Data protection law
We would now like to ask you to read the following summary of the function of our website carefully.
This privacy notice informs you about how we use your personal data. We will strictly adhere to the provisions of the German Data Protection Act and the requirements of the European General Data Protection Regulation (GDPR).
Controller and contact for your data protection
The controller in accordance with the General Data Protection Regulation, other data protection laws which apply in the member states of the European Union and any other statutory data protection regulations is:
GVB-geliMED GmbH, Ginsterweg 4a, 239795 Bad Segeberg
Tel.: 04551 – 956730
Scope of personal data processing
Basically, we collect and use your personal data only where this is required to provide a functional website and its contents and services, e.g. if you register on our website, log into an existing customer account or order products. Your personal data are collected and used only with your consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and statutory regulations permit processing of the data.
The security of your personal data is a high priority to us. We use appropriate technical measures in order to protect your personal data stored by us using Shopware, and organisational measures by us personally, to effectively prevent loss or misuse by third parties. If further employees are hired who process personal data, they will have a responsibility and obligation to our data secrecy, and must strictly adhere to this.
In order to ensure the permanent protection of your data, the technical security measures are regularly reviewed, and if necessary updated according to the state of the art. These principles also apply to companies who process and use the data on our behalf and in accordance with our instructions.
Processing purposes and legal bases of processing your personal data
We collect, process and use your personal data for the following purposes:
- Drafting and executing contracts
- Sending print products
- Sending newsletters (newsletters are only sent at your express request)
- Customer service and support
- Provision of telemedia, e.g. for order processing of our online offering of goods and services
The processing of your personal data can have the following legal bases:
- Point (a) of Article 6(1) GDPR serves our company as a legal basis for the processing operations for which we obtain consent for a specific processing purpose.
- If personal data processing is necessary to perform a contract, e.g. when you purchase a product, point (b) of Article 6(1) GDPR serves as a legal basis. The same applies to any processing operations that are necessary for the implementation of pre-contractual measures, e.g. in cases of requests regarding our products or services.
- Where personal data processing is necessary for compliance with a legal obligation to which I am subject, the legal basis is point (c) of Article 6(1) GDPR.
- If processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is point (d) of Article 6(1) GDPR.
- Point (f) of Article 6(1) GDPR applies on the basis of our legitimate interest, e.g. in the case of using service providers in the scope of order processing, such as dispatch service providers or when carrying out statistical collection and analyses, and recording registration procedures. Our interest is oriented towards a user-friendly, appealing and secure presentation and optimisation of our web offering, which both serves our business interests and meets your expectations.
Duration of storage and routine erasure of personal data
We will only process and store your personal data for the period which is necessary for achieving the purpose of its storage, or insofar as this has been provided for by laws or regulations. After the respective purpose has ceased to exist or been fulfilled, your personal data will be blocked or erased. In the case of blocking, the erasure takes place as soon as no legal, statutory or contractual storage periods prevent it, there is no reason to assume that erasure would impair your legitimate interests, and an erasure would not cause disproportionately high effort due to the particular type of storage.
Collection of general data and information, log files
Our shop page collects a range of general data and information with every access on the basis of point (f) of Article 6(1) GDPR, which is stored temporarily in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following could be collected:
- Access to the website (date, time and frequency)
- How you reached the website (previous page, hyperlink, etc.)
- Amount of sent data
- Which browser and which browser version you use
- The operating system that you use
- Which internet service provider you use
- Your IP address, which your internet access provider assigns to your computer on connection to the internet
The collection and storage of these data are necessary for the operation of the website, to ensure the functioning of the website and deliver the content of our website correctly. In addition, the data serve to optimise the website and to ensure the security of the IT systems of Shopware. For this reason, the data are stored for a maximum of 7 days as a technical precaution.
These data are used for the purposes of advertising, market research and needs-oriented design of our services, by creating and evaluating usage profiles under pseudonyms, however, only if you have not made use of your right to object to this usage (see instructions on the right to object under “Your rights”).
Sending information about our offering and special events, and other messages e.g. newsletter
We use your data to send information ordered by you about our offering and other events to the e-mail address stated by you. The consent to sending is based on point (a) of Article 6(1) and Article 7 GDPR and Section 7(3) German Unfair Competition Act (UWG).
a) Newsletter unsubscription on our website
Our website offers the possibility to subscribe to a free newsletter. In this case, the data entered in the input screen upon subscription to the newsletter is transferred to our system, at least your e-mail address.
b) Sending on the basis of sales of goods and services
If you purchase goods or services from our website, information about our own or similar goods or services can be sent to your stated e-mail address, even without your consent.
c) Sending by post
We can also use your data to send information about our offers and other events by post.
Specific information messages that are necessary for contract processing and the function of our website, for example for the service (e.g. confirmation of registration, information about customer service) or a payable package, such as order confirmation, payment processing, cannot be unsubscribed. You will receive these messages at the contact information stated by you.
Processing personal data when contacting us, during registration or guest ordering
a) Contacting us
On our shop page, we give you the possibility of registering by stating personal data. The data will be entered into the input screen and transferred to our system and stored. The registration serves the performance of a contract, or the implementation of pre-contractual measures, and is therefore based on point (b) of Article 6(1) GDPR.
For the completion and processing of contracts, according to individual cases, we require contact details, such as name, delivery and billing address and e-mail address, and details on the type of payment method chosen by you. Furthermore, we use your data to maintain our customer database, so that only relevant data is stored there. To avoid typos and ensure that your ordered articles arrive, we check that your address is complete and correct on entry.
On the basis of points (c) and (f) of Article 6(1) GDPR, we use and store your personal data and technical information to prevent or trace abuse or other unlawful behaviour on our website, e.g. to maintain data security in the case of attacks on the IT system of Shopware. This is also done as far as we are legally obliged to do so, i.e. on the basis of official or legal order, and for the performance of our rights and claims and for legal defence.
Disclosure of personal data to third parties
On disclosure of your personal data to third parties (tax adviser, dispatch service provider, direct suppliers), and/or for internal processing, we consistently ensure the highest possible level of security. Therefore, your data will only be disclosed to our selected and contractually obliged service providers and partner companies. In addition, we will only disclose your data to places within the European Economic Area, and which are therefore subject to strict EU data protection law, or are obliged to adhere to an appropriate level of protection.
a) Disclosure within affiliated enterprises in accordance with point (b) of Article 6(1) GDPR
We disclose your personal data to affiliated enterprises in Germany for the completion and processing of contracts, regarding the content of our website, for storage in central databases, and for in-house invoicing and accounting purposes.
b) Access of service providers according to points (b) and (f) of Article 6 (1) GDPR
Shopware works for us for the operation and optimisation of our website and the technical processing, e.g. for IT services or hosting within our website. Shopware may not access our system without our consent. If this is necessary for technical reasons, then they are obliged to strictly adhere to points (b) and (f) of Article 6(1) GDPR.
In contrast to order processing, in the following cases, we transfer data to third parties,for independent usage for contract processing:
- On delivery of goods to logistics companies and the post service provider stated on the order.
c) Disclosure to other third parties according to points (c) and (f) of Article 6(1) GDPR
We will disclose your data to third parties or government authorities in the scope of the existing data protection law, if we are legally obliged to do so, e.g. due to official or legal order, or if we are authorised to do so, e.g. because this is required to prosecute crimes or for the performance of our rights and claims.
Requested information will be provided immediately, at the latest within a month of request.
You have the right to information about personal data, to view your data, to request a rectification or have it erased.
In the case of a legitimate complaint, you can contact the Independent Regional Centre for Data Protection.
Independent Regional Centre for Data Protection
Postfach 71 16
Telephone: 0431 988-1200
Fax: 0431 988-1223
Links to websites of other companies
Our website may contain links to websites of other companies. We are not responsible for the data protection arrangements on any external websites that you can access using such links.
Changes to the privacy notice
In order to guarantee that our privacy notice is always in line with the current legal provisions, we reserve the right to make amendments at any time. This also applies in the case that the privacy notice needs to be amended due to new or revised offerings or services.
Data protection officer
23795 Bad Segeberg
Version: May 2018