Skip to main content Skip to search Skip to main navigation

Data protection information

In accordance with the requirements of the General Data Protection Regulation (GDPR), we inform you here about the processing of your personal data and about your rights when using our website.

I. The controller for data processing within the meaning of Art. 4 No. 7 GDPR is

1. Responsible body:

medisana GmbH
Carl-Schurz-Straße 2
41460 Neuss

Phone: +49 (0) 2131 / 36 68 0

E-Mail: info@medisana.com

Managing Director:
Mr. Thomas Teckentrup
Mrs. Shumei Chen

2. Data Protection Officer

If you have any questions about data protection, please contact us.

Mr. Stefan Kleinermann
Kleinermann & Sohn GmbH
Max-Planck-Str. 9
52499 Baesweiler

Tel.: (02401) 6054-0 E-Mail: dsb@das-datenschutz-team.de

II. Scope and purpose of data processing

1. Access to our website

When our website is accessed, personal data about access to our web server is automatically collected and processed (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. We store the log file information for security reasons (e.g. to detect attacks on our website or to clarify acts of abuse or fraud) and to diagnose errors.

The legal basis for the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR and lies in ensuring IT security and guaranteeing the provision of our website.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is usually the case within 7 days. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

The recipients of the personal data are our hosting provider / external service providers for technical support as part of order processing, as well as internal departments as part of the provision of our website.

2. Collection and processing of personal data

If you purchase products or services via our website or have other questions / inquiries about products, services or our company, it is necessary to process your personal data. If there is no legal basis for the processing of personal data, we will obtain your consent for this. This will be indicated in the appropriate places. The legal basis for processing operations for which we obtain your consent for processing purposes is Art. 6 para. 1 lit. a GDPR. If the processing of personal data is necessary for the performance of a contract or the initiation of a contract (e.g. when purchasing our products), the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. We store and use the personal data you provide, such as your name, address, email address and telephone number, for the purpose of providing our services and communicating with you individually in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal basis for the processing of data transmitted in the course of an e-mail or via one of our contact forms is Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to your request). If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

We may transfer personal data to other entities within our Medisana group of companies or grant them access to this data. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate business and economic interests (Art. 6 para. 1 lit. f GDPR).

3. Ordering goods / online store

When you place an order in our online store, we store your required personal data for the purposes of

  • Sending a confirmation of receipt and, if applicable, an order confirmation as well as status reports on the dispatch of the ordered goods;
  • Payment processing;
  • Invoicing of the ordered goods;
  • Delivery of the goods you have ordered;
  • Processing of revocation, complaints, after-sales service

The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of contract).

3.1. Shopware eCommerce software

We use the Shopware eCommerce solution to provide our online store. The provider is shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany. Shopware stores cookies in your browser to ensure the basic functions of the store. Cookies are used, for example, to enable shopping cart content, login status and CSRF protection. Shopware cannot be used without allowing cookies in the browser. Shopware only stores IDs in your browser, the assignment to the respective information takes place in the application area. Shopware uses the session cookie to decide whether you have an active shopping cart and whether you are logged in. It therefore serves as identification between your browser and the server. Apart from the session ID, no other information is stored in the browser. You can find more information about Shopware at https://www.shopware.com/de/datenschutz/

3.2. Customer account

You have the option of creating a customer account in our online store. To do this, we need your personal data, which can be seen from the input mask. Mandatory information is: Your e- mail address, first and last name, street and house number, zip code and city as well as the country. In addition, a password of your choice is required. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contract / contract fulfillment). When you register a customer account, we store your IP address and your access time in order to be able to prove registration and prevent any misuse of the customer account. If you have voluntarily created a customer account, we process your personal data in order to register you as a customer for future potential visits or purchases of goods in our online store, so that you do not have to re-enter this data required for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR) for further orders. You also have the option of viewing previous purchases in your customer account and saving "favorites" for future orders.

3.3. Guest account

As an online retailer, we are obliged to offer a so-called guest account - without registration requirement (customer account) - in the ordering process. In order to process your order via the guest account, we require personal data as part of your purchase, which can be seen from the input mask. Mandatory details are: Your e-mail address, first and last name, street and house number, postal code and city, and country. Your personal data will be processed exclusively for the purpose of the one-time order of goods (Art. 6 para. 1 lit. b GDPR; contract fulfillment). After completion of the order, your personal data will be processed exclusively for the fulfillment of legal obligations (e.g. due to retention periods, processing of complaints, warranty claims, etc.). The legal basis is Art. 6 para. 1 lit. c GDPR. As soon as these purposes have been fulfilled or the deadlines have expired, your data will be deleted by us.

3.4. Payment methods / payment service providers

To process the various payment options (including PayPal, Sofortüberweisung, Visa, Mastercard, Klarna), we use the external payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands, to whom we pass on the data you provide during the ordering process exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. If necessary, the service provider "Mollie" will transmit your data to the payment company to process the payment method you have selected. The payment companies also collect some of the data themselves. Further information on data protection at the payment service provider can be found at: https://www.mollie.com/de/privacy

3.5. Data transfer / recipients of personal data

In order to process your order, we transmit your personal data to companies commissioned by us, such as transport/forwarding companies (name and address) and payment service providers (invoice number, invoice amount, name and invoice/delivery address). The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of contract).

4. Complaints / Warranty processing

The personal data required in the context of a complaint and/or warranty processing will only be collected and processed for the respective purpose of the complaint / warranty processing. The data required for processing the complaint / warranty processing can be seen in the input mask of the form. Mandatory information is: First and last name, street and house number, zip code and city, country and the order or RMA number. The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of a contract).

In the context of a complaint and/or warranty processing, it may be necessary for your data to be transmitted to one of our service partners for service processing, who will carry out the replacement/repair of a complaint and/or warranty processing on our behalf. The legal basis for this is Art. 6 para. 1 lit. b GDPR (performance of a contract).

In the context of a complaint and/or warranty processing, it may also be necessary for your personal data to be transmitted to the shipping/forwarding company commissioned with the delivery. The legal basis for this is Art. 6 para. 1 lit. b GDPR (fulfillment of a contract).

Data is not passed on to other third parties. We take technical and organizational measures to ensure compliance with data protection regulations and also oblige our external service providers to do the same.

5. Online Help Center / Support

We use the ticket system of the provider Zendesk Inc. ("Zendesk"), 989 Market Street 300, San Francisco, CA 94102, USA, to process and handle service and support requests. In Germany, the provider is represented by Zendesk GmbH c/o Taylor Wessing, Neue Schönhauser Str. 3-5, 10178 Berlin. The legal basis is Art. 6 para. 1 lit f. GDPR. Our legitimate interest lies in the fast and efficient processing of your service and support request.

We offer you the opportunity to send us service and support requests via a chat window. The chat functions are provided by Zendesk. If you use the chat window, we store your IP address as well as yourchat messages. You can only send requests by entering your e-mail address and without giving your name. The message sent to us is stored in the CRM system of Zendesk in the protected area (medisana.zendesk.com). The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of a contract).

You also have the option of registering for our online helpdesk. Your first and last name and your email address are required for registration. The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of a contract). The personal data required in the context of a service and support request is collected and processed exclusively for processing or answering your service and support request.

This may also result in your data being transferred to the provider's servers in the USA. We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Zendesk Inc. is certified under the new EU-US Privacy Framework. We have concluded an order processing contract with the provider within the meaning of Art. 28 GDPR.

Further information on the provider's data protection can be found at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/

If you do not agree to us processing your request via Zendesk, you can alternatively communicate with us by telephone.

6. Webhosting

Web hosting is provided by a web hosting provider in Germany commissioned by us. The server location is Germany. The legal basis is Art. 6 para. 1 lit. f GDPR (provision of our online offer). We have concluded an order processing contract with the provider within the meaning of Art. 28 GDPR.

7. Cookies

We use cookies on our website to make our website more user-friendly, effective and secure overall, e.g. when it comes to speeding up navigation on our website. We also use cookies to analyse access to our website and to personalize content and advertisements.

In accordance with the law, we can store cookies on your device if they are absolutely necessary for the operation of our website. For all other types of cookies, we require your consent, which you can give us via our cookie banner when you visit our website.

We use different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time via the cookie banner on our website.

The use of cookies also depends on the settings of the web browser you are using (e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this setting. You can delete existing cookies at any time. The consent (= approval) to, rejection or deletion of cookies is linked to the device used and also to the web browser used. If you use several devices or web browsers, you can make different decisions or settings in each case.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for tracking/analysis purposes is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 25 para. 1 TDDDG if you have given your consent. § 25 para. 1 TDDDG.

Below you will find an overview of the cookies used, the provider of the cookie and the purpose and storage period.

You can find information on the cookies used in our cookie banner in the "Services" tab. You can access this at any time under "Cookie settings".

8. Newsletter

After you have expressly registered for our newsletter, you will regularly receive interesting offers by email. When you register for our newsletter, we save your IP address, the date, and time of your registration. This is in case a third party misuses your email address and subscribes to our newsletter without your knowledge. We do not collect any other data. The data collected in this way is used exclusively for the subscription to our newsletter. It will not be passed on to third parties.

You can cancel your subscription to our newsletter at any time. Details on this can be found in the confirmation email and in each individual newsletter. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your email address will therefore be stored for as long as the subscription to the newsletter is active.

8.1. Data transfer for newsletter dispatch

We use the "JUNE" service to send our newsletter. The provider is June - Online Marketing GmbH, Große Johannisstraße 3, 20457 Hamburg. The data is stored in German data centers. The legal basis for the use of the service provider is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in sending our newsletter as reliably as possible.

With the help of the service, we can organize and analyze our newsletter mailing. During the analysis, we can evaluate how many recipients have opened the newsletter and how often each link in the newsletter was clicked on. With the help of conversion tracking, we can also analyze whether a predefined action (e.g., purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis by JUNE newsletters can be found at: https://juneapp.com/email-marketing/.

The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by "JUNE", please unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can revoke your consent to receive the newsletter at any time with effect for the future by sending an email to info@medisana.com.

We have concluded a corresponding data processing agreement within the meaning of Art. 28 GDPR with the provider "JUNE". Further information on the provider's data protection can be found at: https://juneapp.com/imprint/.

9. Competitions

From time to time, we offer you the opportunity to take part in competitions on our website. If you take part in one of our competitions, the data you enter when participating will be processed without your further consent solely for the purpose of conducting and handling the respective competition, checking eligibility, and determining and notifying the winner(s). We may collect and process additional data, e.g., your postal address, for the purpose of sending and delivering prizes. In individual cases, a telephone number must also be provided if it is necessary to contact you at short notice in order to send and deliver prizes. The legal basis for the processing procedure is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent to the processing of data for participation in our competitions at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your withdrawal. After the end of the competition, your data processed as part of the competition will generally be deleted within 14 days, provided that there are no retention periods preventing the deletion of the data.

9.1. Data transfer in the context of competitions

As part of the processing of the competition, we will pass on your data to the transport/shipping company commissioned with the delivery of the goods or to a financial service provider, insofar as the transfer is necessary for the delivery or payment of your prize. If your data is published in the event of a win, you will be informed of this in the declaration of consent.

10. Use of website plugins / third-party providers / analysis and tracking technologies

10.1. Consent management / consent with "UserCentrics" ("cookie banner")

We use the consent technology of the provider "UserCentrics GmbH, Sendlinger Straße 7, 80331 Munich" to obtain and document your consent to the storage of cookies requiring consent. When you visit our website, a connection is established to the servers of "UserCentrics" in order to obtain your consent/revocation to the use of cookies. For this purpose, your IP address, information about your browser and your end device as well as the time of your visit to the website are transmitted. "UserCentrics" then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data processing is carried out to fulfill our legal obligation on the basis of Art. 6 para. 1 lit. c GDPR i.V.m. § 25 TDDDG. We have concluded an order processing contract with the provider within the meaning of Art. 28 GDPR.

10.2. Google Analytics 4

If you have given us your consent via our cookie banner, we use "Google Analytics 4" on this website, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable your use of our website to be analyzed. With "Google Analytics 4", the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • Start of the session
  • Pages visited on our website
  • Your "click path" (interaction with our website)
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Viewed / clicked ads
  • Language setting
  • Your approximate location (region)
  • Date and time of the visit
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • Your Internet provider
  • The referrer URL (via which website/advertising medium you came to this website)

Google will use this information on our behalf to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns. We have concluded a data protection contract (order processing contract) with the provider within the meaning of Art. 28 GDPR. We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to other third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information on the terms of use of Google Analytics and data protection at Google at: https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

10.3. Google Maps

On some pages of our website, we use the "Google Maps" API, a map service of the provider Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), to display an interactive map. The legal basis is Art. 6 para. 1 lit. f GDPR (interest in the optimization and economic operation of our online offer). By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there.

We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. "Google" may transfer the information obtained through "Google Maps" to third parties where required to do so by law, or where such third parties process the information on Google's behalf. It cannot be ruled out that personal data and personality profiles of users of the website may be processed by Google for other purposes over which we have and can have no influence. This and the fact that data is transferred to the USA is problematic for data protection reasons. Information on data protection and terms of use for Google Maps can be found at https://www.google.com/intl/de_DE/help/terms_maps/.

10.4. Google Tag Manager

We use the "Google Tag Manager (GTM)" on our website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). With the help of this tool, we can integrate codes and services on our website. The "Google Tag Manager" itself does not create any user profiles, does not carry out any independent analyses/evaluations, and does not store any cookies, but is only used to manage and display the tools integrated via the GTM. However, the tool records your IP address, which may also be transmitted to servers in the USA.

We have concluded a data protection contract (order processing contract) within the meaning of Art. 28 GDPR with the provider. We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to other third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The use of this service is based on your consent via our cookie banner (consent tool) in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. Further information on the provider's data protection can be found at https://policies.google.com/privacy?hl=de.

10.5. Google Ads and conversion

On our website, we use "Google Ads", an online advertising program of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This enables us to display advertisements in the Google search engine or on third-party websites when the user/website visitor enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g., location data and interests) (target group targeting). If you access our website via a Google ad, Google Ads will store a cookie on your PC. As the website operator, we can evaluate this data quantitatively, for example, by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks. For this purpose, we receive a statistical evaluation from Google without personal data or personal reference.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. Further information on the provider's data protection can be found at https://policies.google.com/privacy?hl=de.

10.6. Google reCAPTCHA

We integrate the "reCAPTCHA" function on our website. The provider of the service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The tool is used to check whether a data entry (e.g., in online forms) is made by a human or by an automated program ("bots"). For this purpose, "reCAPTCHA" analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website and runs completely in the background. "reCAPTCHA" evaluates various information (e.g., IP address, language settings, browser used, time spent on the website by the website visitor, or mouse movements made by the user, etc.). The transmission of data to Google servers in the USA is not excluded.

We have concluded a data protection contract (order processing contract) within the meaning of Art. 28 GDPR with the provider. We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to other third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to protect our website from abusive automated spying and from "spam". Further information on the provider's data protection can be found at https://policies.google.com/privacy?hl=de.

10.7. YouTube

We have implemented videos on our website that are stored by the service provider "YouTube" (a service of the provider Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")) and integrated on our website. We use the "extended data protection" option provided by "Google", so that your consent to our marketing cookies is required to play the videos, as "YouTube" stores cookies (statistics/tracking cookies) on your end device. The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

If you have consented to the corresponding marketing cookies and you call up a page that has an embedded YouTube video, a connection to the "Google" servers in the USA is established and the content is displayed on the website by notifying the browser of your end device. According to "Google", in "extended data protection mode" your data - in particular, which of our websites you have visited and device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission. If you are logged in to "Google" at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your Google account before visiting our website. In some cases, information is transmitted to the parent company Google Inc. based in the USA, to other Google companies, and to external Google partners, some of which may be located outside the European Union.

We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Google LLC is certified under the new EU-US Privacy Framework. Since "Google" servers are distributed worldwide and a transfer to other third countries (e.g., Singapore) cannot be completely ruled out, "Google" uses the standard contractual clauses approved by the European Commission and relies on the adequacy decisions issued by the European Commission with regard to certain countries.

Further information on data protection in connection with YouTube and other "Google" services can be found at https://policies.google.com/privacy?hl=de.

10.8. Linking to social media pages

We have included social media logos from Facebook, Instagram, "X", YouTube, TikTok, and LinkedIn on our website (hereinafter referred to as "providers"), which redirect you to our profiles stored with the respective providers and are intended to enable you to follow us there.

Facebook is a service of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. In the EU, this service is in turn operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as "Facebook".

Data protection information of the provider: https://www.facebook.com/about/privacy

Instagram is a service of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. In the EU, this service is in turn operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Data protection information of the provider: https://privacycenter.instagram.com/policy/

"X" (formerly Twitter) is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Data protection information of the provider: https://twitter.com/de/privacy

YouTube is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the EU, this service is in turn operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data protection information of the provider: https://policies.google.com/privacy?hl=de

TikTok is a service of TikTok Pte. Ltd, 1 Raffles Quay, #26-10, South Tower, Singapore 048583, which in turn is operated in the EU by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Data protection information of the provider: https://policies.google.com/privacy?hl=de

LinkedIn is a service of LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA. In the EU, this service is in turn operated by LinkedIn, Sendlinger Str. 12, Hofstatt, 80331 Munich, Germany.

Data protection information of the provider: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

For data protection reasons, we have only implemented a link to our respective profiles with the providers. This means that no data about you is transferred to the providers unless you click on the respective social media logo. However, as soon as you click on the link we have set to our respective profile, you will be redirected to the provider's website, which will result in data being transferred to the respective provider. We have no influence on this, possibly personal, data transfer and data collection to/from the providers. We also have no knowledge of the individual purposes of this data processing or its scope and storage duration. We also do not know whether the providers carry out deletions, generate or assign profiles, or set anonymizations, and this is also not within our sphere of influence.

If you are logged in to one of the aforementioned providers at the same time as clicking on the respective link implemented on our website, the data collected by the provider when you access their website will be directly assigned to your profile there.

The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f GDPR. If users are asked by the respective providers to consent to data processing (i.e., to give their consent, e.g., by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection notices and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted with the respective provider, as they have access to the user's data and can take appropriate measures and provide information.

10.9. Use of Meta Ads Pixel

If you have given us your consent via our cookie banner, we use the Meta Ads Pixel on our website, a service of Meta Platforms, Inc, 1601 Willow Road Menlo Park, California 94025, USA. In the EU, this service is in turn operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter referred to as "Facebook". This is a service that can be used to create advertisements for Facebook. Meta Ads Pixel is a script to measure ad success. The data is usually transferred to a meta server in the USA. We would like to point out that the EU Commission adopted an adequacy decision for the USA on 10.07.2023 (Art. 45 GDPR). Meta Platforms, Inc. is certified under the new EU-US Privacy Framework.

The use of this service is based on your consent via our cookie banner (consent tool) in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

10.10. Use of the Instagram plugin "LightWidget"

On our website, we use the "LightWidget" service of the provider Black Sail Division, Molczyn 17 street, Leszna Gorna, 43-445 Dziegielow. This allows us to display Instagram content directly on the website. We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, and the storage periods of the plug-in provider. We also have no information on the deletion of the data collected by the plug-in provider. The plugin provider stores log data (e.g., device IP number, connection information, browser type and version, operating system, mobile platform, individual device ID, etc.) mainly to ensure the display of our Instagram content, to prevent attacks and to comply with legal regulations on log data collection. The legal basis for the use of the plugins is Art. 6 para. 1 lit. f GDPR (our legitimate interest).

Further information on the purpose and scope of data collection and its processing by LightWidget can be found in the provider's privacy policy at https://lightwidget.com/privacy.

10.11. Use of the "TikTok" pixel

If you have given us your consent via our cookie banner, we use the so-called "TikTok" pixel of the social network "TikTok" on our website. The service is offered in the EU by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and in the UK by TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom. If you have given your consent to the use of cookies requiring consent, your browser will establish a direct connection to the "TikTok" servers via the "TikTok" pixel. The pixel receives the information that you have accessed a specific page of our website or clicked on one of our ads.

The "TikTok" pixel enables us to identify visitors to our website as a target group for advertising (ads) within the "TikTok" service. In addition, the "TikTok" pixel enables us to place or display advertisements only to those users who are also interested in our offers and services. We can only evaluate the degree of effectiveness of the advertisements we place on "TikTok" anonymously.

Information on how "TikTok" collects, uses, and protects the information collected with the "TikTok" pixel can be found in detail in the privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/deThe use of this service is based on your consent via our cookie banner (consent tool) in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

10.12. "Trustbadge" / Trusted Shops seal of approval

We have integrated the "Trusted Shops" seal of approval on our website. This serves to display the reviews collected about us as well as offers of Trusted Shops products for buyers after an order. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimal marketing of our offer. The provider of the trust badge is "Trusted Shops GmbH, Subbelrather Str. 15c, 50829 Cologne".

The trust badge is provided by a US CDN provider (content delivery network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

Further personal data will only be transmitted to Trusted Shops if you have consented to this (Art. 6 para. 1 lit. a GDPR), if you decide to use Trusted Shops products after completing an order (Art. 6 para. 1 lit. b GDPR) or if you have already registered for use. In this case, the contractual agreement concluded between you and Trusted Shops applies.

Further information and Trusted Shops' privacy policy can be found at:

https://shop.trustedshops.com/de/datenschutz

10.12.1. Data processing after order completion

If you have given your consent, the Trustbadge accesses the order information stored in your end device (order number, order total, product purchased if applicable) and e-mail address after the order has been completed. Your e-mail address is hashed using a one-way cryptographic function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 para. 1 lit. a GDPR.

This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing will take place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then be given the opportunity to register manually for the use of the services or to complete the protection as part of your existing user contract.

For this purpose, the Trustbadge accesses the following information, which is stored in the end device you are using, after you have completed your order: Order total, order number and e-mail address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops if you actively decide to take out buyer protection by clicking on the correspondingly labeled button in the so-called Trustcard. If you decide to use the services, the further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection and to secure the order and, if necessary, to be able to send you evaluation invitations by e-mail afterwards.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA and here for Israel. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

10.13. Integration of third-party services and content

It may happen that third-party content, such as RSS feeds or graphics from other websites, is integrated into our website. This is done on the basis of our legitimate interest (interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") are aware of the IP address of the users. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g., for statistical purposes. Insofar as we are aware of this, we will inform users accordingly.

11. Publication of job advertisements

You have the opportunity to apply for vacancies in our company. By clicking on the menu item "Jobs" / "Job exchange", you can access the vacancies offered in our company. If you apply for an advertised position, your application data will be collected and processed electronically in our applicant management system "HR Works" for the purpose of handling the application process. We have concluded an order processing contract within the meaning of Art. 28 GDPR with the provider. Only the employees or department heads involved in the application process have access to the application data.

If your application is followed by the conclusion of an employment contract, your submitted data may be stored by us in your personnel file for the purpose of the usual organizational and administrative process in compliance with the relevant legal regulations. Pursuant to Section 26 (1) sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR, the collection of data required for the establishment of the employment relationship is lawful. If you voluntarily provide us with information about yourself that goes beyond what is necessary, this is done on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR.

As part of the processing, your data may be transferred to persons within our company, as well as service providers who are contractually bound and obliged to maintain confidentiality and who perform partial tasks of data processing.

If an application is rejected, we delete the data transmitted to us six months after notification of the rejection. However, the data will not be deleted if the data requires longer storage of up to six months due to legal provisions, e.g., due to the burden of proof under the AGG, or until the conclusion of legal proceedings.

You also have the option of being included in our talent pool (applicant pool). For this we require your voluntary consent, e.g., by clicking on the corresponding consent box. Your application will be stored in the talent pool (applicant pool) for a maximum of 12 months, after which we will automatically delete your data. The legal basis for this is Art. 6 para. 1 lit. a GDPR (your consent). You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by making a declaration to us with effect for the future.

Our "Data protection information for applicants" can be found at:

https://www.medisana.de/out/pictures/ddmedia/Medisana_Datenschutzerkla%CC%88rung_Bewerbung.pdf

12. Rights of data subjects

According to the General Data Protection Regulation (GDPR), you have so-called "data subject rights". These are essentially vis-à-vis us:

  • Right to information at the latest at the time of collection in accordance with Art. 13 GDPR, which we comply with through this data protection information.
  • Right to information in accordance with Art. 15 GDPR
  • Right to rectification of your data in accordance with Art. 16 GDPR
  • Right to erasure in accordance with Art. 17 GDPR
  • Right to restriction of processing in accordance with Art. 18 GDPR
  • Under the legal requirements, you have the right to object to the processing of personal data concerning you (Art. 21 GDPR) on grounds relating to your particular situation.
  • Furthermore, in accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future. The legality of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.
  • Where applicable: Right to data portability pursuant to Art. 20 GDPR

We will support you in asserting your rights in accordance with the GDPR and other legislation. For inquiries regarding the exercise of your rights, please contact the above-mentioned office of our company. Please understand that we can only provide personal information in the interest of the rights of other persons if you can identify yourself appropriately.

In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with a supervisory authority of your choice. The data protection supervisory authority responsible for our company is:

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, telephone: 0211/38424-0, e-mail: poststelle@ldi.nrw.de

13. Data security

Your personal data is encrypted using TLS over the Internet during the online booking process, when using our contact forms, and when registering for the newsletter. We use technical and organizational measures to secure our website and other systems against loss, destruction, access, modification, or dissemination of your data by unauthorized persons.

14. Deletion and restriction (blocking) of personal data

The deletion and restriction (blocking) of your personal data takes place after the purpose limitation has ceased to apply, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract, taking into account retention periods based on laws and/or tax regulations.

15. Contact possibility

You have the option of contacting us by telephone, e-mail, and/or via a contact form. In this case, the information you provide will be stored for the purpose of processing your contact. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR. When you contact us, your personal data may be forwarded internally to the relevant department for processing. Your data will not be passed on to third parties. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal retention periods to the contrary.

16. Links to websites of other providers

If we provide links to websites of other companies/organizations, the data protection notices and declarations there apply. We have no influence on whether these providers comply with the data protection regulations.

17. Amendment and updating of the data protection information

Our data protection information may be updated due to changes in the data processing carried out by us, changes in the law, court rulings, changes to our company's contact information, etc. We therefore ask you to inform yourself regularly about the content of our data protection information.

Status of the data protection information: 11.11.2024