Information for suppliers and service providers

Data protection information for customers and interested parties in accordance with Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Data protection is an important concern for us. Below we inform you how we process your data and what rights you are entitled to.

1. who is responsible for data processing and who can you contact?

VOMED Volzer Medizintechnik GmbH & Co. KG
In Göhren 25
78532 Tuttlingen
Phone: +49 7461 965700
Fax: +49 7461 9657050
E-mail address: datenschutz(at)vomed.de

2. contact details of the data protection officer

Edmund Hilt
hilt evolution
datenschutz(at)hilt-evolution.com

3. processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of individual data depends on the agreed or requested service. You can find further details and additions to the processing purposes in our contract documents, forms, declarations of consent and other information provided to you (e.g. on the website or in the terms and conditions).

3.1 Consent (Art. 6 para. 1 letter a GDPR)

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there; you can revoke your consent at any time with effect for the future.

3.2 Fulfillment of contractual obligations (Art. 6 para. 1 letter b GDPR)

We process your personal data for the performance of our contracts with you. Furthermore, your personal data will be processed to carry out measures and activities in the context of pre-contractual relationships.

3.3 Fulfillment of legal obligations (Art. 6 para. 1 c GDPR)

We process your personal data if this is necessary to fulfill legal obligations (e.g. commercial and tax laws).

 

Furthermore, we may process your data to prevent, combat and investigate the financing of terrorism and criminal offenses that endanger assets, for comparisons with European and international anti-terror lists, to fulfill tax control and reporting obligations and to archive data for the purposes of data protection and data security as well as for audits by tax, customs and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

3.4 Legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

We may also use your personal data on the basis of a balancing of interests to protect our legitimate interests or those of third parties. This is done for the following purposes:

- for advertising or market research, if you have not objected to the use of your data.

- for obtaining information and exchanging data with credit agencies if this goes beyond our economic risk.

- for the limited storage of your data if deletion is not possible or only possible with disproportionate effort due to the special type of storage.

- for comparison with European and international anti-terror lists, if this goes beyond the legal obligations.

- for the further development of services and products as well as existing systems and processes.

- for the enrichment of our data through the use or research of publicly available data.

- for statistical evaluations or for market analyses.

- for the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship.

- for internal and external investigations and/or security checks.

- for the possible monitoring or recording of telephone conversations for quality control and training purposes.

- for certifications of private law or official matters.

- for securing and exercising our domiciliary rights through appropriate measures (e.g. video surveillance).

 

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

4. categories of personal data processed by us

The following data is processed:

- Personal data (name, department, profession/industry and comparable data)

- Contact details (address, e-mail address, telephone number and similar data)

- Customer history

We also process personal data from public sources (e.g. internet, media, press, commercial and association registers, population registers, debtor registers, land registers, etc.).

5 Who receives your data?

We pass on your personal data within our company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest.

In addition, the following bodies may receive your data:

- Processors used by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer administration, letter stores, marketing, telephony, website management, tax consulting, auditing services, credit institutions

- public bodies and institutions in the event of a legal or official obligation according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest

- bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory bodies)

- other bodies for which you have given us your consent to transfer data

6. transfer of your data to a third country or to an international organization

Data processing outside the EU or the EEA does not take place.

7 How long do we store your data?

Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified therein are up to ten years after the end of the business relationship or the pre-contractual legal relationship.

 

Ultimately, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

8. to what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

9. your data protection rights

You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In principle, there is a right to object to the processing of personal data by us in accordance with Article 21 GDPR. However, this right to object only applies if there are very special circumstances relating to your personal situation, whereby our company's rights may conflict with your right to object. If you wish to assert one of these rights, please contact our data protection officer (see point 2).

10. scope of your obligations to provide us with your data

You only need to provide the data that is required for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

11. information about your right to object Art 21 GDPR

You have the right to object at any time to the processing of your data on the basis of Art. 6 (1) f GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1) e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

 

We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time. This also applies to profiling insofar as it is associated with such direct advertising. We will observe this objection for the future.

 

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

 

The objection can be sent informally to the address listed under point 1.

12. your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR).
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information https://www.baden-wuerttemberg.datenschutz.de

VOMED Volzer Medizintechnik GmbH & Co. KG
In Göhren 25
78532 Tuttlingen

WordPress Cookie Notice by Real Cookie Banner