Data Privacy Statement

Section 1 Information about the collection of personal data

(1) Below, please find the information about the collection of personal data during the use of our website. Personal data is all data that is personally available to you, e.g. name, address, e-mail addresses, user behaviour.

(2) Responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is medisana GmbH, Carl-Schurz-Straße 2, 41460 Neuss, info@medisana.com, www.medisana.de (see our legal notice). Our Data Protection Officer can be reached at datenschutz.ne@medisana.com or our postal address with the addition "Der Datenschutzbeauftragte".

(3) When you contact us by e-mail or through a contact form, the information you provide (your e-mail address as well as your name and telephone number, if applicable) will be stored by us so that we can answer your questions. We either delete the data that arises in this context after the storage is no longer required or limit the processing of this data if statutory retention requirements apply in this regard.

(4) If we rely on commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we will also inform you of the specified criteria for the duration of storage.

Section 2 Your rights

(1) With respect to your personal data, you have the following rights in your relationship with us:

- the right to information,

- the right to rectification or deletion,

- the right to restriction of the processing,

- the right to object to the processing,

- the right to data portability.

(2) You also have the right to complain to a data protection supervisory authority regarding our processing of your personal data.

Section 3 Collection of personal data when visiting our website

(1) In the case of merely informative use of the website (i.e. if you do not register or otherwise do not provide us with information), we will only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data which is technically necessary for us to display our website as well as to ensure stability and security (the respective legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

– IP address

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific webpage)

– Access status/HTTP status code

– Respectively transmitted amount of data

– Website, von der die Anforderung kommt

– Browser

– Operating system and its interface

– Language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here through us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and overall effective.

(3) Use of cookies:

a) This website uses the following types of cookies, the scope and operation of which are explained below:

– Transient cookies (see b)

– Persistent cookies (c).

b) Transient cookies are automatically deleted when you close the browser. These particularly include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser setting according to your wishes and, for example, decline the acceptance of third-party cookies or all cookies. Please be aware that if you do so, you may not be able to use all the features of this website.

e) If you have an account with us, we use cookies in order to be able to identify you for follow-up visits. Otherwise, you would have to log in again for each visit.

f) The Flash cookies that are used are not detected by your browser, but rather by your Flash plug-in. Furthermore, we use HTML5 storage objects which are stored on your end device. These objects store the required data regardless of your utilised browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you have to install an add-on, such as "Clear Flash Cookies" for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/?src=search) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.

Section 4 Other functions and offers on our website

(1) In addition to the purely informative use of our website, we offer various services that you can use if you are interested. To do this, you will generally need to enter other personal information that we use to provide the service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These external service providers have been carefully selected and commissioned by us, are bound by our instructions and are subject to regular reviews.

(3) Furthermore, we may disclose your personal data to third parties if we offer campaign participations, competitions, contract conclusions or similar services together with our partners. You can find more information in this regard by stating your personal data or looking below in the description of the offer.

(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

Section 5 Use of our webshop

(1) If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information necessary for the execution of the contracts is marked separately; any further details are voluntary. The data that you provide is processed by us so as to execute your order. For this purpose, we can pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

You can voluntarily create a customer account, through which we can save your data for later purchases. If you create an account under "My Account", the data you provide will be saved such that the data is revocable. You can always delete any other data, including your user account, in the customer area.]

We can also process the information you provide so as to inform you about other interesting products from our portfolio or to send you e-mails that include technical information.

(2) We are required by commercial and tax regulations to save your address, payment and order data for a period of ten years. However, we limit the processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) In order to prevent unauthorised access by third parties to your personal data, particularly to financial data, the ordering process is encrypted using TLS technology.

Section 6 Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the admissibility of the processing of your personal data after you have given it to us.

(2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is particularly the case if the processing is not required to fulfil a contract with you, which we describe respectively in the following description of the functions. In the event of such an objection, we ask that you please explain the reasons why we should no longer process your personal data as we had previously been doing. In the event of your substantiated objection, we will review the facts and will either discontinue/adapt the data processing or show you our compelling legitimate reasons why we will continue to process it.

(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising under the following contact data: medisana GmbH, Carl-Schurz-Straße 2, 41460 Neuss, info@medisana.com, Telephone: +49 (0) 2131 / 36 68 0, Fax: +49 (0) 2131 / 36 68 50 95.

Section 7 Newsletter

(1) With your consent, you can subscribe to our newsletter, by means of which we will inform you about our current interesting offers. The advertised goods and services are identified in the declaration of consent.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send to the e-mail address you have specified an e-mail in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your IP addresses and times of registration and confirmation. The purpose of the procedure is to verify your registration and, if necessary, to be able to clarify any possible misuse of your personal data.

(3) The only information needed for the sending of the newsletter is your e-mail address. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The respective legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can declare the revocation by clicking on the link provided in each newsletter e-mail, via a form on the website or by sending an e-mail to m-news@medisana.com.

(5) Please note that upon sending the newsletter, we evaluate your user behaviour. For this evaluation, the e-mails which are sent include so-called web beacons or tracking pixels that represent one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in Section 3 and the web beacons with your e-mail address and an individual ID. Links included in the newsletter also contain this ID.

With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters and which links you click on, and from this information we derive your personal interests. We link this data with actions that you perform on our website.

You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us thereof via another means of contact. The information will be stored as long as you continue to subscribe to the newsletter. After you log out, we store the data in purely statistical and anonymous form.

Section 8 Use of Google Analytics for web analysis

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie regarding your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports concerning website activity as well as to provide other services related to website activity and Internet usage to the website operator.

(2) The IP address sent by your browser as part of Google Analytics will not be merged with any other data provided by Google.

(3) You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in which is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in shortened form, and any relationship to any individual can therefore be excluded. If the data collected about you has a personal reference, it will be immediately excluded and the personal data will be deleted immediately.

(5) We use Google Analytics in order to be able to analyse and regularly improve the use of our website. With the statistics gained in this manner, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

Rechtsgrundlage für die Nutzung von Google Analytics ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO.

(6) Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of the Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Privacy Statement: http://www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for cross-device analysis of visitor traffic conducted via a user ID. You can disable the cross-device analysis of your usage by going to your customer account under "My Data," "Personal Information."

Section 9 Social media and YouTube

1. Use of social media plug-ins.

(1) We are currently using the following social media plug-ins: Facebook, Instagram. We use the so-called two-click solution. In other words, when you visit our website, no personal data is initially transferred to the providers of the plug-ins. You can identify the provider of a plug-in by the marking on the box above its initial letter or logo. We provide you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under Section 3 of this Data Privacy Statement will be transmitted. In the case of Facebook, the IP address is anonymised immediately after collection according to the respective providers in Germany. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (for US providers, in the USA). Since the plug-in provider collects information particularly through cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box.

(2) We do not have any influence on the collected data or data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing or the retention periods. We also do not have any information about the deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses this information for the purposes of advertising, market research and/or the demand-driven design its website. Such an evaluation is performed in particular (including for users who are not logged in) for the presentation of demand-driven advertising as well as to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles by contacting the respective plug-in provider. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) The data transfer takes place regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged into the plug-in provider, your data which is collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, if you link the webpage, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, and particularly before activating the button, since this will prevent you from being associated with your profile by the plug-in provider.

(5) Further information about the purpose and extent of the data collection and its processing by the plug-in provider is described in the data privacy statements of these providers. There, you will also find further information about your rights and settings options for the protection of your privacy.

(6) Addresses of the respective plug-in providers and URL with their privacy notices:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for more information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Facebook is subjected to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

b) Instagram LLC., 1601 Willow Road, Menlo Park, California 94025, USA;
https://help.instagram.com/155833707900388/

2. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. These are all integrated in the "extended privacy mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos is the data mentioned in paragraph 2 transmitted. We do not have any control over this data transfer.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under Section 3 of this Data Privacy Statement will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged into or whether there is no user account. When you are logged into Google, your data will be assigned directly to your account. If you do not want this assignment to your profile on YouTube to occur, you have to log out before activating the button. YouTube stores your data as usage profiles and uses the data for the purposes of advertising, market research and/or demand-driven design of its website. Such an evaluation is particularly performed (even for users who are not logged in) to provide appropriate advertising as well as to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles by contacting YouTube.

(3) For more information about the purpose and scope of your data collection and processing by YouTube, please refer to the Data Privacy Statement. From there, you will also receive more information about your rights and privacy settings: https://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the USA and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Section 10 Other services

Other services that we use are:

1. Google reCaptcha

For security purposes, this site uses reCaptcha, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This service determines whether the input in an Internet form is made by a human or abusively by automated, machine processing. Your previously shortened IP address and any other data required for the service will be transmitted to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the data transmitted by your browser as part of reCaptcha will not be merged with other Google data. You can find more information about Google's privacy policy at www.google.com/intl/en/policies/privacy/.