We will inform you below in accordance with the legal requirements of data protection law (in particular BDSG nF and the European General Data Protection Regulation 'GDPR') about the type, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. Regarding the definition of terms such as “personal data” or “processing”, we refer to Art. 4 GDPR.

Name and contact details of the person responsible
Our responsible party (hereinafter “responsible person”) within the meaning of Art. 4 No. 7 GDPR is:

STMS Swiss Trading Medical Supplies GmbH
Bodanstrasse 19
8280 Kreuzlingen Switzerland
Managing Director Sylvia Giele
Commercial register/No.: CHE-478.674.758
Email address: s.giele@mutterkindwohl.ch

Types of data, purposes of processing and categories of data subjects

Below we will inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process
Usage data (access times, websites visited, etc.), contact data (telephone number, email, fax, etc.), communication data (IP address, etc.),

2. Purposes of processing according to Art. 13 Para. 1 c) GDPR
Optimize the website technically and economically, enable easy access to the website, optimize and statistically evaluate our services, improve user experience, make the website user-friendly, create statistics, avoid SPAM and misuse, process contact requests, provide websites with functions and content, security measures, Uninterrupted, secure operation of our website,

3. Categories of data subjects according to Art. 13 Para. 1 e) GDPR
Visitors/users of the website, interested parties,

The affected persons are collectively referred to as “users”.


Legal basis for processing personal data

Below we inform you about the legal basis for processing personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 Paragraph 1 Sentence 1 Letter a) GDPR is the legal basis.
  2. If the processing is necessary to fulfill a contract or to carry out pre-contractual measures at your request, Art. 6 Para. 1 Sentence 1 Letter b) GDPR is the legal basis.
  3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention obligations), Art. 6 Para. 1 Sentence 1 Letter c) GDPR is the legal basis.
  4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Paragraph 1 Sentence 1 Letter d) GDPR is the legal basis.
  5. If the processing is necessary to protect our or a third party's legitimate interests and your interests or fundamental rights and freedoms do not outweigh this, Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR is the legal basis.

Transfer of personal data to third parties and processors

As a general rule, we do not pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal bases, for example when transferring data to online payment providers to fulfill the contract or due to a court order or due to a legal obligation to release the data for the purpose of criminal prosecution or to avert danger or to enforce intellectual property rights.
We also use contract processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processor as part of an order processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations in accordance with the new version of the BDSG and the GDPR


Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore primarily be processed by companies to which GDPR applies. If the processing takes place by third-party services outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that the processing takes place on the basis of special guarantees, such as the determination of a data protection level that corresponds to the EU officially recognized by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, meets these requirements.


Deletion of data and storage period

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, unless further storage is necessary for evidentiary purposes or this conflicts with statutory retention obligations. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 Paragraph 1 of the German Commercial Code (6 years) and tax law retention obligations for receipts in accordance with Section 147 Paragraph 1 AO (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary to conclude a contract or to fulfill the contract.


Existence of automated decision making

We do not use automatic decision-making or profiling.


Provision of our website and creation of log files
  1. If you only use our website for information purposes (i.e. no registration or any other transmission of information), we only collect the personal data that your browser transmits to our server. If you choose to view our website, we collect the following information: • IP address;
    • User's Internet service provider;
    • Date and time of retrieval;
    • Browser type;
    • Language and browser version;
    • Content of the retrieval;
    • time zone;
    • Access status/HTTP status code;
    • Amount of data;
    • Websites from which the request comes;
    • Operating system.
    This data will not be stored together with your other personal data.

  2. This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner with functions and content as well as its optimization and statistical evaluation.

  3. The legal basis for this is our legitimate interest in data processing for the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

  4. For security reasons, we store this data in server log files for a storage period of 14 days. After this period has expired, they will be automatically deleted unless we need them to be retained for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Cookies
  1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser places and saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained in this way serves the purpose of technically and economically optimizing our web offerings and enabling you to access our website more easily and securely. When you access our website, we will inform you by referring to our data protection declaration about the use of cookies for the aforementioned purposes and how you can object to them or prevent them from being stored (“opt-out”). Our website uses session cookies, persistent cookies and third-party cookies:

    • Session cookies: We use so-called cookies to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and to give you easier access to our site. When you close the browser or log out, the session cookies are deleted.

    • Persistent cookies: These are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings.

    • Third-party cookies: According to your wishes, you can configure your browser settings and e.g. B. Decline to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all of the functions of this website. Read more about these cookies in the respective data protection declarations of the third-party providers.

  2. The legal basis for this processing is Art. 6 Paragraph 1 Sentence b) GDPR, if the cookies are set to initiate a contract, for example when placing orders, and otherwise we have a legitimate interest in the effective functionality of the website, so that in this case Art 6 Paragraph 1 Sentence 1 Letter f) GDPR is the legal basis.

  3. Objection and “opt-out”: You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can opt out of the use of third-party cookies for advertising purposes via a so-called “opt-out” via this American website ( https://optout.aboutads.info ) or this European website ( http://www.youronlinechoices.com/de /preference management/ ).

Contact us via contact form / email / fax / post
  1. When you contact us via contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.

  2. The legal basis for processing the data, if you have given your consent, is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or email, letter or fax is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. The person responsible has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to be able to fulfill his legal retention obligations for business letters. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.

  3. We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a comparable system.

  4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with you has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us for a period of two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of the commercial law (6 years) and tax law (10 years) retention obligation.

  5. You have the option at any time to revoke your consent to the processing of personal data in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.


Facebook Custom Audiences
  1. On our website we use the remarketing function “Custom Audiences” from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook has submitted to the Privacy Shield Agreement ( https://www.privacyshield.gov/EU-US-Framework ).

  2. If you visit the social network Facebook or other websites that use this remarketing function, you may be shown interest-based advertisements (“Facebook Ads”). We use the remarketing function to optimize and operate our website economically and, if possible, to show you advertising that interests you and thus make our website more user-friendly.

  3. When you access our website, your browser establishes a connection to the Facebook servers. We have no knowledge of exactly which data is transferred to Facebook. However, Facebook receives the information that you have viewed or clicked on a corresponding ad. If you are logged in to Facebook, Facebook can assign this information to your account.

  4. The legal basis for this is our legitimate interest in data processing for the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

  5. Regarding processing by Facebook, please read Facebook's privacy policy at https://www.facebook.com/policy.php . You can find specific information and details about the Facebook Pixel and how it works in the Facebook help section:
    https://www.facebook.com/business/help/651294705016616 .

  6. Deactivating the “Facebook Custom Audiences” function is possible for non-logged in users here [__enter the Facebook Pixel Opt-Out link of your website__] and for logged in users under this link: https://www.facebook.com/settings/?tab =ads# .

  7. Further information on data processing by Facebook can be found athttps://www.facebook.com/about/privacy .


Google Analytics
  1. We have integrated the website analysis tool “Google Analytics” (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

  2. When you visit our website, Google places a cookie on your computer in order to be able to analyze your use of our website. The data obtained is transferred to the USA and stored there. If personal data is transferred to the USA, Google's certification in accordance with the Privacy Shield Agreement ( https://www.privacyshield.gov/EU-US-Framework ) guarantees that European data protection law is being complied with.

  3. We have activated the IP anonymization “anonymizeIP”, which means that the IP addresses are only processed in abbreviated form. On this website, your IP address will therefore be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the person responsible. We have also activated cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The use of Google Analytics serves the purpose of analyzing, optimizing and improving our website.

  4. The legal basis for this is our legitimate interest in data processing for the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

  5. The data we send and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 1 month. The deletion of data whose retention period has been reached occurs automatically once a month.

  6. Further information on data usage with Google Analytics can be found here: https://www.google.com/analytics/terms/de.html (Analytics Terms of Use), https://support.google.com/analytics/answer/6004245? hl=de (Notes on data protection for Analytics) and Google's data protection declaration https://policies.google.com/privacy .

  7. Objection and “opt-out”: You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by downloading and installing the browser plug-in available under the following link: http:/ /tools.google.com/dlpage/gaoptout?hl=de

  8. As an alternative to the browser plug-in above, you can prevent Google Analytics from collecting data by clicking [__please__insert the Analytics opt-out link on your website here] . By clicking, an “opt-out” cookie is set, which prevents the collection of your data when you visit this website in the future. This cookie only applies to our website and your current browser and only lasts until you delete your cookies. In this case you would have to set the cookie again.

  9. You can deactivate cross-device user analysis in your Google account under “My data > personal data”.


YouTube videos
  1. We have integrated YouTube videos from youtube.com on our website using the embedded function so that they can be accessed directly on our website. YouTube belongs to Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the videos in the so-called “extended data protection mode” without using cookies to record usage behavior in order to personalize video playback. Instead, video recommendations are based on the currently playing video. Videos that are played in an embedded player in extended data protection mode do not affect which videos are recommended to you on YouTube. When you start a video (click on the video), YouTube receives the information that you have accessed the corresponding subpage of our website . The data obtained is transferred to the USA and stored there. This also happens without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research or optimizing its websites.

  2. The legal basis for this is our legitimate interest in data processing for the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

  3. You have the right to object to the creation of user profiles by Google. Please contact Google directly via the data protection declaration mentioned below. You can opt out of advertising cookies here in your Google account:
    https://adssettings.google.com/authenticated .

  4. You can find further information about the use of Google cookies in YouTube's Terms of Use at https://www.youtube.com/t/terms and in Google's advertising privacy policy at https://policies.google.com/technologies/ads and their advertising technologies, storage period, anonymization, location data, functionality and your rights. General data protection declaration from Google: https://policies.google.com/privacy .

  5. Google is certified according to the EU-US Privacy Shield ( https://www.privacyshield.gov/EU-US-Framework ) and is therefore obliged to comply with European data protection law.


Social media presence
  1. We maintain profiles or fan pages on social media in order to communicate with the users connected and registered there and to provide information about our products, offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection. When you use and access our profile in the respective network, the respective data protection information and terms of use of the respective network apply.

  2. We process the data that you send to us via these networks in order to communicate with you and to respond to your messages there.

  3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external representation for advertising purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. If you have given the person responsible for the social network your consent to the processing of your personal data, the legal basis is Article 6 Paragraph 1 Sentence 1 Letter a) and Article 7 GDPR.

  4. The data protection information, information options and objection options (opt-out) of the respective networks can be found here:

    Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Data protection declaration: https://www.facebook.com/about/privacy/ , Opt-Out: https://www.facebook .com/settings?tab=ads and http://www.youronlinechoices.com , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .

    Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/Opt-Out: http://instagram.com/about/legal/privacy/ .


Social media plugins
  1. We use social media plug-ins from social networks on our website. We use the so-called “two-click solution” Shariff from c't or heise.de. When you access our website , no personal data is transmitted to the plug-in providers. Next to the logo or brand of the social network, you will find a control that allows you to activate the plug-in with a click. After activation, the provider of the social network receives the information that you have accessed our website and your personal data will be transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. With some providers such as Facebook and XING, your IP is immediately anonymized after collection.

  2. The plug-in provider stores the data collected about the user as usage profiles. These are used for advertising, market research and/or needs-based design of your website. Such an evaluation is carried out in particular (also for users who are not logged in) to display tailored advertising and to inform other users of the social network about the user's activities on our website. The user has the right to object to the creation of these user profiles; in order to exercise this right, they must contact the respective plug-in provider.

  3. The legal basis for the use of the plug-ins is our legitimate interest in improving and optimizing our website by increasing our awareness via social networks as well as the possibility of interacting with you and users with each other via social networks in accordance with Article 6 Paragraph 1 Sentence. 1 lit. f) GDPR.

  4. We have no influence on the data collected and data processing operations. We also have no knowledge of the scope of data collection, the purpose of processing or the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.

  5. Regarding the purpose and scope of data collection and processing, we refer to the respective data protection declarations of the social networks. You will also find information about your rights and setting options to protect your personal data.

Instagram
  1. We have integrated plug-ins from the social network Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA, 94025, USA) on our website as part of Shariff's so-called “two-click solution”. You can recognize this by the Instagram logo in the shape of a square camera.

  2. If you deliberately activate the plug-in, a connection will be established from your browser to Instagram's servers. Instagram receives the information, including your IP address, that you have visited our site and transfers the information to Instagram servers in the USA, where this information is stored. If you are logged into your Instagram account, Instagram can assign this information to your account and you can click on the Instagram button to share and save the content of our pages on your Instagram account and, if necessary, show it to your friends there. We have no knowledge of the exact content of the transmitted data, how it is used and how long it is stored by Instagram.

  3. If you log out of Instagram before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Instagram when the plug-in is activated.

  4. You can find further information in Instagram's privacy policy at https://help.instagram.com/519522125107875 and about the privacy settings here: https://help.instagram.com/196883487377501 .


Rights of the data subject
  1. Objection or revocation against the processing of your data

    If the processing is based on your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a), Article 7 GDPR, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out based on consent until its revocation.

    If we base the processing of your personal data on the balancing of interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the situation and will either stop or adjust data processing or show you our compelling legitimate reasons on the basis of which we continue processing.

    You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us about your objection to advertising using the following contact details:

    STMS Swiss Trading Medical Supplies
    Bodanstrasse 19
    8280 Kreuzlingen Switzerland
    Managing Directors Sylvia Giele & Claudio Benedetti
    Commercial register/No.: CHE-478.674.758
    Email address: sgstms@bluewin.ch, cbstms@bluewin.ch
  2. Right to information
    You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it was not collected directly from you.

  3. Right to rectification
    You have the right to correct incorrect data or to complete correct data in accordance with Art. 16 GDPR.

  4. Right to deletion
    You have the right to delete your data stored by us in accordance with Art. 17 GDPR, unless statutory or contractual retention periods or other legal obligations or rights to further storage conflict with this.

  5. Right to restriction
    You have the right to request a restriction in the processing of your personal data if one of the requirements in Article 18 Paragraph 1 Letters a) to d) GDPR is met:
    • If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

    • the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;

    • the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

    • if you have lodged an objection to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

  6. Right to data portability
    You have a right to data portability in accordance with Art. 20 GDPR, which means that you can receive the personal data we store about you in a structured, common and machine-readable format or request that it be transmitted to another person responsible.

  7. Right to complain
    You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in particular in the Member State of your place of residence, your place of work or the place of the alleged violation.


Data security

In order to protect all personal data that is transmitted to us and to ensure that data protection regulations are complied with by us and our external service providers, we have taken appropriate technical and organizational security measures. That's why, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.



As of: June 14, 2019

Source: Sample data protection declaration from JuraForum.de