Data Protection Declaration according to the European General Data Protection Regulation - GDPR

I.   Name and Address of the Controller

RCN Medizin- und Rehatechnik GmbH
Nelkenstraße 16
41466 Neuss
Germany
Tel.: 06761 – 91 97 - 0

E-Mail: info@rcn-medizin.de

Website: www.rcn-medizin.de


II.   Name and Address of Data Protection Officer


Dirk Haase
Hauptstraße 4
55471 Sargenroth
Germany
Tel.: 06761 – 91 97 - 25

E-Mail: datenschutz@rcn-medizin.de

Website: www.rcn-medizin.de


III.   General Information on Data Processing

 1.  Scope of data processing


RCN Medizin und Rehatechnik GmbH process your personal data only to ensure a functional website and to offer our products and services. We are the sole owners of the information collected on this website. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. An exception applies to cases in which prior consent is not possible for reasons of fact or the processing of the data is permitted by law.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our company, other than as necessary to fulfill your request, e.g. to ship an order or forward foreign inquires to our distributors there. We will not sell or rent this information to anyone.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

 2.  Legal basis for data processing

Legal basis for processing the personal data from the user is given consent Art. 6 Abs. 1 lit. a or conclusion of a contract Art. 6 Abs. 1 lit. b GDPR. This also applies to processing operations required to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 Abs. 1 lit. f GDPR as legal basis for processing.

 3.  Data erasure and storage duration


The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. If the personal data are no longer needed for the purpose for which they were collected, we will delete this data, with the exception of such data, which we must save according to contractual or statutory (e.g. tax and commercial -RCN) retention periods, including the German Commercial Code (HGB) and the German Tax Ordinance (AO), which stipulate retention periods of 6 to 10 years. In addition, storage may be necessary to comply with European regulations, laws or other regulations, to which the controller is subject to.

A blocking or deletion of the data does not take place, even if a storage period prescribed by the said standards expires, if a need for further storage of the data e.g. traceability of medical devices, exists.


IV.   Provision of the website and creation of log files

 1.  Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer, such as:

1. information about the browser type and version used
2. the user's operating system
3. internet service provider of the user
4. the IP address of the user
5. date and time of access

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

 2.  Legal basis for data processing

Legal basis for the temporary storage of data and log files is the legitimate interests pursued by the controller or by a third party, Art. 6 Abs. 1 lit. f DSGVO.

 3.  Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

 4.  Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, the data will be deleted after the session is completed. In the case of storing the data in log files, this is the case, after seven days at the latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

 5.  Right to object


The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.


V.   Cookies

 1.  Description and scope of data processing


We use cookies on this website to make it more user-friendly. A cookie is a piece of data stored on the visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, a cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. Some elements of our website require that the calling browser can be identified even after a page break. Cookies store and transmit e.g. log-in-information. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site.

 2.  Legal basis for data processing


Legal basis for processing personal data using cookies is Art. 6 Abs. 1 lit. f GDPR - legitimate interests pursued by the controller.

 3.  Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

The user data collected by technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 Abs. 1 lit. f DSGVO.

 4.  Duration of storage, right to object

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

The transmission of Flash cookies cannot be prevented by the settings of the browser, but by changing the settings of the Flash Player.


VI.   Contact-Form, E-Mail Contact and Call-Back-Service

 1.  Description and scope of data processing

Our website offers different means of contact, most of them can be used for electronic contact. If a user decides to use electronic contact, the data entered in the respective input mask will be sent to us and stored. Mandatory data* are:

- Title, name and last name *
- E-mail address and telephone number *
- Name of company/organization
- Street and number, zip code, city and country *

At the time of sending a message, the IP address of the user and the date and time are also stored.

Alternatively, you may also contact us using the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

Additional and voluntarily personal data transmitted from the input mask, are also used for telephone and postal contact as well as for marketing measures. There will be also a disclosure of the data to independent trade representatives and in the case of inquiries from abroad, if necessary, to RCN trade partners there (third parties).

 2.  Legal basis for data processing

Legal basis for processing the personal data from the user is given consent Art. 6 Abs. 1 lit. a or legitimate interests by the controller Art. 6 Abs.1 lit. f or conclusion of a contract Art. 6 Abs. 1 lit. b GDPR. Reference to this privacy statement has to be acknowledged by the user.

 3.  Purpose of data processing

The processing of personal data from the respective input masks is used to process the conversation. Additional and voluntarily personal data transmitted from the input mask, are also used for telephone and postal contact as well as for marketing measures.

The other personal data processed during the sending process, serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 4.  Duration of storage

Generally, we retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected.

 5.  Right to object

You can revoke your consent to the processing of your personal data at any time, by contacting our data protection officer at datenschutz@rcn-medizin.de and ask to erase your personal data. In such a case, the conversation cannot continue.


VII.   Newsletter subscriptions

 1.  Description and scope of data processing


If you decide to receive the free newsletter offered on this website from time to time, we need you to send us your e-mail address and proof that you are the owner of the address as well*. Other data will not be collected and the information will exclusively be used to send you the newsletter.

- Title, name and last name*
- E-mail address*
- Name of company/organization
- Street and number, zip code, city and country

At the time of sending the message, the IP address of the user and the date and time are also stored.

For processing your data, your consent will be given during the double-opt-in registration process and reference to this privacy statement is made. In connection with the processing of your data for sending our newsletter, there will be also a disclosure of the data to independent trade representatives (third parties).

 2.  Legal basis for data processing

Legal basis for the processing of the data after registration for the newsletter by the user is in the presence of the consent of the user Art. 6 Abs. lit. a GDPR. The legal basis for the dispatch of the newsletter, as a result of sale of goods or services, is § 7 Abs. 3 UWG.

 3.  Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used. Additional and voluntarily personal data transmitted from the input mask are also used for telephone and postal contact as well as for marketing measures.

 4.  Duration of storage

Generally, we retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected, e.g. the e-mail address of the user as long as the subscription to the newsletter is active.

 5.  Right to object

You can withdraw your consent at any time, by using the link: “STOP NEWSLETTER” in every newsletter or by contacting our data protection officer at datenschutz@rcn-medizin.de


VIII.   Your Rights

 1.  Right to information - Right of access by the data subject

Each data subject shall have the right granted to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact the data protection officer of the controller.

The European directives and regulations grant the data subject access to the following information:

(1) the purposes of the processing;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, and information on that system.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

 2.  Right to rectification


The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 3.  Right of restriction of processing


Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

(1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

(4) the data subject has objected to processing pursuant to Art. 21 Abs. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by RCN GmbH, he or she may at any time contact the data protection officer of the controller. The data protection officer of RCN will arrange the restriction of the processing.

Restriction will be lifted only with prior notification of the data subject. In certain cases, processing of restricted personal data – next to storing – is allowed, if e.g. public interest overrides.

 4.  Right to erasure (Right to be forgotten)

Each data subject shall have the right to obtain from the controller the erasure of personal data without undue delay, and the controller shall have the obligation to erase personal data without undue delay.

(1) your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(2) you revoke your consent Art. 6 Abs. 1 lit. a or Art. 9 Abs 2 lit. a GDPR to the processing and there is no other legal basis for processing;

(3) you object to the processing Art. 21 Abs. 1 GDPR and there are no prior justifiable grounds for processing. You object to the processing Art. 21 Abs 2 GDPR;

(4) your personal data has been processed unlawfully;

(5) the deletion of your personal data is required to fulfill a legal obligation under Union law or the law of the Member States, to which the controller is subject;

(6) your personal data were collected in relation for the services of the information society Art. 8 Abs. 1 GDPR;

Where the controller has made the personal data public and is obliged pursuant to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Above rights shall not apply to the extent that processing is necessary under certain circumstances e.g. legal obligations and public interest.

 5.  Right of notification

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, 17 Abs. 1 und Art. 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

 6.  Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Art. 20 Abs. 1 ff. GDPR.

He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Art. 6 Abs. 1 or point (a) of Art. 9 Abs. 2 GDPR, or on a contract pursuant to point (b) of Art. 6 Abs. 1 GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Art. 20 Abs.1 GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact the data protection officer of RCN GmbH.

 7.  Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Art. 6 Abs. 1 GDPR. This also applies to profiling based on these provisions.

RCN shall no longer process the personal data in the event of the objection, unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If RCN processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent, that it is related to such direct marketing. If the data subject objects to RCN to the processing for direct marketing purposes, RCN will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by RCN for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 Abs. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact the data protection officer. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

Automated individual decision-making, including profiling, will not be used by RCN.

 8.  Right to withdraw data protection consent


If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore please contact the data protection officer of RCN at datenschutz@rcn-medizin.de

 9.  Right to complain - supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority - Art. 77 GDPR, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a legal remedy Art. 78 GDPR.

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Tel.: 0049 - 211/38424-0
Fax: 0049 - 211/38424-10
E-Mail: poststelle@ldi.nrw.de


This privacy statement/data protection declaration is currently valid and has the status of May 2019.

Print