Privacy Policy

 

The protection of your personal data is important to us, which is why we would like to provide you with information about contact options and the data we process as simply and as accurately as possible.

First of all, you will receive information about the contact options for our data protection officer as well as the possibility of encrypted contact. We will then introduce the legal and technical terms that will be used in the further course. You will then receive an overview of the rights of the data subject. You will then find out the details of the person responsible. Finally, the technologies and services used as well as our handling and legality are discussed.

 

1 Contact the Data Protection Officer

If you have any questions or would like information, you can contact our external data protection officer at any time, the contact details are:

Oliver Offenburger, M.Sc.

Email: dataprotection@pajunk.com


eye-i4 GmbH
Abteilung Datenschutz
Mönchweilerstraße 12
78048 Villingen-Schwenningen
Phone: 07721 69724 00
Fax: 07721 69724 01
Web: https://eye-i4.de

Our preferred way to contact us is by e-mail. You are also welcome to contact the data protection officer by post or telephone. If you wish to encrypt your e-mail to our data protection officer, we recommend that you read the following section.

Notes on enquiries:

If you send an e-mail request within regular business hours, we will confirm receipt of the message on the same day. If you do not receive a confirmation, please contact us by phone.
If you send a request by post, we will send you the confirmation of receipt on the same day of delivery, but no later than one day after delivery. If you do not receive a confirmation, please contact us by phone.
For a telephone enquiry, we ask you to use the telephone number of our data protection partner, eye-i4 GmbH.

 
1.1 Encryption of e-mails to our data protection officer

We are proponents of encrypted transmission by e-mail. Therefore, in order to maintain confidentiality and integrity, we offer you to encrypt your requests to the Data Protection Officer.

We use PGP for encryption. You can find information about free use and how to set it up on the website of our data protection partner, see the following link:

Link

You can download our PGP key via the link below:

Link

If you would like to have your fingerprint verified, please contact our data protection partner, eye-i4 GmbH, by phone.

If you have any further questions about encryption, please contact our data protection officer.

 

2 Terms in the legal context

Before we go into legal matters in the further course, we would first like to introduce the associated terms:

2.1 EU GDPR (also called GDPR)

The term EU GDPR (hereinafter also referred to as "GDPR") refers to the General Data Protection Regulation. It is a basic regulation of the European Union that regulates how personal data may be processed. For information, the legal text of the GDPR can be consulted via the following link:

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

2.2 Person in charge

"controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or the law of the Member States.

2.3 Personal data and data subject

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.4 Processing

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; restriction, deletion or destruction.

2.5 Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of restricting their future processing.

2.6 Processor

"Processor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.

2.7 Receiver

The "recipient" means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law shall not be considered as recipients; the processing of these data by the aforementioned authorities will be carried out in accordance with the applicable data protection regulations, in accordance with the purposes of the processing.

2.8 Third

"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

2.9 Consent

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative action, by which the data subject indicates that he or she consents to the processing of personal data concerning him/her.

2.10 Personal Data Breach

"Personal data breach" means a breach of security resulting in the destruction, loss or alteration, whether accidental or unlawful, or the unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

2.11 Health

'health data' means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about his or her state of health.

2.12 Enterprise

'undertaking' means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations that regularly carry out an economic activity.

2.13 Supervisory authority

The 'supervisory authority' means an independent government body established by a Member State in accordance with Article 51.

2.14 Authoritative and well-founded objection

'Relevant and reasoned objection' means an objection as to whether or not there has been an infringement of this Regulation or whether the proposed action against the controller or processor is in accordance with this Regulation, which clearly indicates the scope of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where appropriate, to the free movement of personal data in the Union.

 

3 Terms in a technical context

Before we go into technical matters in the further course, we would first like to introduce the associated terms:

3.1 File system

The "file system" is any structured collection of personal data that is accessible according to certain criteria, regardless of whether such collection is centralised, decentralised or organised according to functional or geographical criteria.

3.2 Cookies

Cookies are text files that are stored on your device by a website using your browser. These text files can be used to implement technical issues such as a shopping cart mechanism or to identify your visitor behavior. For this purpose, the text files may be provided with identification features and additional information.

You have the option of preventing the storage of cookies in the browser of your device. If cookies are disabled, there may be technical limitations in the use of the website.

3.3 Server logs

Server logs are log files that are created by the web server and document access to a website. A variety of information can be collected in a log entry, e.g. the access time, browser type, the visitor's IP address, etc.

3.4 Referrer

The referrer refers to the website through which you reached the Controller's website. In the case of server logs, e.g. the referrer can be read.

 

4 Rights of the data subject

The rights of the data subjects arise from the GDPR as well as from the respective national legal provisions on data protection. If you wish to assert your rights, please contact our data protection officer using the option described above. In the following, we would like to draw your attention to your rights under the GDPR, in particular Chapter 3:

4.1 Duty to provide information

The data subject has the right to obtain information about the personal data held by the data subject if the data collection took place at the data subject's premises or if the data were not collected from the data subject. This is regulated in Chapter 3 Art. 13 and 14 GDPR.

4.2 Right

The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her is being processed; if this is the case, he/she has the right to access this personal data and to receive further information in accordance with Art. 15 GDPR.

4.3 Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her.

Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4.4 Right to erasure

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay, provided that one of the grounds set out in Art. 17 GDPR applies.

4.5 Right to restriction of processing

The data subject has the right to obtain from the controller the restriction of processing if one of the conditions of Art. 18 GDPR is met.

4.6 Obligation to notify

The Controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, Art. 17 para. 1 and Art. 18 GDPR, unless this proves impossible or involves disproportionate effort.

The Controller shall inform the Data Subject of such recipients if the Data Subject so requests.

4.7 Right to data portability

The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided.

4.8 Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f); this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

4.9 Complaint to the supervisory authority

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or the registered office of the controller.

Our competent supervisory authority is:

State Commissioner for Data Protection and Freedom of Information, Stuttgart

 

5 Details of the controller

The controller pursuant to Art. 24 GDPR is listed below:

PAJUNK® GmbH Medizintechnologie
Karl-Hall-Strasse 1
78187 Geisingen

Further information about the person responsible can be found in the imprint

 

6 Web technologies used

6.1 Encryption of data transmission

We use SSL (Secure Socket Layer) to encrypt the transmission and request of data to our website. To do this, we use a 128-bit key with SHA256 hash.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

6.2 Server logs

If you use the website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • Anonymized IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status/HTTP status code,
  • amount of data transferred in each case,
  • Website from which the request comes (referrer),
  • Browser
  • operating system and its interface,
  • Language and version of the browser software.

6.3 Cookies

When you use our website, cookies are stored on your computer. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies,
  • Persistent cookies.

6.3.1 Transient cookies

Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

6.3.2 Persistent cookies

Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

6.4 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.

You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in an abbreviated manner, so that personal reference can be excluded. Insofar as the data collected about you has a personal reference, this will be excluded immediately and the personal data will therefore be deleted immediately.

We use Google Analytics to analyse the use of our website and to improve it on a regular basis. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/de.html, Privacy Overview: www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: www.google.de/intl/de/policies/privacy.

You can prevent the use of Google Analytics by activating the opt-out:

Link

6.5 Youtube

We have integrated YouTube videos into our online offering, which are stored on https://www.youtube.com and can be played directly from our website.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in § 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

7 Other online presences

In addition to our website, we use other online presences and digital channels such as social media to get in touch with our prospects and customers. We list these below.

7.1 Facebook

We use Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as well as its functionality for social media pages and groups to present the company and communicate with various interested parties. In the case of Facebook, there is a joint responsibility between Facebook and us. Information on this can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

We would like to point out that data subject rights can be asserted directly against Facebook. Only Facebook holds the direct data of the users and can make a full statement about this.

Please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Information about fan pages can be found specifically at this link: https://www.facebook.com/legal/terms/information_about_page_insights_data.

To opt-out, please use the following link: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

Facebook has submitted to the EU-US Privacy Shield. For more information, please refer to this link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

7.2 Instagram

We use Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) to present our company and to interact with interested parties and customers. The company's privacy policy and the option to opt-out can be found at: http://instagram.com/about/legal/privacy/.

7.3 Xing

We use Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) to establish contacts and to present the company. The privacy policy and the option to opt-out can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

7.4 LinkedIn

We use LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to present our company. LinkedIn's privacy policy can be accessed at the following link: https://www.linkedin.com/legal/privacy-policy.

7.5 X Corp.

We use the X service (X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) as a means of communication. Further information on data protection can be found at the following link: https://twitter.com/de/privacy.

The opt-out can be done on this page: https://help.twitter.com/en/personalization-data-settings.

 

8 Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers.

To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and later deleted. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of additional, separately marked data is voluntary and will be used in order to be able to address you personally. After your confirmation, we will store your data for the purpose of sending you the newsletter and addressing you for advertising purposes. The legal basis for this is Art. 6 (1) (a) GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, [via this form on the website,] by sending an e-mail to [Newsletter@example.com] or by sending a message to the contact details given in the imprint.

We would like to point out that when the newsletter is sent, we may not be able to. Evaluate your user behavior. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID.

Links in the newsletter also contain this ID. We use the data obtained in this way to improve the service. We may link this information to actions you take on our website.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us of another contact channel. In addition, such tracking is not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in its entirety and you may not be able to use all its features.

Your information will be stored for as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

8.1 Shipping service CleverReach

To send our newsletter, we use the services of the provider CleverReach (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede). Information on the provider's data protection can be found at the following link: www.cleverreach.com/de/datenschutz/.

 

9 Contact

We use contact forms on our website. The processing of the data is carried out on the basis of the fulfilment of the contract in accordance with Art. 6 (1) (b) GDPR. If your enquiry is not related to an assignment on our part, we may also process your data on the basis of legitimate interest in accordance with Art. 6 (1) (f) GDPR.

 

10 Duration of storage

Unless specifically specified, we store personal data for as long as it is necessary to fulfil the purposes pursued. If the legislator prescribes retention periods, the data will continue to be stored by us for proof, but will not be processed in any other way and will be deleted after the expiry of the statutory retention period.

 

11 Disclosure to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

  • pursuant to Art. 6 para. 1 sentence 1. have given their explicit consent to do so;
  • the disclosure is necessary in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data;
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
  • this is legally permissible and necessary in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.