Data Privacy Statement according to the General Data Protection Regulation (GDPR)

I. Name and address of the Controller

The responsible Controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

heckel medizintechnik GmbH

Olgastrasse 25
73 728 Esslingen
Deutschland

Tel: ++49 (0)711 - 128989 - 0
Fax: ++49 (0)711 - 128989 - 20

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://www.heckel-hyperthermia.com

 

II. Name and address of the Data Protection Officer

The Data Protection Officer of the Controller is:

Stefan Heckel-Reusser

Olgastrasse 25
73 728 Esslingen
Deutschland

Tel: ++49 (0)711 - 128989 - 0
Fax: ++49 (0)711 - 128989 - 20

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://www.heckel-hyperthermia.com

 

III. General information about data processing


1. Scope of processing of personal data

We collect and use the personal data of our users in principle only as required to host a functional website featuring our content and services. We collect and use the personal data of our users only after they have granted their consent. An exception applies in such cases in which it is not possible to obtain prior consent, and legal provisions require the processing of data.


2. Legal Basis for Processing of personal Data

If we obtain your consent for subjecting your data to processing operations, Art. 6, Para. 1 lit. a of the GDPR serves as the legal basis.

For the processing of personal data as required to fulfill a contract to which you are a contractual party, Art. 6 Para. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations that are required to conduct precontractual measures.

If the processing of personal data is required to fulfill a legal obligation to which heckel medizintechnik GmbH is subject, Art. 6 Para. 1 lit. c of the GDPR serves as the legal basis.

If some vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO is the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, then Art. 6 para. 1 lit. f DSGVO is the legal basis for processing.


3. Data Deletion/Storage Period

Your personal data is deleted or restricted as soon as the purpose of storage no longer holds. In addition, data may be stored if it has been provided by the European or national legislator in EU legal regulations, laws, or other provisions applicable to heckel medizintechnik GmbH. Data may also be restricted or deleted if a storage deadline stipulated by the specified standards has expired unless further storage of the data is required for the conclusion or fulfillment of a contract.

 

IV. Data Processing on the Website and creation of Logfiles


1. Description and Scope of Data Processing

Whenever you access our website, temporary information transmitted by your browser is automatically stored on the (web) servers.

The data recorded in the designated log file includes among others:

  1. Information about the browser used and the used version
  2. The system used by the page visitor
  3. The Internet Service Provider of the user
  4. The pseudonymized IP address of the user (e.g.:  192.168.xxx.xxx)
  5. The date and time of the page visit
  6. Source Websites from which the system of the user reaches our site
  7. Websites, which are reached from system of the user over our Website

The data is also stored in the log files of our system. This data is not stored together with other personal user data.


2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f of the GDPR.


3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary in order to present the website to the user’s computer, thereby enabling our website to be visible to you as a user. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is necessary to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems. No data analysis for marketing purposes occurs in this context.

An additional purpose is our legitimate interest in data processing according to Art. 6 Para. 1 lit. f of the GDPR.


4. Duration of Data Processing

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection.  In case of collection of data for operating the website, data are deleted at the end of the session. In case of storing the data in log files, data are deleted after no more than thirty days. An additional storage is possible. Since the IP addresses of the users are modified, an assignment of the calling client is not possible.


5. Opt-Out and Remowal Option

The collection of data for hosting the website and the storage of data in log files are absolutely necessary for operating the website. To this extent there is no opt-out option for the user.

 

V. Use of Cookies


a) Description and Scope of Data Processing

Our Website also use cookies. Cookies are small data packages or text files that are stored in or by the internet browser on the user’s computer system. If a user views a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic string of characters that enable a unique identification of the browser during another visit to the website:

By using technically necessary cookies, we are able to make our website more user friendly. Several elements of our website require that the viewing browser can also be identified after a page change.

In the cookies following data will be recorded and transmitted: :

  1. Language Setting

In addition, we use analysis cookies that enable an anonymized analysis of the surfing behavior of the user.

In this way, the following data can be transmitted:

  1. Search Keywords
  2. Frequency of page views
  3. Use of Website features

The collect data of the user are anonymized or pseudonymized. Therefore, it is not possible to attribute the data to the user viewing the website. This data is not stored together with other personal user data.

In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

When you view our website, you are informed of the use of cookies for analytic purposes via an info banner (cookie banner) and your consent is obtained for the processing of the personal data used in this context. The banner also makes reference to this privacy policy.


b) Legal Basis for Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f of the GDPR.

Die The legal basis for the processing of personal data using cookies for analytic purposes, subject to the user’s consent, is Art. 6 Para. 1 lit. a of the GDPR.


c) Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for the users.  Several features of our website cannot be offered without the use of cookies, which allow the browser to be re-identified after a page change. We use cookies for the following specific purposes:

The user data collected by technically necessary cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. By using analysis cookies, we learn how the website is used, enabling us to continuously optimize our services.

An additional purpose is our legitimate interest in the processing of personal data according to Art. 6 Para. 1 lit. f of the GDPR.


e) Duration of storage, Opt-out and Remowal Option

Cookies are stored on the user’s computer and transmitted from it to our site. As a user, you have complete control over the use of cookies.

By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that are already stored can be deleted at any time. This can also be automated.

If cookies are disabled for our website, it may not be possible to fully use all of the features of the website.

 

VI. Newsletter


1. Description of the Nature and Scope of Data Processing

Our website offers the option of subscribing to a newsletter free of charge. During the process of registration for the newsletter, the data from the input window is transmitted to us and stored.

  1. The given user name
  2. The given email address
  3. The selected email format (HTML or TEXT)
  4. The registration for the Newsletter
  5. IP Address of the hosted PC
  6. Date and time of the registration

During the registration procedure, your consent is obtained for data processing and reference is made to this privacy policy.

No information is passed on to third parties in the context of data processing for the sending of the newsletter.

The data is used exclusively for sending the newsletter.


2. Legal Basis for Data Processing

The legal basis for the processing of your data following registration for the newsletter, subject to your consent, is Art. 6 Para. 1 lit. a of the GDPR.


3. Purpose of Data Processing

Recording the user’s email address allows us to deliver the newsletter.

The collection of other personal data as part of the registration procedure serves to prevent misuse of the services or the email address used.


4. Duration of Storage

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. Accordingly, your email address is stored for as long as the newsletter subscription is active.


5. Withdrawal and Removal Option

You can cancel your subscription to the newsletter at any time and withdraw your consent to receive the newsletter. For this purpose, the newsletter can be canceled either by the provided link in the newsletter.

Herewith you also withdraw your consent to the storage of personalized data.

 

VII. Registration


1. Description and scope of Data Processing

During the registration processing the following data is also stored:

  1. host name of the accessing computer (IP address
  2. Date and time of the registration
  3. User Name
  4. User email address
  5. User defined email format (HTML or TEXT)
  6. User registration to Newsletter
  7. Status of consent through the User
  8. Status of Opt-in through the User

During the registration procedure, your consent is obtained for data processing.


2. Legal Basis for Data Processing

The legal basis for the use of data processing, subject to the user consent, is Art. 6 Para. 1 lit. a of the GDPR.


3. Purpose of Data Processing

The registration of the user on our website is necessary for the transmission of the newsletter.


4. Duration of Storage

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection.

This is the case for the data collected during the registration process when the registration on our website is canceled or modified.


5. Withdrawal and Removal Option

As user you can cancel your registration at any time and you can modify the user storage data at any time.

 

VIII. Making Electronic Contact


1. Description and scope of data processing

You have the option of initiating electronic contact with us through the contact form.

When electronic contact is made with us via the contact form, the data entered into the input window is transmitted to us and stored.

Mandatory information transmitted to us is:

personal data, such as your first and last name and your email address as well as your consent to the privacy policy.

At the time, sofar optional data are opt-in, data out of window: I’m interessed in, clinic/firm, position, Titel, First Name, Lastname, Street, City Code, City, Country, Phone, Please send me information about, Please send the information via, Your message/comment, register our newsletter.
 

At the time the message is sent, the following data is also stored:

  1. IP-Adresse
  2. Date and Time
  3. Domain name
  4. Page name
  5. Operating system
  6. Browser

During the sending procedure, your consent is obtained for data processing and reference is made to this privacy policy.

Alternatively, making contact electronically is possible via the email address provided. In this case, only the personal data transmitted in your email is stored.

In this context, no data is passed along to third parties. The data is used exclusively for processing the conversation.


2. Legal basis for Data Processing

The legal basis for the use of data processing, subject to the user consent, is Art. 6 Para. 1 lit. a of the GDPR.

The legal basis for the processing of data that is transmitted as a result of sending an email is Art. 6 Para. 1 lit. f of the GDPR. If the email contact is intended to conclude a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b of the GDPR.


3. Purpose of Data Processing

The processing of personal data from the input window of the contact form solely helps us to process the contact. Making contact via email also constitutes the necessary legitimate interest to process the data.

The other personal data processed during the sending procedure serves to prevent the misuse of the contact form and to safeguard the security of our information technology systems.


4. Duration of Storage

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection.  For the personal data from the input window of the contact form and the data that was sent by email, this is the case if the respective conversation with the user has ended. The conversation has ended when circumstances indicate that the relevant matter has been conclusively clarified.

The additional personal data collected during the sending procedure is deleted after no later than seven days.


5. Withdrawal and Opt out Option

As a user, you have the option to withdraw your consent to the processing of personal data at any time.  You can address your withdrawal to us or our data protection officer informally in writing or verbally. If you contact us by e-mail, you may object to the storage of your personal data at any time.

Upon withdrawal or opting out, the conversation cannot be continued. In this case, all personal data that was stored as a result of making contact is deleted.

 

IX. Web analysis throughMatomo


1. Scope of Data Processing

Our website uses the Open-Source-Software-Tool Matomo (formely PIWIK) to enable an analyse of your use of the website. The Software uses files called cookies, text files that are stored on your computer (cf. Para. on Cookies). Whenever you access our website, following information will be stored:

  1. Two Bytes of the operating system used (IP-Adresse)
  2. The viewed page
  3. Referrer URL (the previously visited page)
  4. The subpages that are called from the called web page
  5. aufgerufenen Webseite aus aufgerufen werden
  6. duration of the page visit
  7. The frequency of calling the website

The Software runs exclusively on the servers of our website. User data are stored only on this Server. The Data are not transmitted to third parties. The IP addresses are not completely stored but 2 bytes of the IP address are masked (eg 192.168.xxx.xxx).

In this way, an assignment of the shortened IP address to the calling computer is no longer possible.


2. Legal Basis for Data Processing

The legal basis for the use of analyses software is Art. 6 Para. 1 lit. f of the GDPR.


3. Purpose of Data Processing

The analyse of the user data processing enables us to analyse your surfing behavior.

By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. The compiled statistics enable us to improve our services and design them to be more interesting for you as a user. An additional purpose is our legitimate interest in the processing of personal data according to Art. 6 Para. 1 lit. f of the GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data.


4. Duration of Data Processing

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection.  In our case are the data automatically deleted after 180 Days.


5. Withdrawal and Opt out Option

Cookies are stored on the user’s computer and transmitted from it to our site. As a user, you have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that are already stored can be deleted at any time. This can also be automated. If cookies are disabled for our website, it may not be possible to fully use all of the features of the website.

We offer our users the option of opting out of the analysis process on our website. For this you must follow the link on the pages Imprint or Privacy. In this way, another cookie is set on your system, which signals our system not to save the data of the user. If the user deletes the corresponding cookie in the meantime from his own system, he must set the opt-out cookie again. You can find more detailed information about the privacy settings under the following link: https://matomo.org/docs/privacy/.

 

X. Rights of the Data Subject

The following list includes all rights of the persons concerned according to the GDPR. Rights that have no relevance for the own website don’t need to be mentioned. In that regard, the listing can be shortened.

If we process your personal data, you are a data subject as defined by the GDPR, and you are entitled to the following rights from us as the controller:


1. Right to Information

You can require that we as the controller confirm whether we have processed personal data concerning you.

If such processing has been done, you can require us to provide the following information:

  1. the purposes for which the personal data is being processed;
  2. the categories of personal data that are being processed;
  3. the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will yet be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if specific information is not possible regarding this, the criteria for setting the duration of storage.
  5. the existence of a right to correction or deletion of the personal data concerning you, a right to restrict the processing by the controller or a right to opt out from this processing;
  6. the existence of a right to file a complaint with the regulatory authority;
  7. all available information about the origin of the data if the personal data has not been collected from the data subject;
  8. the existence of an automated decision-making process, including profiling according to Art. 22 Para. 1 and 4 of the GDPR and – at least in these cases – meaningful information about the logic involved as well as the import and intended impact of such processing for the data subject.

You have the right to request information about whether the personal data concerning you has been transmitted to a third country or an international organization. You can request to be informed about the appropriate guarantees according to Art. 46 of the GDPR in connection with the transmission.


2. Right to Correction

You have a right to have us as the controller correct and/or complete the data if the personal data concerning you that has been processed is incorrect or incomplete. We will make the correction immediately.


3. Right to Restrict Processing

Under the following conditions you can request that the processing of the personal data concerning you be restricted:

  1. if you contest the correctness of the personal data regarding you for a period that enables the controller to review the correctness of the personal data;
  2. the processing is unlawful, and you decline the deletion of the personal data and instead request that the use of personal data be restricted;
  3. the controller no longer requires the personal data for the purpose of processing, but you need it in order to assert, exercise, or defend legal claims, or
  4. if you have opted out of the processing according to Art. 21 Para. 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data may – aside from its storage – be processed only with your consent or for the assertion, exercise, or defense of legal claims or to protect the rights of another individual or legal person, or for reasons of a vital public interest of the European Union or a member state.
If processing has been restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.


4. Right to Deletion

a) Deletion Obligation

You can require us as the controller to delete the personal data concerning you, and we are obligated to delete this data immediately if one of the following reasons applies:

  1. Die The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent, on which the processing according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a of the GDPR was based, and there is no other legal basis for the processing.
  3. You opt out of the processing according to Art. 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you opt out of processing according to Art. 21 Para. 2 of the GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The controller is required to delete personal data concerning you in order to fulfill a legal obligation under European Union law or the law of the member states that applies to them.
  6. The personal data concerning you was collected with regard to the services offered by an information society according to Art. 8 Para. 1 of the GDPR.
b) Information to Third Parties

If we have made the personal data that concerns you public, we are obligated to delete it according to Art. 17 Para. 1 of the GDPR. Furthermore, taking into account available technology and implementation costs, we take appropriate measures, including of a technical nature, to inform the persons responsible for data processing and who process personal data that you as the data subject have requested that they delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist as long as processing is required.

  1. to exercise the right to freedom of speech and information;
  2. to fulfill a legal obligation, which requires the processing of data under European Union law or the law of the member states that applies to the controller, or to fulfill a responsibility that is in the public interest or in the exercise of public authority that has been vested in the controller.
  3. for public interest reasons in the area of public health according to Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 of the GDPR;
  4. for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 Para. 1 of the GDPR as long as the right specified under section a) presumably makes impossible or seriously impairs the realization of the goals of this processing, or
  5. for the assertion, exercise, or defense of legal claims.


5. Right to Notification

If you have asserted the right to correction, deletion, or restriction of processing against us as the controller, we are obligated to notify all recipients to whom the personal data concerning you was made public, about this correction or deletion of the data or restriction of processing unless this turns out to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by us.


6. Right to Data Portability

You have the right to receive the personal data concerning you that you have made available to us as the controller in a structured, standard, and machine-readable format. You also have the right to transmit this data to another controller, to whom the personal data was made available, without our interference, as long as

  1. the processing is based on consent granted according to Art. 6 Para. 1 lit. a of the GDPR or Art. 9 Para. 2 lit. a of the GDPR or an agreement according to Art. 6 Para. 1 lit. b of the GDPR and
  2. the processing is done using automation.

In exercising this right, you have the right in turn to cause the personal data concerning you to be directly transmitted from one controller to another controller as long as this is technically feasible. This must not impair the freedoms or rights of other persons.

The right to data portability does not apply to the processing of personal data that is required to fulfill a responsibility that is in the public interest or in the exercise of public authority that has been vested in the controller.


7. Right to Opt Out

You have the right, for reasons that arise from your particular situation, to opt out at any time from the processing of personal data concerning you resulting from Art. 6 Para. 1 lit. e or f of the GDPR; this also applies to any profiling based on these regulations.

The controller will no longer process the personal data concerning you unless it can provide compelling and legitimate reasons for the processing that outweigh your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims.

If personal data concerning you is processed in order to conduct direct advertising, you have the right to opt out from the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies to profiling to the extent that it is associated with such direct advertising.

If you opt out of the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the option, in connection with the use of services of an information society – regardless of Directive 2002/58/EU – to exercise your opt-out right by means of automated processes in which technical specifications are used.


8. Right to Withdrawal of Data Privacy Consent

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of processing until withdrawal as previously consented.


9. Automated Decision in an Individual Case, Including Profiling

You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – that has legal repercussions for you or significantly harms you in a similar manner. This does not apply if the decision

  1. für den Abschluss o is required for the conclusion or fulfillment of an agreement between you and the controller,
  2. is permitted under legal provisions of the European Union or member states that apply to the controller and these legal provisions include appropriate measures to preserve your rights and freedoms as well as your legitimate interests, or
  3. is made with your express consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 Para. 1 of the GDPR, as long as Art. 9 Para. 2 lit. a or g of the GDPR does not apply and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

Regarding the exceptional cases cited in (1) and (3), the controller takes appropriate measures to preserve your rights, freedoms, and legitimate interests, including at least the right to cause the intervention of a person on the part of the controller, to present one’s own point of view, and to contest the decision.


10. Right to File a Complaint with a Regulatory Authority

Regardless of any other administrative or legal remedy, you have the right to file a complaint with a regulatory authority, particularly in the member state of your place of residence, your place of employment, or the place of the alleged violation, if you believe that the processing of the personal data concerning you violates the GDPR.

The regulatory authority to which the complaint is submitted informs the complainant about the status and results of the complaint, including the possibility of a legal remedy according to Art. 78 of the GDPR.

Print Email