PRIVACY POLICY

DATA PROCESSING ON OUR WEBSITE

In the following, we inform you about the collection of personal data when using our website. Personal data refers to all data that can be related to you personally, e.g., name, address, e-mail addresses, and user behavior.

The responsible person according to Art. 4 (7) EU General Data Protection Regulation (“GDPR”) is OptiMedis AG, Burchardstraße 17, 20095 Hamburg, Germany, office@optimedis.de (see our imprint). You can reach our data protection officer Dr. Volker Wodianka at kontakt@privacy-legal.de or our postal address with the addition “the data protection officer”.

With each call-up of a page and with each retrieval of a file from our internet offer, we automatically collect and store in our server log files information that your browser transmits to us, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. These are:

• date and time of the enquiry,
• IP address,
• browser,
• operating system and its interface,
• referrer URL (the page previously visited),
• page accessed or name of the file accessed,
• report whether the access or retrieval was successful and the
• volume of data transferred.

We are not able to assign this data to specific persons. We do not combine this data with other data sources and the data is deleted after statistical evaluation.

YOUR RIGHTS

You have the following rights towards us with regards to your personal data:

• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to refusal of processing,
• Right to data portability.

You also have the right to lodge a complaint about our processing of your personal data with a data protection authority.

REVOCATION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF YOUR DATA

If you have agreed to the processing of your data, you can revoke this at any time. After you have pronounced it to us, the revocation influences the permissibility of processing your personal data.

If we base the processing of your personal information on consideration of interests, you can revoke your consent to processing. This is the case, in particular, if processing is not necessary for fulfilment of a contract with you, which is always outlined by us in the subsequent description of the functions. When exercising the right of revocation, we ask you to cite the reasons why we should not process your personal information as we have previously done. In the case of a justified revocation, we will examine the situation and either stop or adjust the data processing or convey to you our protection-worthy and necessary reasons for continuing the processing.

Of course, you can revoke consent to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your advertising revocation at the following contact points: office@optimedis.de.

E-MAIL ADDRESSES AND POSTAL ADDRESSES

When you contact us by e-mail or via contact form, the data you provide (your e-mail address, your name, and your telephone number, if applicable, as well as the content of your message) will be stored by us in order to answer your questions. Your data will be processed in the context of pre-contractual measures or based on your express consent in accordance with Art. 6 para.1 p.1 lit. a) and b) GDPR. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

SWEEPSTAKE

If you participate in a sweepstake or competition survey, we will need your name and email address. In case of a win, we will contact you and ask for your address to send you the prize. For our competitions, we work together with providers such as LamaPoll. Your data will not be passed on to third parties. You can cancel your participation at any time by sending us an e-mail to office@optimedis.de. The legal basis for this is Art. 6 para. 1 it. b GDPR.

If our service providers or partners are based in a country outside the European Union (EU) or the European Economic Area (EEA), we will inform you about the consequences of this circumstance at the appropriate place in this data protection declaration.

COOKIES

The website uses so-called cookies in several places. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. There are technically necessary and optional cookies. Among other things, the cookies enable the recognition of the internet browser. Most of the cookies we use are so-called “session cookies”.

COOKIEBOT BY USERCENTRICS CONSENT MANAGER

We use the Consent Management Platform (CMP) of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. The tool allows you to conveniently manage your consent to the setting of technically unnecessary cookies and to make changes in this regard – such as revocations of consent given or contradictions – via the tool.

Furthermore, you can obtain the information required under Article 13 of the German Data Protection Regulation (GDPR) on the processing of your personal data by the Usercentrics CMP and by technically unnecessary cookies from the tool.

You can access the settings of our CMP by clicking on the fingerprint icon in the lower left half of the website.

MATOMO

On this website, data is collected and stored using the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6 (1) lit. f GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose.

NEWSLETTER

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter.

We use the so-called double opt-in procedure to ensure that the newsletter is sent with your consent. In the course of this, the potential recipient allows himself to be added to a distribution list. Subsequently, the user is given the opportunity to confirm the registration in a legally secure manner by means of a confirmation e-mail. Only if the confirmation is received will the address be actively included in the distribution list. We use this data exclusively for sending the requested information and offers.

Sendinblue GmbH is used as the newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider, which has been selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

Further information can be found here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go.

You can revoke the consent given, Art. 6 para. 1 lit. a GDPR, for the storage of the data, the email address as well as their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

EVENTS

You can register for events such as workshops, conferences, hackathons or others via our website. We collect the necessary registration data, such as email address, first and last name, your profession and other relevant data.

The personal data you provide will be stored and collected for the purpose of sending event invitations and organising events. Submission of your data serves as your consent to the storing and processing of this data for the above-mentioned purposes. In addition, pictures and video recordings will be taken, however only with your consent.

Those who organize the event have access to the data. Lists of participants may be made available at events. These lists of participants are not published elsewhere and can be viewed only by the participants of the respective event. They list the participants’ surnames and first names as well as the institution/company with which they are affiliated.

Data you have provided upon registering for an event will be deleted as soon as it is no longer required for the purpose of its processing and there are no longer any legally applicable retention periods.

Photo material is stored in an image archive. Your personal data will be stored until your consent is revoked or you object to processing.

USE OF SOCIAL-MEDIA LINKS

This website uses so-called “social plug-ins” of the social networks Xing, LinkedIn and Twitter, which are operated by

• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
• Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

The website uses the so-called two-click solution. This means that when you visit our website, no personal data is passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in the section “Data processing on our website” is transmitted.

We would like to inform you that there is currently no adequate level of protection for data transfers to the USA. Therefore, we cannot currently guarantee that the US plug-in providers can guarantee an equivalent level of data protection as we do when processing your data. If you nevertheless wish to communicate with the plug-in provider via the respective button, this therefore also includes the processing of your data in the USA in accordance with the provisions applicable there. Further information on the terms of use and data protection of the respective plug-in providers can be found below.

We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

As far as we are aware, the plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. a GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plug-in provider.

For further information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

LINKS

We use links to content on websites of other website operators.

We have no influence on the data collected there or the data processing procedures, nor do we know the entire scope of the data collection, the purpose of the processing or the retention periods. We also have no information about the deletion of the collected data by the linked provider. In this respect, we are not responsible under data protection law for the data processing on the linked website.

Further information on the purpose and scope of data collection and processing by the website operator can be found in the following data protection statements. There you will also find further information on your rights in this regard and the settings options for protecting your privacy.

APPLICATION DOCUMENTS

You can send us application documents by e-mail or post.

Your data required for contacting you and for the application process will be stored for the purpose of carrying out an application procedure in compliance with the statutory provisions. The legal basis for this is Art. 6 para. 1 lit. b) GDPR and § 26 para. 1 in conjunction with. Para. 8 p. 2 BDSG (implementation of pre-contractual measures).

The following data may be processed by us in the application process:

• Master data (title, first name, surname, date of birth if applicable)
• Contact details (address, telephone or mobile number, private e-mail-address)
• Application data (e.g. profile picture as well as other documents such as CV, cover letter, overall application, certificates)

In the event of employment, the data will be transferred to the personnel file. Information on the storage period can be found in the information on the processing of personal data of our employees.

If an application for a specific vacancy is unsuccessful, your data will be stored for evidentiary purposes for up to 6 months after the end of the application process for the purpose of asserting, exercising or defending legal claims.

With your consent, we will gladly include your application in our applicant pool until revoked. We store unsolicited applications for the search for a suitable position for you until revoked.

The provision of the data is not required by law or contract. You are not obliged to provide the data. However, if you do not provide the data, it will not be possible to carry out an application procedure and, if applicable, recruitment.

DATA PROCESSING FOR OUR INTERNAL COLLABORATION SOFTWARE eCOMMUNITY

We use the software Confluence of processor Atlassian in accordance with Art. 6 para. 1 lit. a GDPR to provide a collaboration software that is for members of HPH only. This internal collaboration software can be accessed by invitation only if you are a member of HPH. The processor of Confluence, Atlassian, uses your personal data (required: e-mail address, IP address, local storage object information, device information, browser information, optional: data such as name, photo) for the following purposes:

• Providing services to access the software
• Providing services to use the software
• The processor’s legitimate business purposes

You can find more information on the Privacy Policy, Data Processing Addendum and Atlassian Trust Center. 

QUESTIONS ON DATA PROTECTION

If you have a question about data protection and the processing of your personal data on our website, please contact our data protection officer:

Dr. Volker Wodianka LL.M.
CEO, certified data protection officer (CIPP/E, GDDcert.)

Wodianka privacy legal GmbH
Dockenhudener Str. 12a, 22587 Hamburg
Phone: +49 40 2110786-0
E-Mail: kontakt@privacy-legal.de

The data protection measures are always subject to technical updates. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection declaration.