Privacy Policy

An overview of data protection

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Details can be found in our privacy policy under the heading "Analytics and advertising." You can object to this analysis. We will inform you below about how to exercise your options in this regard.

General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

medi UK Ltd.
Plough Lane
HR4 0EL Hereford
United Kingdom
eMail: enquiries@mediuk.co.uk

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment. Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible. In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

Data protection representative

Andrea Harris
medi UK Ltd.
Plough Lane
Hereford
HR40EL

Phone: 01432 373 500
Fax: 01432 373 510
eMail: enquiries@mediuk.co.uk

Data collection on our website

Cookies


Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Leaving comments on this website

If you use the comment function on this site, the time at which you created the comment and your email address will be stored along with your comment, as well as your username.

Storage of the IP address

Our comment function stores the IP addresses of those users who post comments. Since we do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.

Subscribing to the comment feed

As a user of this site, you can sign up to receive the comment feed after registering. Your email address will be checked with a confirmation email. You can unsubscribe from this function at any time by clicking the link in the emails. The data provided when you subscribed to the comments feed will then be deleted, but if you have submitted this data to us for other purposes or elsewhere (such as subscribing to a newsletter), it will be retained.

How long comments are stored

The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).

Legal basis

The comments are stored based on your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Social media

Facebook plugins (Like & Share buttons)

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook's privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter's privacy policy, please go to https://twitter.com/privacy. Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings

Pinterest plugin

Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.

When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.

Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.de/policies/privacy/.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Google Tag Manager

The Google Tag Manager is a service provided by Google Inc. ("Google") with which tags can be created, updated and managed.

Tags are small code elements on our website which, among other things, serve to measure traffic and visitor behavior, to capture the impact of online advertising and social channels. When you visit our website/app, the current tag configuration is sent to the user's browser. It contains instructions on which tags to trigger. The tool itself does not collect any personal data. However, the tool makes it possible to trigger other tags, which may in turn collect data. For more information about how Google Tag manager works, see: Support-Tag-Manager and the usage guidelines: https://www.google.de/tagmanager/use-policy.html

Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users' identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used. Check out Facebook's privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

CrazyEgg

Our website uses the tracking tool CRAZYEGG to record randomly selected individual visits (only with anonymized IP address). This tracking tool allows you to use cookies to evaluate the way you use the website (e.g. which content is clicked). A usage profile is displayed visually. The use of the tool does not collect, process or use any personal data from you. Only usage profiles are created when using pseudonyms.

You may at any time object to the collection, processing and recording of the data generated by CrazyEgg.com by following the instructions under www.crazyegg.com/opt-out. For more information on CrazyEgg.com privacy, see www.crazyegg.com/privacy

HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

The sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information is stored on servers of our software partner HubSpot. They can be used by us to get in touch with visitors to our website and to determine which services our company is interested in. All information we collect is subject to this privacy policy. For more information, please visit the following HubSpot page: https://legal.hubspot.com/privacy-policy.

We use all information collected exclusively to optimize our marketing. HubSpot is a software company based in the United States with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: + 353 1 5187500, https://www.hubspot.de/. HubSpot is subject to the TRUSTe's privacy seal.

Newsletter

Newsletter data

On the medi website, users are given the opportunity to subscribe to our company's newsletter. The personal data that is transmitted to the Controller for the purpose of ordering the newsletter results from the input mask used for this.

medi informs its customers and business partners at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if (1) the person concerned has a valid e-mail address and (2) the person concerned registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered for the newsletter for the first time in the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address has authorized the receiving of the newsletter as the person concerned.

When registering for the newsletter, we also store the IP address of the Internet service provider (ISP) of the computer system used by the data subject at the time of registration and the date and time of registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of the e-mail address of an affected person at a later date and therefore serves the legal protection of the controller.

The personal data collected as part of an application for the newsletter will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as in the case of changes to the newsletter offer or the change of the technical circumstances. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be terminated by the person concerned at any time. The consent to the storage of personal data that the person concerned has granted us for the newsletter can be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe at any time directly on the website of the controller of the newsletter or to communicate this to the controller in other ways.

Newsletter-Tracking

The medi newsletter contains so-called Web beacons. A web beacons is a miniature graphic that is embedded in such e-mails, which are sent in HTML format in order to enable a log file recording and a log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded counting pixel, medi can detect if and when an e-mail was opened by an affected person and which links in the e-mail were accessed by the data subject.

Such personal data collected via the Web beacons in the newsletters are stored and evaluated by the Controller for the newsletter to optimise the content of future newsletters and even better the Interests of the person concerned. This personal data will not be passed on to third parties. Persons concerned are entitled at any time to revoke the separate declaration of consent given by the double opt-in procedure. After revocation, this personal data will be deleted by the controller. A withdrawal from receipt of the newsletter indicates medi automatically as a revocation.

Plugins and tools

Trusted Shops Trustbadge

Following an order, the Trusted Shops Trustbadge is incorporated into this web page in order to display our Trusted Shops trustmark for buyers and the eventually collected reviews, as well as the Trusted Shops product offer.

In balancing the various interests, this serves to safeguard our legitimate prevailing interests in an optimised marketing of our offer. The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.

Whenever a Trustbadge is called up, the web server automatically stores a so-called server log file which contains, for example, your IP address, the date and time of retrieval, the data volume transferred and the requesting provider (access data), and documents the retrieval. This access data will not be evaluated and will be automatically overwritten seven days after your visit to the page.

Other personal information will only be transferred to Trusted Shops if you decide, after completing an order, to use Trusted Shops products or have already registered for their use. In this case, the contractual agreement between you and Trusted Shops applies.

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Payment service providers

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg. If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Computop

For the technical control of payment transactions (e. g. credit card payments), we authorise Computop GmbH, Schwarzenbergstraße 4, 96050 Bamberg, GERMANY (www.computop.com/) based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Changes to our Privacy policy

We reserve the right to change our security and data protection measures to the extent necessary for technical development. In these cases, we will also adjust our privacy notices accordingly. Please note the current version of our Privacy policy.