Data protection information
for customers, suppliers, applicants and other business partners
How do we collect your data? Information on the processing of data for customers, suppliers, applicants and other business partners.
The Controller within the meaning of data protection law is
medi GmbH & Co. KG
Medicusstr. 1
D-95448 Bayreuth
Germany
Tel.: +49 (0)921 912-0
Fax: +49 (0)921 912-57
E-Mail: info@medi.de
Represented by the Managing Directors: Dirk Treiber, Gerhard Kolb, Stefan Weihermüller
We have designated an external Data Protection Officer in our company. You can reach him as follows:
Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
D-93047 Regensburg
Germany
Tel.: +49 (0)941-2986930
E-Mail: anfragen@projekt29.de
Collection and storage of personal data; nature, purpose and use
When you enter into a contractual relationship with us, the following information is collected:
Additionally as warranted for patients/end users
In addition, all information required for performing the contract with you will be collected.
The collected data may also include special categories of personal data within the meaning of Art. 9 GDPR. This includes, for example, data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data and data concerning health. The data collected for the purpose of performing the contract primarily include, for example, insurance documents, correspondence, medical certificates and findings, or the like. With your consent, such data may possibly be requested of third parties (e.g. the attending physician) or the data will be transmitted by third parties (e.g. the hospital).
Personal data and also special categories of personal data are collected
We process your personal data for purposes of your query or placement of an order with us as required for the aforementioned purposes to process your order and fulfil the obligations under the underlying contract (legal basis Art. 6, 1b GDPR).
If you have subscribed to a newsletter or participate in a sweepstake, the collection and processing of your data are based on your consent (legal basis Art. 6, 1a GDPR). You can revoke this consent for the future at any time without observing requirements of form.
Collected personal data will be stored until the expiration of the statutory retention period for merchants (6 or 10 years after the end of the calendar year in which the contractual relationship was terminated) and erased after that. By way of exception, this does not apply if we are required to retain the data for a longer period of time by reason of obligations under tax or commercial law (under the German Commercial Code, Criminal Code or Tax Code) or if you have consented to data storage for a longer period of time.
We process the data you sent to us in connection with your application in order to examine your aptitude for the position in question (or possibly other available positions in our company) and to conduct the application process.
The legal basis for processing your personal data in this application process is primarily Section 26 of the German Data Protection Law (BDSG) in the version applicable as of 25 May 2018. Accordingly, it is lawful to process the data needed in connection with the decision about establishing employment. If the data may be required for pursuing rights after the end of the application process, there may be data processing on the basis of the conditions set forth in Art. 6 GDPR, particularly to preserve justified interests under Art. 6, 1f GDPR. Our interest then consists of asserting claims or defending against them.
In case of rejection, applicant data are deleted after six months. If you agree to additional storage of your personal data, we will add your data to our applicant pool. The data there are deleted after one year. If you are approved for a position during the application process, the data are transferred from the applicant data system to our personnel information system.
We use a specialised software vendor for the application process. They work for us as a service provider and may also receive knowledge of your personal data in connection with maintaining and updating the systems. We have made what is known as a commissioned data processing agreement with this vendor, which ensures that data processing takes place in a lawful manner. Your applicant data are viewed by the personnel department after your application is received. Suitable applications are then forwarded internally to those in the department responsible for the available position. Further steps are then discussed. Within the company, only persons requiring access to your data for the proper sequence of our application procedure have such access fundamentally.
The data are processed exclusively in computer centres in the Federal Republic of Germany.
Your personal data will not be transmitted to third parties, as a general rule. Any exceptions will apply only to the extent required to fulfil the contractual relationships with you. This particularly includes the transfer of data to service providers engaged by us (so-called job processors) or other third parties whose activity is required for contractual performance (e.g. shipping companies or banks). In the relationship with these third parties, it will be assured that the third parties may only use the transferred data for the aforementioned purposes.
We use a specialised software vendor for the application process. They work for us as a service provider and may also receive knowledge of your personal data in connection with maintaining and updating the systems. We have made what is known as a commissioned data processing agreement with this vendor, which ensures that data processing takes place in a lawful manner.
You as the data subject affected by the data processing have various rights:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach
Germany
Phone: +49 (0) 981 53 1300
E-mail: poststelle@lda.bayern.de
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing. If you wish to exercise your right to object, you only need to notify us in text form. This means you can send us a letter, fax or e-mail. You can find our contact data in Section 1 of this data protection information.