Privacy policy

§ 1 Information on the collection of personal data

(1) Below we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) Responsible according to Article 4 paragraph 7 EU General Data Protection Regulation (GDPR) is medisana GmbH, Carl-Schurz-Straße 2, 41460 Neuss, info@medisana.de, www.medisana.de (see our legal notice). You can contact our data protection officer at datenschutz.ne@medisana.de or at our postal address with the addition “the data protection officer”.

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We also specify the defined criteria for the storage period.

§ 2 Your rights

(1) You have the following rights vis-à-vis us with regard to your personal data:

– Right to information,

– Right to rectification or erasure,

– Right to restriction of processing,

– Right to object to the processing,

– Right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Collection of personal data when visiting our website

(1) If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

– IP-Adress

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Website from which the request comes

– Browser

– Operating system and its interface

– Language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot run programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.

(3) Use of cookies:

a) This website uses the following types of cookies, the scope and function of which are explained below:

– Transient cookies (see b)

– Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.

e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

f) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiration date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/?src=search ) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.

§ 4 Further functions and offers on our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must generally provide further personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§ 5 Use of our webshop

(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. We process the data you provide to process your order. We may pass on your payment details to our bank for this purpose. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR.

You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under “My account”, the data you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer area.

We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

(2) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we will restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

§ 6 Objection or revocation against the processing of your data

(1) Falls Sie eine Einwilligung zur Verarbeitung Ihrer Daten erteilt haben, können Sie diese jederzeit widerrufen. Such a revocation affects the permissibility of the processing of your personal data after you have declared it to us.

(2) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not required in particular to fulfill a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: medisana GmbH, Carl-Schurz-Straße 2, 41460 Neuss, info@medisana.de, Phone: +49 (0) 2131 / 36 68 0, Fax: +49 (0) 2131 / 36 68 50 95.

§ 7 Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

(4)You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, via a form on the website or by e-mail to m-news@medisana.de.

(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. Links in the newsletter also contain this ID.

We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you take on our website.

You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

§ 8 Use of Google Analytics for web analysis

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. („Google“). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form, so that they cannot be traced back to individuals. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is therefore immediately deleted.

(5) We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html , and the privacy policy: http://www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

§ 9 Social media and YouTube

1. Use of social media plugins

(1) Wir setzen derzeit folgende Social-Media-Plug-ins ein: Facebook, Instagram. We use the so-called two-click solution. This means that when you visit our website, no personal data is initially passed on to the providers of the plugins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under § 3 of this declaration will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plugin, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). As the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.

(2) We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f GDPR.

(4) Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection notices:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo .

Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework .

b) Instagram LLC., 1601 Willow Road, Menlo Park, California 94025, USA;

https://help.instagram.com/155833707900388/

2. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

§ 10 Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products to buyers after an order.

This serves to safeguard our legitimate interests in the optimal marketing of our offer, which predominate in the context of a balancing of interests. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not analyzed and is automatically overwritten no later than seven days after the end of your visit to the site.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement made between you and Trusted Shops applies.