Privacy at a glance

We take privacy seriously

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.

If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.

Responsible party:
medi UK Ltd.
Plough Lane
Hereford HR4 OEL
Great Britain
phone: +44 1432 37 35 00
fax: +44 1432 37 35 10
e-mail: enquiries@mediuk.co.uk

Personal data

Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.

When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.

Stored data

Server log files

Server log files

Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us. 


These are:

  • Data and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • The web browser and operating system used
  • Complete IP address of the computer making the request
  • Amount of data transmitted


This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. 


This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.

Cookies

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on your hard drive. The information stored in the cookies allows you to be automatically recognised the next time you visit our website, which will make it easier for you to use the site. The legal basis for the use of cookies is your consent in accordance with Art. 6 (1)(a) GDPR or, for necessary cookies, our legitimate interest in accordance with Art. 6 (1)(f) GDPR. Our legitimate interests are in maintaining the functionality and security of the website, protection against misuse and improving our service.


Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit, you can also refuse the use of cookies by changing the settings in your browser to “refuse cookies”. The respective procedure can be found in the settings of your browser. If you reject the use of cookies, however, there may be restrictions on the use of some areas of our website.

Cookiebot

Cookiebot

A web service of Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure full functionality of our website. Your browser or personal data is transferred to cookiebot.com in this context.


The legal basis for data processing is Art. 6 (1)(f) GDPR and Art. 6 (1)(c) GDPR. 


The legitimate interest here is in trouble-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find more information on handling of the transferred data in the Data Protection Statement of cookiebot.com under: www.cookiebot.com/de/privacy-policy/

Google

Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not collect personal data. The tool activates other tags, which may collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, it will continue to persist for all tracking tags implemented with Google Tag Manager. You can find Google’s privacy policy for this tool at: https://www.google.com/analytics/terms/tag-manager/

Google Analytics 4 

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, hereinafter “Google”, on our website. Google Analytics 4 uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information collected by means of these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities during those sessions) and to analyse user behaviour across devices.

We use Google Signals. This allows Google Analytics 4 to collect additional information about users who have activated personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

The anonymisation of IP addresses is activated by default with Google Analytics 4. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events may include:

  • Page views
  • First visit to the website
  • Start of the session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • Downloaded files
  • Ads seen / clicked
  • Language settings

The following is also recorded:

  • Your approximate location (region)
  • Your IP address (in truncated form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet provider
  • The referrer URL (via which website/advertising medium you came to this website)
  • User ID
  • Interests
  • Demographic data

Google will use this information for the purpose of evaluating your usage of our website, compiling reports on website activities for us, and carrying out further services relating to website activity and Internet usage.

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google. The data will only be passed on to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data the retention period of which has been reached takes place automatically once a month. 

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 Sent. 1 lit. a GDPR.

Google also offers an opt-out add-on for the most popular browsers, which gives you more control over what information Google collects about the websites you visit. The add-on indicates to the JavaScript (ga.js) of Google Analytics 4 that no information about the website visit should be transmitted to Google Analytics 4. However, the Google Analytics 4 opt-out browser add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For further information on installing the browser Add-On, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=de

If you visit our website from a mobile device (smartphone or tablet), you will need to click this link instead to prevent Google Analytics 4 from tracking you within this site in the future. This is also possible as an alternative to the above browser Add-On. By clicking the link, an opt-out cookie is set in your browser and is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.

If you’ve agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, Google will use your information in conjunction with Google Analytics data to create target audience lists for remarketing purposes across multiple devices. Google Analytics 4 will first collect your Google-authenticated ID on our website, which is linked to your Google account (i.e. personal data). Google Analytics will then temporarily associate your ID with your Google Analytics 4 data to optimise our target audiences. If you do not agree, you can turn it off via the corresponding settings in the “My Account” section of your Google Account.

You can find out more about the Google privacy policy and data protection regarding Google Analytics 4 at: https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

For further information on the use of “cookies” on our website and on revocation, please refer to the last section “Cookies”.

Google Ads Conversion Tracking

We use the online advertising programme “Google Ads” on our website and, in this context, conversion tracking. Google Conversion Tracking is an analytical service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If your usual residence is in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller of your data. Google Ireland Limited is therefore the Google affiliate responsible for processing your data and complying with the applicable data protection laws. The cookie for “conversion tracking” is placed on your computer when you click on an ad displayed by Google. These cookies remain valid for a limited period, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the ad and been redirected to this page. Each Google Ads client receives a different cookie. There is thus no possibility for cookies to be tracked through the websites of Ads clients. The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who have clicked on one of our ads and been redirected to a page that has a conversion tracking tag. However, we do not receive any information that personally identifies users. Your data may under certain circumstances be transferred to the USA. The data processing, in particular the placing of cookies, is carried out with your consent on the basis of Art. 6 1(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on your prior consent until the point of its withdrawal.


Further information and the Google privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/


For more information on the use of cookies on our website and your right to withdraw consent, please refer to the “Cookies” section. 

Google reCaptcha

We use the reCaptcha service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).


This query enables us to determine whether the entry has been created by a human or fraudulently by means of automated machine processing. The service includes the sending to Google of the IP address and, if necessary, additional data required by Google for the reCAPTCHA service. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be withdrawn at any time. The legality of any and all data processing operations previously carried out will not be affected by your withdrawal of consent. 


Otherwise, in accordance with Art. 6 (1)(f) GDPR, the use is based on our legitimate interest in establishing individual responsibility on the Internet and preventing misuse and spam. If the data processing is based on our legitimate interest, you can object to the processing at any time with future effect.  In the event that IP anonymisation is activated on this website, your IP address will, however, previously be truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of this service. The IP address of your browser transmitted in the reCaptcha process will not be combined with other data by Google. This data is subject to the deviating Google data protection provisions.


You can find out more about the Google privacy policy at: https://www.google.com/intl/en/policies/privacy/.


For more information on the use of cookies on our website and your right to withdraw consent, please refer to the “Cookies” section.

Google Optimize

Our website uses the web analysis and optimisation service “Google Optimize”, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google Optimize”). We use Google Optimize to increase the attractiveness, content and functionality of our website by playing new functions and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize is a sub-service of Google Analytics (see Google Analytics section).


Google Optimize uses cookies which make it possible to optimise and analyse your use of our website. The information generated by these cookies about your use of our website will generally be transferred to a Google server in the USA and stored there. We use Google Optimize with IP anonymisation activated so that your IP address is previously truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of our website, compile reports on the optimisation tests and related website activities and provide us with other services relating to website and Internet usage.


For more information on the use of cookies on our website and your right to withdraw consent, please refer to the “Cookies” section. 


You can prevent the storage of cookies by setting your Internet browser accordingly. In addition, you can prevent Google from collecting and processing the data generated by the cookie and the data related to your use of our website (incl. your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can find more detailed information on data collection and processing by Google in Google's privacy policy, which you can access at http://www.google.com/policies/privacy.

Google Doubleclick

Doubleclick by Google is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were accessed. The cookies contain no personal information. The use of DoubleClick cookies only allows Google and its affiliates to display ads based on previous visits to our or other websites. The information generated by the cookies is transferred by Google to a server in the United States for evaluation and is stored there.


Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google.


For more information about the use of cookies on our site, please see the section "Cookies".


In addition, you can prevent Google from collecting and processing the data generated by the cookies, as well as the data related to your use of the webpages, by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies with this opt-out.

Social Media

Social Plugins of Facebook, Instagram, Twitter, Pinterest, Linkedin, Youtube

On our website, we use social buttons from social media networks. These are merely integrated as HTML links into the website, meaning that when you call up our website, no connection is established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can press the like or share button, for example.

Facebook Pixel

This website uses the “Facebook Pixel” service provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We use Facebook Pixel to display ads to you and other potentially interested users on Facebook and other websites and to measure the impact of our advertising. Through Facebook Pixel, your browser establishes a connection with Facebook and, once you have agreed to the use of cookies requiring consent, places a cookie for 180 days with the information that you have accessed our website or clicked on one of our ads. If you are registered with Facebook, Facebook can assign the visit to your account. The legal basis for the processing of your data is your consent, Art. 6 (1)(a) GDPR.

You can withdraw your consent at any time with future effect:
a) by setting your browser accordingly;
b) by logging in as a user of the social network Facebook at https://www.facebook.com/settings/?tab=ads#_ 
c) by deactivating your consent on the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org

For more information on the use of cookies and consent withdrawal options on our website, please refer to the “Cookies” section.

We have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR, the terms of which you can view here.

For more information about how Facebook processes personal data, including how to assert your rights as a data subject against Facebook Ireland, please refer to Facebook’s privacy policy at www.facebook.com/about/privacy . Specific information and details about Facebook Pixel and how it works can also be found in the Help section of Facebook.

Visual Website Optimizer 

Visual Website Optimizer (VWO)


Our website uses the Visual Website Optimizer, an A/B test tool/web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter "Wingify").

Wingify uses cookies that enable analysis of your use of our website, shops and app. The information generated by the cookie about the use of our website, shops and app, along with your IP address, will be transmitted to a Wingify server in India and stored there. Wingify uses this information on our behalf to evaluate your use of the website and to optimise our webpages accordingly.

Further information on the cookies used can be found at this link: https://help.vwo.com/hc/en-us/articles/360033990873

Details on how your personal data is handled can be found at the following link: https://vwo.com/privacy-policy/.

For more information on the use of cookies on our website, please refer to the “Cookies” section.

Vimeo-Plugin

Vimeo-Plugins


We use the provider Vimeo for the integration of videos, among other things. Vimeo is operated by Vimeo, LLC headquartered at 555 West 18th Street, New York, New York 10011.

On some of our webpages, we use plugins of the provider Vimeo.

If you access the webpages of our website with such a plugin – for example, our media library – a connection to the Vimeo servers will be established, and the plugin will be displayed. By doing so, the Vimeo server will be informed which of our webpages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g., clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

Further information on data processing and privacy at Vimeo can be found at https://vimeo.com/privacy.

For more information on the use of cookies on our website, please refer to the “Cookies” section.

Trusted Shops Badge

Trusted Shops Trustbadge

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected assessments) and to offer Trusted Shops products to buyers after an order.

The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are joint controllers under privacy law in accordance with Art. 26 GDPR. In the context of this data protection information, we inform you below about the essential contents of the contract in accordance with Art. 26 para. 2 GDPR.

Within the scope of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops in case of data protection questions and to assert your rights using the contact options provided in the data protection information. Irrespective of this, you can always contact the controller of your choice. If necessary, your request will then be forwarded to the other controller for a response.

The trust badge is provided by a US CDN provider (content delivery network).

An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA. Contractors used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If the contractors used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

If you have given your consent, the Trustbadge accesses the order information stored in your end device (order total, order number, product purchased if applicable) and e-mail address after the order has been completed and your e-mail address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then be given the opportunity to register manually for the use of the services or to complete the protection as part of your existing user contract.

For this purpose, the Trustbadge accesses the following information, which is stored in the end device you are using, after you have completed your order: Order total, order number and e-mail address. This is necessary so that we can offer you buyer protection. The data will only be disclosed to Trusted Shops if you actively decide to take out buyer protection by clicking on the correspondingly labeled button in the so-called Trustcard. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection and to secure the order and, if necessary, to be able to send you evaluation invitations by e-mail afterwards.

Trusted Shops uses contractors in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel).

An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA and here for Israel. Contractors used from the USA are generally certified under the EU-U.S. Data Privacy Framework. Further information can be found here. If the contractors used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

emarsys

emarsys newsletter

We use a service provided by emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany, to send our newsletter.

We also use the double opt-in procedure, which means that the newsletter service will only be activated after you have expressly confirmed to us that you wish to receive it.

If you would like to receive the newsletter offered on this website, we require a valid e-mail address from you to verify that you are the owner of the e-mail address provided and that you agree to receive this newsletter. We will then send you a notification via email requesting that you confirm that you wish to receive our newsletter by clicking on the link contained in the email.

When you subscribe to our newsletter, we store the date of registration. No further data is collected or is only collected on a voluntary basis. This information is only stored as evidence in the event that a third party misappropriates your email address to subscribe to the newsletter without your knowledge or permission. The data you enter in the newsletter subscription form is processed exclusively on the basis of your consent (Art. 6 (1) (a) General Data Protection Regulation (GDPR)).

If you have granted your consent, we will use the preferences collected using the pseudonymous user profile for the content and design of the newsletter and emarsys will only link your email address with the user profile for the purposes of personalizing the newsletter. No other form of analysis or use beyond this will take place. Your data is stored on a server in Austria.

Furthermore, emarsys offers various analysis options for how the newsletters we send are opened and used, e.g. how many users an email was sent to, whether the emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are solely group-based; we do not use them for individual assessment.

You may revoke your consent to the storage of your data and email address as well as their use for sending the newsletter at any time with future effect, for example via the “unsubscribe” link in the newsletter. Revoking your consent does not affect the legality of data processing operations carried out prior to receipt of your request. The data provided when signing up for the newsletter is used to distribute the newsletter until you cancel your subscription, after which the data is deleted. This does not affect the data we have stored for other purposes (e.g. email addresses for the Member’s Area).

For more information on the emarsys data privacy policy, please visit: https://help.emarsys.com/hc/en-us/sections/360001104413-Data-Protection-Compliance.

emarsys Web Extend technology 

We use Web Extend technology supplied by emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany (“emarsys”) to optimize online and offline stimulus chains (re-targeting) in order to provide you with individually-tailored content when we show or send advertisements to you.

When you visit our website, cookies from emarsys are saved to your device, stored on a server in Austria, used for pseudonymised identification of the website visitor and automatically deleted after one year. The following data are collected: Browser and version number, operating system, referring URL, IP address (encrypted and abbreviated), session and cookie IDs, country, pseudonymous identifiers (external IDs or encrypted email address) from logged-in visitors as well as information on browsing behavior (products viewed and products placed in the shopping cart or purchased).

You can refuse your consent (Art. 6 para. 1a GDPR) to the processing of your data for the purpose of individualised online advertising at any time.

For more information on the use of cookies on our website, please refer to the "Cookies" section. Your data is processed on the basis of Art. 6 para. 1 lit. a) GDPR with your consent. The emarsys cookies set after consent are automatically deleted after one year.

You can refuse consent to the processing of your data for the purpose of customised online advertising on this website at any time.

emarsys uses Amazon Web Services Inc. as a processor to store the cookie information. Personal information is not transferred.

Further information on the GDPR and Web Extend can be found at https://help.emarsys.com/hc/en-us/articles/360005205113-GDPR-and-Web-Extend-all-you-need-to-know and https://help.emarsys.com/hc/en-us/sections/360001104413-Data-Protection-Compliance

For more information on the use of cookies on our website, please refer to the "Cookies" section.

Payment

PayPal

PayPal

The controller has integrated PayPal components into this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. PayPal can also process virtual payments by credit card if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why no traditional account number exists. PayPal enables online payments to be made to third parties or received. PayPal also performs fiduciary functions and offers buyer protection services.


The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.


If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, data relating to the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of the personal data required to process the payment. Data processing is necessary for our contract with you to be processed.


Cookies are placed when the service is used. For more information on the use of cookies on our website, please refer to the “Cookies” section.


PayPal's current privacy policy can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

Computop

Computop

On our website we offer payment via Giropay, Paypal, Visa and MasterCard, among others. The provider and technical payment provider for payment processing for the payment services is Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, D-96050 Bamberg, Germany (hereinafter “Computop”).


When you make a payment using the above payment methods, Computop collects various transaction data for forwarding to the bank with which you are registered. In addition to the data required for payment, Computop may collect other data, such as the delivery address or individual items in the shopping basket, in the course of processing the transaction.


Computop then authenticates the transaction using the bank’s authentication procedure. The payment amount will then be transferred from your account to ours. Neither we nor third parties have access to your account details.


Data processing is necessary for our contract with you to be processed.


For details on payment with Computop, please refer to the Terms and Conditions and the data protection provisions of Computop at: https://computop.com/uk/tos.

AmazonPay

We use the service of Amazon Payments Europe s.c.a (5 Rue Plaetis, L 2338 Luxembourg) to offer you the option to pay via Amazon Pay. Upon payment, your payment details will be shared with Amazon Payments Europe s.c.a. and Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL. All three are located at 5, Rue Plaetis L 2338, Luxembourg. Amazon Payments reserves the right to conduct a credit check. If you do not want to be forwarded to Amazon Payments Europe, please choose another payment method.


Where personal data is processed during the described transfers, the processing is carried out for the purpose of payment processing in accordance with Art. 6 (1)(b) GDPR.


Further information can be found at: pay.amazon.co.uk/help/201751600.


Cookies are placed when the service is used. For more information on the use of cookies on our website, please refer to the “Cookies” section.

Channelize.io

We use the service Bigstep Technologies Pvt. Ltd, DBA Channelize.io, Unit No 620, JMD Megapolis Building, Sector-48 Sohna Road, Gurugram, INDIA, Postal Code-122018, to organise live shopping events. Channelize is used via a plugin on our website and allows us to showcase our products in real time via live streaming video content. Viewers can actively participate in the live stream through comments and likes and have the opportunity to ask questions in real time.

During an interaction, the manually inputted user name is transmitted but not subsequently saved in the system.

For more information on the use of cookies on our website, please refer to the "Cookies" section.

More information

Customer Account

Customer Account

We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.


The legal basis for this processing activity is art. 6 (1) (b) GDPR.


We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.


For more information about the use of cookies on our site, please see the section "Cookies".

Newsletter

Newsletter

We use a service provided by emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany, to send our newsletter.

We also use the double opt-in procedure, which means that the newsletter service will only be activated after you have expressly confirmed to us that you wish to receive it.

If you would like to receive the newsletter offered on this website, we require a valid e-mail address from you to verify that you are the owner of the e-mail address provided and that you agree to receive this newsletter. We will then send you a notification via email requesting that you confirm that you wish to receive our newsletter by clicking on the link contained in the email.

When you subscribe to our newsletter, we store the date of registration. No further data is collected or is only collected on a voluntary basis. This information is only stored as evidence in the event that a third party misappropriates your email address to subscribe to the newsletter without your knowledge or permission. The data you enter in the newsletter subscription form is processed exclusively on the basis of your consent (Art. 6 (1) (a) General Data Protection Regulation (GDPR)).

If you have granted your consent, we will use the preferences collected using the pseudonymous user profile for the content and design of the newsletter and emarsys will only link your email address with the user profile for the purposes of personalizing the newsletter. No other form of analysis or use beyond this will take place. Your data is stored on a server in Austria.

Furthermore, emarsys offers various analysis options for how the newsletters we send are opened and used, e.g. how many users an email was sent to, whether the emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are solely group-based; we do not use them for individual assessment.

You may revoke your consent to the storage of your data and email address as well as their use for sending the newsletter at any time with future effect, for example via the “unsubscribe” link in the newsletter. Revoking your consent does not affect the legality of data processing operations carried out prior to receipt of your request. The data provided when signing up for the newsletter is used to distribute the newsletter until you cancel your subscription, after which the data is deleted. This does not affect the data we have stored for other purposes (e.g. email addresses for the Member’s Area).

For more information on the emarsys data privacy policy, please visit: https://help.emarsys.com/hc/en-us/sections/360001104413-Data-Protection-Compliance.

 

Security

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.


Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Data transfer to third countries

Data transfer to third countries

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

Storage period

Storage period

We will store your data,

  • if you have consented to the processing thereof, only until you withdraw your consent;
  • if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
  • if statutory retention obligations exist, until the end of the retention periods.

Your rights

You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.

Right of access

Right of access

You can request information from us as to whether and to what extent we process your data.

Right to rectification

Right to rectification

If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.

Right to erasure

Right to erasure

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.


Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.

Right to restrict processing

Right to restrict processing

You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
  • the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability

Right to data portability

You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and that such processing is carried out using automated procedures. If technically feasible, you may request us to transfer your data directly to another representative.

Right to object

Right to object

If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to appeal

Right to appeal

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.


If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.

Changes to this Privacy Policy

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure that you have the latest version. If substantial changes are made to this privacy statement, we will post them on our website.


All interested parties and visitors to our website can contact us with questions about privacy at:

ePrivacy GmbH
Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Deutschland
E-Mail: datenschutz@medi.de

Contact us! We're here to help

Service hotline

Reception time

Mon-Fri, 09.00 - 17.00