Providing help is our job
Helping people in critical medical situations or emergencies is the main focus of our business.
Privacy Policy Website
Compliance with data protection regulations is very important to Holthaus Medical GmbH und Co. KG (hereinafter referred to as “Holthaus Medical”, “we” or “us”). We would therefore like to inform you in the following about the processing of your personal data, in particular about the purposes of the respective data processing and the data categories processed, subdivided according to individual services or forms of use and about the rights to which you are entitled. With regard to the related terms, such as “personal data” or “processing”, we refer to the relevant definitions in Art. 4 GDPR.
We kindly ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require a cooperative action on your part (e.g. consent) or other individual notification.
Status: January 2024
1. Responsible party and contact information
Responsible party:
Holthaus Medical GmbH und Co. KG
Karlstraße 8
42897 Remscheid, Germany
Phone: +49 (0) 2191/9580-0
E-Mail: service@holthaus.de
Contact Data Protection:
Holthaus Medical GmbH und Co. KG
Department DPO
Karlstraße 8
42897 Remscheid, Germany
E-Mail: datenschutz@holthaus.eu
Do you have general questions or comments about this data protection declaration or specific questions about the processing of your data? We will gladly answer them. On request we will also correct, supplement or delete your personal data.
2. Legal bases and purposes of data processing
In accordance with Art. 13, 14 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not expressly mentioned in this data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) a and Art. 7 GDPR as well as Art. 9 (2) a and Art. 7 GDPR, the legal basis for processing for the purpose of fulfilling our services and carrying out contractual measures as well as answering enquiries is Art. 6 (1) b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1) c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) d of the GDPR serves as the legal basis.
Unless the purposes of data processing are expressly stated in this data protection declaration, we process your personal data – always on the basis of a legal basis – especially for the following purposes:
Execution of contract and/or service; payment processing for purchases and other services; supply advice; processing of complaints; review of application documents to establish an employment relationship; legitimation and authentication, analysis and clarification of misuse or attacks on the communication systems; protection against or detection of possible fraudulent transactions; compliance with legal retention periods; communication via telephone, e-mail, fax, live chat, video call and other channels; sending samples, rewards, products and information; registration for competitions, programs or offers; Delivery of other services that we have offered you; If legally permitted, delivery of user-specific, unsolicited offers and information about our products and services; surveys on our websites; personalisation of offers on the Internet, by e-mail, fax and other channels; determination of the effectiveness of our advertising; development of new products and services; analysis of the use of our products, services and websites; advertising or market and opinion research; data collection and storage for marketing, market research and optimisation purposes; assertion, exercise and defence of legal claims.
3. Security measures
In accordance with Articles 24, 32 of the GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons. Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to personal data, as well as access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of personal data and response to threats to personal data. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection by means of technological design and by means of data protection-friendly presettings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server. Third party security measures include in particular IP masking (pseudonymisation of your IP address).
4. Cooperation with third parties and data processors
If, in the course of our processing, we disclose (third parties) personal data to other persons and companies – including Group companies -, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract in accordance with Art. 6 (1) b GDPR), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).
Insofar as we commission so-called contract processors with the processing of personal data on the basis of a so-called “contract processing agreement” and thereby secure for ourselves, among other things, the necessary powers of influence or control with regard to the processing and use of personal data, this is done on the basis of Art. 28 GDPR. However, we remain responsible to you for the legality of the data processing.
5. Data transfers to third countries
If we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or if per-sonal data is disclosed or transferred to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or transfer personal data in a third country only if the special prerequisites of Art. 44 ff. GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recog-nised establishment of a data protection level equivalent to that of the EU or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
6. Additional information for website users
This information informs you about the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and contents as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer“).
6.1 Cookies, analysis, tracking, optimisation
Information on the cookies we use is mainly found in our cookie policy. Information on technologies from us or from third parties, which are not only used to provide a function within our online offer, but also exclusively or additionally serve the analysis of user behaviour, tracking, the optimisation of our marketing activities or other purposes, is made available to you in this data protection declaration and in our cookie policy.
6.2 Purposes of data processing
We process your personal data in particular for the following purposes:
Provision of the online offer, its contents and functions; marketing, advertising, public relations and market research; security measures; tracking (e.g. interest/behavioural profiling, use of cookies); remarketing; visitor action evaluation, interest-based and behaviour-based marketing, profiling (creation of user profiles); version measurement (measurement of the effectiveness of marketing measures); target group formation (determination of target groups relevant for marketing purposes or other output of content); cross-device tracking (cross-device processing of user data for marketing purposes).
6.3 Categories of data
We process in particular the following data categories:
Usage data (e.g. websites visited, services used, interest in content, access times); meta/communication data (e.g. device information, IP addresses, browser type); location data (data indicating the location of an end user’s end device).
6.4 Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 (1) f GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the path of the website accessed, files linked to it, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider as well as other browser header data. In particular, the processing of your IP address as personal data is necessary for communication between your browser and our server.
Log file information is stored for a period of 6 months for security reasons (e.g. for the clarification of abuse or fraud) and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c GDPR.
6.7 Links
We do not use social plug-ins from social networks that collect personal data on our websites. We only use links on our websites to the websites of our partner companies. This prevents our users’ personal data from being passed on to social networks without their knowledge when they visit our websites.
The links described above are used for the following sites:
Provider: Tosama
Privacy policy: https://www.tosama.si/gdpr/politika-zasebnosti
Provider: Holthaus Medical GmbH und Co. KG
Privacy policy: https://www.holthaus.eu/de/datenschutzerklaerung.html
Provider: SANTEX
Privacy policy: https://www.santex.it/privacy-policy/
Provider: Bastos Viegas S.A.
Privacy policy: http://www.bastosviegas.com/politica_de_privacidade
Provider: Akla AB
Privacy policy: https://www.akla.se/cookies
Provider: WeroSwiss Wernli AG
Privacy policy: http://www.weroswiss.com/
Provider: OctaMed
Privacy policy: https://www.octamed.com/?l=en
Provider: Cederroth
Privacy policy: https://www.cederroth.com/customer-service/#cookies
Provider: STS Medical Group Salvadori
Privacy policy: https://luigisalvadori.it/privacy-policy/
Provider: Ducasco-Dourmousoglou S.A
Privacy policy: https://www.ducasco.gr/
Provider: MediPlast AB
Privacy policy: https://www.mediplast.com/
Provider: Farmac Zabban
Privacy policy: http://www.farmaczabban.com/en/cookie-policy.html
Provider: INDAS DOMTAR
Privacy policy: https://www.indas.com/en
Provider: Hippokratis
Privacy policy: https://hippokratis.com/
Provider: Lohmann & Rauscher GmbH und Co. KG
Privacy policy: https://www.lohmann-rauscher.com/de-de/datenschutz/
7. Contact
When you contact us (by contact form, telephone, fax, post or e-mail), your personal data will be processed for the purpose of handling your enquiry and its processing in accordance with Article 6 (1) b of the GDPR. The information marked as mandatory in the contact form is required for the processing of your enquiry.
As a rule, we delete inquiries 3 months after their receipt, at the latest, however, if they have been answered. In the event of statutory storage obligations to be observed, the deletion shall take place after their expiry.
8. Integration of third-party services and content
Within our online offering, we use content or service offerings from third parties. This happens based on our legitimate interests (interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) f GDPR) or based on your consent according to Art. 6 (1) a GDPR. This means that we integrate third-party content and services, such as videos or fonts (herein-after referred to uniformly as “content”). This requires the third party providers to be aware of your IP address, as without the IP address they would not be able to send the Content to your browser. The IP address is therefore required for the display of content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the website. The pseudonymous information can also be stored in cookies on your device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.
In the following presentation we have compiled an overview of third party providers together with their offered contents as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on objection. Please note that we have listed further third-party providers in our cookie policy.
Provider: Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 United States of America
Privacy policy: https://policies.google.com/privacy?hl=de
Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=de
Within our online offers we use Google Universal Analytics. Google Universal Analytics’ cookies are used to collect visitor sessions and behavioral data for analysis reports. This enables us to obtain information about the use of our offers on different devices (“cross device”) and to im-prove the user-friendliness of our offers with the results obtained. For this purpose, pseudonymised user profiles are used, which do not receive any personal data such as names or e-mail addresses, and these are not transmitted to Google. Google uses this information to evaluate the use of our online offers, to create reports on the activities within our online offers and to provide us with further services associated with the use of our online offers. The processed data can be used to create pseudonymous user profiles of the users. We use Google Universal Analytics with activated IP anonymization (i. e. using the function anonymizeIP). This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data. We would like to point out that the use of IP anonymisation does not result in any fundamental anonymisation, as further usage data is nevertheless collected (e. g. such as identification features that also allow a link to an existing Google account). The cookies have a validity of 14 months.
9. Deletion, anonymisation and storage
The personal data processed by us will be deleted in accordance with Art. 17 GDPR. Unless expressly stated within the scope of this data protection declaration, the personal data stored by us will be deleted as soon as they are no longer required for their intended purpose and, in particular, there are no legal storage obligations to prevent deletion. If the personal data are not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes.
Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.
In accordance with the legal requirements, storage takes place in particular for 6 years in accordance with § 257 (1) of the German Commerical Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
10. Your rights
You have the right to revoke your consent to the processing of your personal data in accordance with Art. 7 (3) GDPR at any time with effect for the future. Processing that has taken place before the revocation therefore remains lawful.
In accordance with Art. 15 GDPR, you can request information about your personal data processed by us.
In accordance with Art. 16 GDPR, you can demand the immediate correction of incorrect or incomplete personal data stored by us.
In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us in accordance with the conditions stated there, unless legally prescribed retention periods prevent immediate deletion (cf. Art. 17 (3) GDPR) and/or another case of Art. 17 (3) GDPR exists and/or a new purpose justifies further processing.
In accordance with Art. 18 (1) GDPR, you can demand the restriction of data processing if one or more conditions in accordance with Art. 18 (1) GDPR lit. a to d apply.
In accordance with Art. 20 (1) GDPR, you can receive the personal data processed by us in a structured, common and machine-readable format and transfer this data to another responsible person without hindrance by us.
In addition, you can lodge an objection to the processing of your personal data in accordance with Art. 21 (1) GDPR. In the event of an objection, we will stop processing your personal data. However, the right of objection only applies if special circumstances arise from your personal situation. In addition, compelling reasons worthy of protection that speak in favour of processing may prevail. Furthermore, certain processing purposes may conflict with your right of objection.
Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to the competent supervisory authority (cf. Art. 77 GDPR) if you believe that the processing of your data violates data protection regulations. In this context, however, we would ask you to address a possible complaint to us first. We will then attempt to remedy the situation as quickly and effectively as possible.
