Data protection information about our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).
We take data protection seriously and hereby inform you how we process your data and what claims and rights you are entitled to under data protection regulations. Valid from 25 May 2018.
1. body responsible for data processing and contact details
Responsible body within the meaning of data protection law
Life Systems Medizintechnik-Service GmbH
Phone: +49 2 161 – 4 66 60 24
Contact details of our data protection officer:
HEC Harald Eul Consulting GmbH
Data Protection Officer LifeSystems
Auf der Höhe 34
2. Purposes and legal basis on which we process your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. as part of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you can see on our website www.life-systems.de.
Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)
Personal data is processed for the fulfilment of our contracts with you and the execution of your orders as well as for the implementation of measures and activities in the context of pre-contractual relationships, e.g. with interested parties.In particular, the processing serves to provide further information and to contact you in accordance with your orders and requests and includes the necessary services, measures and activities.This essentially includes contract-related communication with you, the verifiability of transactions, orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general duties of care, control and monitoring by affiliated companies (e.g. parent company); Statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes; ensuring IT security (e.g. system and plausibility tests) and general security, including building and facility security, ensuring and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of the plausibility tests) and general security, including building and plant security, safeguarding and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, preventing and investigating criminal offences; monitoring by supervisory bodies or control instances (e.g. auditing).
Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
Beyond the actual fulfilment of the contract or pre-contract, we may process your data if it is necessary to protect our legitimate interests or those of third parties, in particular for the purposes of
- advertising or market and opinion research, provided you have not objected to the use of your data;
- the examination and optimisation of procedures for needs analysis;
- enriching our data, for example by using or researching publicly accessible data;
- statistical evaluations or market analyses;
- the assertion of legal claims and defence in legal disputes that are not directly attributable to the contractual relationship
- the limited storage of data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)
Your personal data may also be processed for certain purposes (e.g. use of your email address for marketing purposes) on the basis of your consent. As a rule, you can withdraw your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. You will be informed separately about the purposes and consequences of revoking or not granting consent in the corresponding text of the consent.In principle, the revocation of consent only takes effect for the future. Processing that took place before consent was withdrawn is not affected and remains lawful.
Purposes for the fulfilment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Like everyone involved in business, we are also subject to a large number of legal obligations.These are primarily legal requirements (e.g. commercial and tax laws), but may also include regulatory or other official requirements (e.g. RöV , etc.) The purposes of processing may includeidentity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and criminal offences that endanger assets, comparisons with European and international anti-terror lists, the fulfilment of control and reporting obligations under tax law and the archiving of data for the purposes of data protection and data security as well as audits by tax and other authorities.In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
3. Die von uns verarbeiteten Datenkategorien, soweit wir Daten nicht unmittelbar von Ihnen erhalten, und deren Herkunft
Soweit dies für die Erbringung unserer Dienstleistungen erforderlich ist, verarbeiten wir von anderen Unternehmen oder sonstigen Dritten (z. B. Auskunfteien, Adressverlage) zulässigerweise erhaltene personenbezogene Daten. Zudem verarbeiten wir personenbezogene Daten, die wir aus öffentlich zugänglichen Quellen (wie z.B. Telefonverzeichnisse, Handels- und Vereinsregister, Presse, Internet und andere Medien) zulässigerweise entnommen, erhalten oder erworben haben und verarbeiten dürfen.
Relevante personenbezogene Datenkategorien können insbesondere sein:
Personendaten (Name, Beruf/Branche und vergleichbare Daten)
Kontaktdaten (Adresse, E-Mail-Adresse, Telefonnummer und vergleichbare Daten)
Adressdaten (Meldedaten und vergleichbare Daten)
Daten über Ihre Nutzung der von uns angebotenen Telemedien (z.B. Zeitpunkt des Aufrufs unserer Webseiten, Apps oder Newsletter, angeklickte Seiten/Links von uns bzw. Einträge und vergleichbare Daten)
4. recipients or categories of recipients of your data
Within our company, those internal departments or organisational units receive your data that need it to fulfil our contractual and legal obligations or as part of the processing and implementation of our legitimate interest.Your data will not be passed on to external parties.
5. duration of the storage of your data
We process and store your data for the duration of our business relationship.This also includes the initiation of a contract (pre-contractual legal relationship) and the fulfilment of a contract.
In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods stipulated there are up to ten years after the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also apply.
If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it is regularly deleted, unless its – temporary – further processing is necessary for the fulfilment of the purposes listed in section 2.2 for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organisational measures.
6. Verarbeitung Ihrer Daten in einem Drittland oder durch eine internationale Organisation
Eine Datenübermittlung an Stellen in Staaten außerhalb der Europäischen Union (EU) bzw. des Europäischen Wirtschaftsraums (EWR) (sogenannte Drittländer) erfolgt dann, wenn es zur Ausführung eines Auftrages/Vertrags von bzw. mit Ihnen erforderlich sein sollte, es gesetzlich vorgeschrieben ist (z.B. steuerrechtliche Meldepflichten), es im Rahmen eines berechtigten Interesses von uns oder eines Dritten liegt oder Sie uns eine Einwilligung erteilt haben.
Dabei kann die Verarbeitung Ihrer Daten in einem Drittland auch im Zusammenhang mit der Einschaltung von Dienstleistern im Rahmen der Auftragsverarbeitung erfolgen. Soweit für das betreffende Land kein Beschluss der EU-Kommission über ein dort vorliegendes angemessenes Datenschutzniveau vorliegen sollte, gewährleisten wir nach den EU-Datenschutzvorgaben durch entsprechende Verträge, dass ihre Rechte und Freiheiten angemessen geschützt und garantiert werden. Entsprechende Detailinformationen stellen wir Ihnen auf Anfrage zur Verfügung.
Informationen zu den geeigneten oder angemessenen Garantien und zu der Möglichkeit, eine Kopie von Ihnen zu erhalten, können auf Anfrage beim betrieblichen Datenschutzbeauftragten angefordert werden.
7 Your data protection rights
Under certain conditions, you can assert your data protection rights against usFor example, you have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (possibly with restrictions in accordance with § 34 BDSG).
At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. statutory retention obligations or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g. for the defence of our rights and claims) do not conflict with this.
Taking into account the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.
Furthermore, you can object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right to object only applies if there are very special circumstances relating to your personal situation, whereby our company’s rights may conflict with your right to object.
You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party in accordance with the requirements of Art. 20 GDPR.
In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see section 2.3).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.
If possible, your requests to exercise your rights should be addressed in writing to the address given above or directly to our data protection officer.
8. scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or fulfil the contract. This may also relate to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.
Information about your right to object Art. 21 GDPR
You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation.This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct advertising.We will honour this objection for the future.We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
The objection can be made informally and should preferably be addressed to
Life Systems Medizintechnik-Service GmbH
Phone: +49 2 161 – 4 66 60 24