction and deletion of your data, you are welcome to send them to us via email to dsb(at)bavaria-medizin.de or by mail to Bavaria Medizin Technologie GmbH, Argelsrieder Feld 8, 82234 Wessling. You are also entitled to file a complaint with the responsible data protection authority.

 

If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint pursuant to art. 77, par. 1 GDPR with a data protection authority (usually the State Commissioner for Data Protection and Freedom of Information). In particular, the complaint can be lodged with the supervisory authority responsible for your usual place of residence, workplace or presumed infringement.

12. Changes to our privacy policy

This information corresponds to the legal status as of May 25, 2018. We reserve the right to change our security and data protection measures if this becomes necessary due to technical progress. In this case, we will also adapt our privacy policy information accordingly. Therefore, please take note of the current version of our privacy policy.

1. Introduction

Thank you very much for your interest in our company. Data protection has a particularly high priority for the management of Bavaria Medizin Technologie  GmbH. With the following information, we would like to give you, the “data subject”, an overview of how we process your data and inform you about your rights in the context of the data protection laws. Using the website of Bavaria Medizin Technologie GmbH is basically possible without entering personal data. However, if you wish to make use of our company’s special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary, but there is no legal basis for such processing, we will generally seek your consent.

Processing personal data, for example, your name, postal or email address, is carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to Bavaria Medizin Technologie GmbH. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

Bavaria Medizin Technologie GmbH, as data controller, has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of the data processed via this website. Nevertheless, internet-based data transfer can have security gaps in principle, therefore, absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to our company by alternative means, for example, by telephone or mail.

 

2. Controller

The controller in the context of the GDPR is:

Bavaria Medizin Technologie GmbH
Argelsrieder Feld 8
82234 Wessling
Germany
Telephone: +49 8153 / 401 – 0
Email: info(at)bavaria-medizin.de
Website: www.bavaria-medizin.de

 

3. Data Protection Officer

The data protection officer is available as follows:

Bavaria Medizin Technologie GmbH
Data Protection Officer
Argelsrieder Feld 8
82234 Wessling
Germany
Telephone: +49 8153 / 401 – 0
E-Mail: dsb(at)bavaria-medizin.de 

If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly at the address above at any time.

 

4. Definitions

The privacy policy of Bavaria Medizin Technologie GmbH is based on the terms used by the General Data Protection Regulation (GDPR) of the European Union. Our privacy policy is supposed to be easily readable and comprehensible for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.

Among others, we use the following terms in this privacy policy:

a. Personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Data subject

Data subject refers to every identified or identifiable natural person whose personal data is processed by the controller (our company).

c. Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d. Restriction on processing

Restriction on processing is the marking of stored personal data with the aim of limiting their processing in the future.

eProfiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f. Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and technical and organizational measures ensure that the personal data is not attributed to an identified or identifiable natural person.

g. Data processor

The data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h. Recipient

The recipient is a natural or legal person, public authority, agency or any other body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

i. Third party

A third party is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor are authorized to process the data.

jConsent

Consent is any freely given, specific, informed and unambiguous indication of a data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  

5. Legal basis of processing

Art. 6 par. 1 point a GDPR serves as legal basis for processing operations in our company for which we seek consent for a specific processing purpose.

If the processing of personal data is necessary for fulfillment of a contract to which you are a party, as is the case, for example, with processing operations which are necessary for the delivery of goods or the performance of other services, the processing is based on art. 6 par.1 point b GDPR. The same applies to processing operations which are necessary for the performance of pre-contractual measures, for example, in case of an inquiry regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on art, 6 par. 1 point c GDPR.

In rare cases, the processing of personal data can become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company is injured and his name, age, health insurance or other vital information needs to be shared with a doctor, a hospital or other third parties. In this case, the processing is based on art. 6 par. 1 point d GDPR.

Ultimately, processing operations can be based on art. 6 par.1 point f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis, if the processing is necessary to protect legitimate interests of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular, because they have been specifically mentioned by the European legislator. In this respect, they were of the opinion that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

 

6. Technology

6.1 SSL/TLS Encryption

To ensure security of data processing and to protect the transmission of confidential information, such as orders, login data or contact requests which you send to us as the operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that there is a "https://" instead of a "http://" and a lock symbol in the address line of your browser.

Once the SSL or TLS encryption has been activated, the data you are transmitting to us cannot be read by third parties.

 

6.2 Data collection during website visit

If you are using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data which your browser transmits to our server (in so-called "server log files"). Our website collects a range of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the log files of the server. The following can be recorded:

  • used browser type and versions,
  • operating system used by the accessing system,
  • website from which an accessing system accesses our website (so-called referrer),
  • sub-websites which are accessed via an accessing system on our website,
  • date and time of access to the website,
  • internet protocol address (IP address),
  • internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. This information is mainly required in order to

  • deliver the contents of our website correctly,
  • optimize the content of our website and the advertising for it,
  • ensure the long-term operability of our IT systems and the technology of our website, and
  • provide law enforcement authorities with the information they need to prosecute a cyberattack.

We therefore evaluate the collected data and information both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The data in the server log files is stored separately from all personal data provided by the person concerned.

The legal basis for data processing is art. 6 par. 1 p.1 point f GDPR. Our legitimate interest results from the data collection purposes listed above.

 

7. Our activities in social networks

In order to be able to also communicate with you in social networks and inform you about our services, we are represented in these networks with our own pages.

We are not the original host (controller) of these pages, but use them only within the framework of the possibilities offered by the respective providers.

As a precaution, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Using our pages in these networks can therefore have data protection risks, since the protection of your rights, for example, to information, deletion, contradiction, etc. can be complicated and the processing in social networks is frequently directly connected to marketing purposes or to the analysis of user behavior by the host, without us having any influence. If the provider creates user profiles, cookies are often used or the user behavior is directly assigned to your own member profile in the social networks (provided you are logged in). 

The described processing operations of personal data are carried out in accordance with art. 6 par. 1 point f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user to the respective providers, the legal basis refers to art. 6 par. 1 point a GDPR in conjunction with together with art. 7 GDPR.

Since we have no access to the provider's data bases, we would like to point out that you should assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Below, we have listed further information on the processing of your data in social networks and the possibility to make use of your right to objection or revocation (so-called opt-out), divided into the respective providers of the social networks we are using:

 

7.1 XING

Controller of data processing in Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Privacy policy:
privacy.xing.com/de/datenschutzerklaerung

Information request for XING members:
www.xing.com/settings/privacy/data/disclosure

 

8. Your rights as data subject

8.1 Right to confirmation

You have the right to request our confirmation as to whether your personal data is being processed.

 

8.2 Right of access art. 15 GDPR

You have the right to obtain free information on the personal data stored about you and to receive a copy of this data at all times.

 

8.3 Right to rectification art. 16 GDPR

You have the right to obtain the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, the data subject shall have the right to have incomplete personal data completed.

 

8.4 Erasure art. 17 GDPR

You shall have the right to obtain from us the erasure of your personal data without undue delay if one of the statutory reasons applies and if processing is not necessary.

 

8.5 Right to restriction of processing art. 18 GDPR

You have the right to obtain from us restriction of processing if one of the statutory requirements is met.

 

8.6 Data portability art. 20 GDPR

You shall have the right to receive the personal data which you provided to us in a structured, commonly used and machine-readable format. You shall also have the right to transmit this data to another controller without hindrance from us, to which the personal data have been provided, provided that the processing is based on the consent pursuant to art. 6 par. 1 point a GDPR or art. 9 par. 2 point a GDPR or on a contract pursuant to art. 6 par. 1 point b GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task which is in the public interest or which is carried out in the exercise of official authority which was assigned to us.

Furthermore, when exercising your right to data transferability pursuant to art. 20 (1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

 

8.7 Objection art. 21 GDPR

You shall have the right to object on grounds relating to your particular situation to processing of your personal data which is based on art. 6 par. 1 point e (data processing based on public interest) or f (data processing based on weighing of interests) GDPR at any time.

This also applies to profiling based on those provisions in the sense of art. 4 no.4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

In individual cases we process personal data for direct marketing purposes. You shall have the right to object to processing of your personal data for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing, your personal data shall no longer be processed for such purposes.

Furthermore, you shall have the right to object on grounds relating to your particular situation to processing of personal data which is used for scientific or historical research or statistical purposes pursuant to art. 89 par. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You are free to exercise your right to objection in relation to the use of information society services, notwithstanding directive 2002/58/EC by means of automated procedures using technical specifications.

 

8.8 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time and with effect for the future.

 

8.9 Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection regarding our processing of personal data.

This privacy policy is currently valid and is dated June 2019.

Due to further development of our websites and offers or due to changed legal or official specifications, it may become necessary to change this privacy policy. You can access and print our current privacy policy on our website https://www.bavaria-medizin.de/privacy-policy/ at any time.

We are pleased that you are interested in our company and are applying or have applied for a job at BMT. We would therefore like to provide you with the following information on the processing of your personal data in connection with your application.

 

Who is responsible for data processing?

The controller in the context of the data protection law is:

Bavaria Medizin Technologie GmbH
Represented by the Managing Directors: Knut Sauerteig, Ulrich Winkhaus
Argelsrieder Feld 8
82234 Wessling
Telephone +49 8153 / 401 – 0
Email: info[at]bavaria-medizin.de

 

Contact details of the Data Protection Officer:

Bavaria Medizin Technologie GmbH 
DATA PROTECTION OFFICER
Argelsrieder Feld 8
82234 Wessling
Telephone +49 8153 / 401 – 0

The company's Data Protection Officer is available at the address mentioned above and at dsb(at)bavaria-medizin.de.

 

Which of your data do we process? And for what purpose?

We process the data you sent us in connection with your application in order to assess your suitability for the position (or, if applicable, any other open positions in our company) and to carry out the application process.

What is the legal basis for this?

The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG. According to this Act, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be necessary for legal prosecution after completion of the application procedure, data processing may be carried out based on the requirements of art. 6 General Data Protection Regulation (hereinafter referred to as GDPR), in particular to protect legitimate interests according to art. 6, par. 1, letter f) GDPR. Our interest then lies in the enforcement or defense of claims.

 

How long is the data stored?

In the event of rejection, the candidate's data will be deleted after six months.

If you have agreed that your personal data is being stored further, we will transfer your data to our applicant collection. After two years, this data will be deleted.

If you have been accepted for a position in the context of the application process, the data will be transferred from the applicant data system to our personnel data system.

 

To which recipients will the data be forwarded?

After receipt of your application, your applicant data will be reviewed by our Human Resources Department. Suitable applications will then be forwarded internally to the Department Managers responsible for the respective vacant position. Subsequently, the further procedure will be coordinated. Only persons in our company who need the data for the proper course of our application procedure have access to your data.

 

Where is the data processed?

The data is exclusively processed in computer centers of the Federal Republic of Germany.

What rights do you have as a "data subject"?

You have the following rights as a "data subject" in the context of the application procedure:

  • Right of access according to art. 15 GDPR
  • Right to rectification according to art. 16 GDPR
  • Right to erasure ("right to be forgotten") according to art. 17 GDPR
  • Right to restriction of processing according to art. 18 GDPR
  • Right to data portability in a structured, commonly used and machine-readable format according to art. 20 GDPR

 

What right of appeal do you have?

If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority according to art. 77 par. 1 GDPR (usually the State Commissioner for Data Protection and Freedom of Information). In particular, the complaint can be lodged with the supervisory authority, which is competent at the place of your habitual residence or of the alleged infringement.

 

Wessling, May 2, 2019