Information on the processing of data pursuant to Art. 13 GDPR
How do we collect your data? Information on the processing of data for customers, suppliers, applicants and other business partners.
The Controller within the meaning of data protection law is
medi GmbH & Co. KG
Tel.: +49 (0)921 912-0
Fax: +49 (0)921 912-57
Represented by the Managing Directors: Dirk Treiber, Gerhard Kolb, Stefan Weihermüller
We have designated an external Data Protection Officer in our company. You can reach him as follows:
Projekt 29 GmbH & Co. KG
Tel.: +49 (0)941-2986930
Collection and storage of personal data; nature, purpose and use
When you enter into a contractual relationship with us, the following information is collected:
- Form of address, title, first name, last name
- E-mail address
- Telephone number (fixed line and/or mobile)
- Fax number, where applicable (if available and desired)
- Account data, where applicable
- Date of birth, where applicable
- Access data, where applicable (if required for the cooperation)
- Creditworthiness data, where applicable (as warranted and on a spot check basis)
- Result of sanctions review, where applicable
Additionally as warranted for patients/end users
- For made-to-measure production: personal measurement data, together with the indication, where applicable (health data)
- For complaints: Photos, also with health background information, where applicable, e.g. intolerances or the like (health data)
- For medi vision: date and time of the scan, software version of the app, measurement data and circumferences up to the waist, 3D model (file with anonymised (or randomised) name)
In addition, all information required for performing the contract with you will be collected.
The collected data may also include special categories of personal data within the meaning of Art. 9 GDPR. This includes, for example, data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data and data concerning health. The data collected for the purpose of performing the contract primarily include, for example, insurance documents, correspondence, medical certificates and findings, or the like. With your consent, such data may possibly be requested of third parties (e.g. the attending physician) or the data will be transmitted by third parties (e.g. the hospital).
Personal data and also special categories of personal data are collected
- in order to identify you as a customer or supplier;
- in order to advise you appropriately;
- in order to fulfil our contractual obligations to you;
- in order to fulfil our legal obligations;
- in order to conduct correspondence with you;
- in order to bill you or send you payment reminders;
- for purposes of reliable direct advertising;
- in order to assert any claims against you.
We process your personal data for purposes of your query or placement of an order with us as required for the aforementioned purposes to process your order and fulfil the obligations under the underlying contract (legal basis Art. 6, 1b GDPR).
If you have subscribed to a newsletter or participate in a sweepstake, the collection and processing of your data are based on your consent (legal basis Art. 6, 1a GDPR). You can revoke this consent for the future at any time without observing requirements of form.
Collected personal data will be stored until the expiration of the statutory retention period for merchants (6 or 10 years after the end of the calendar year in which the contractual relationship was terminated) and erased after that. By way of exception, this does not apply if we are required to retain the data for a longer period of time by reason of obligations under tax or commercial law (under the German Commercial Code, Criminal Code or Tax Code) or if you have consented to data storage for a longer period of time.
What data do we process, and for what purposes?
We process the data you sent to us in connection with your application in order to examine your aptitude for the position in question (or possibly other available positions in our company) and to conduct the application process.
What is the legal basis?
The legal basis for processing your personal data in this application process is primarily Section 26 of the German Data Protection Law (BDSG) in the version applicable as of 25 May 2018. Accordingly, it is lawful to process the data needed in connection with the decision about establishing employment. If the data may be required for pursuing rights after the end of the application process, there may be data processing on the basis of the conditions set forth in Art. 6 GDPR, particularly to preserve justified interests under Art. 6, 1f GDPR. Our interest then consists of asserting claims or defending against them.
How long are the data stored?
In case of rejection, applicant data are deleted after six months. If you agree to additional storage of your personal data, we will add your data to our applicant pool. The data there are deleted after one year. If you are approved for a position during the application process, the data are transferred from the applicant data system to our personnel information system.
What recipients receive the data?
We use a specialised software vendor for the application process. They work for us as a service provider and may also receive knowledge of your personal data in connection with maintaining and updating the systems. We have made what is known as a commissioned data processing agreement with this vendor, which ensures that data processing takes place in a lawful manner. Your applicant data are viewed by the personnel department after your application is received. Suitable applications are then forwarded internally to those in the department responsible for the available position. Further steps are then discussed. Within the company, only persons requiring access to your data for the proper sequence of our application procedure have such access fundamentally.
Where are the data processed?
The data are processed exclusively in computer centres in the Federal Republic of Germany.
Customers & Suppliers
Your personal data will not be transmitted to third parties, as a general rule. Any exceptions will apply only to the extent required to fulfil the contractual relationships with you. This particularly includes the transfer of data to service providers engaged by us (so-called job processors) or other third parties whose activity is required for contractual performance (e.g. shipping companies or banks). In the relationship with these third parties, it will be assured that the third parties may only use the transferred data for the aforementioned purposes.
We use a specialised software vendor for the application process. They work for us as a service provider and may also receive knowledge of your personal data in connection with maintaining and updating the systems. We have made what is known as a commissioned data processing agreement with this vendor, which ensures that data processing takes place in a lawful manner.
You as the data subject affected by the data processing have various rights:
- Right of revocation: You can revoke the consents you have granted to us at any time. In that case, the data processing performed on the basis of your revoked consent will no longer be continued in the future.
- Right to information: You can demand information from us about your personal data we process. This applies particularly to the purposes of data processing, the categories of personal data, possibly the categories of recipients, the storage period, possibly the origin of your data and possibly the existence of automated decision making, including profiling and where applicable, conclusive information about the related details.
- Right to rectification: You can demand the rectification of your incorrect or incomplete personal data stored with us.
- Right to erasure: You can demand the erasure of your personal data stored with us insofar as the processing of the data is not necessary for exercising the right of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing: You can demand the restriction of processing of your personal data if you contest the accuracy of the data or if the processing is unlawful but you oppose the erasure of the data. You also have this right when we no longer need the data, but they are required by you for the establishment, exercise or defence of legal claims. In addition, you have this right when you have objected to the processing of your personal data.
- Right to data portability: You can demand that we give you the personal data you have provided to us in a structured, commonly used and machine-readable format. Alternatively, you can demand that we transmit the personal data you have provided to us directly to another controller, to the extent this is possible.
- Right to complain: You can complain to a data protection supervisory authority if (for example) you believe that we are processing your personal data unlawfully. You have the right to complain to a data protection supervisory authority about our processing of your personal data. The data protection supervisory authority with jurisdiction over us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Phone: +49 (0) 981 53 1300
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing. If you wish to exercise your right to object, you only need to notify us in text form. This means you can send us a letter, fax or e-mail. You can find our contact data in Section 1 of this data protection information.