How we
protect your data

Data protection

 

Privacy information for the use of the website

The following notices and information are intended to provide users of the mdc website with an overview of how personal data is processed, which personal data is processed, who is responsible for the processing and what rights exist under current legislation.

Personal data is any data that can be used to identify a person. Examples include your name, your contact details and, under certain circumstances, your IP address.
The rules for the processing of personal data are set out in the EU General Data Protection Regulation (GDPR). In addition, the Federal Data Protection Act (BDSG) and the respective state data protection laws, in our case the LDSG Baden-Württemberg, as amended, must be observed.

We process personal data when you contact us by letter, fax or e-mail, when you visit our website, when you request information material, when you register for an event or when you subscribe to our newsletter. The data protection information for the processing of your personal data in the event of your application to our company is described in a separate document “Data protection information for applicants”. If you request an offer as an interested party, we will also process your personal data. This data protection information can be found in the separate document “Data protection information for customers and interested parties”.

The following data protection information relates to the use of our website.

Table of contents

1. Controller for the processing of personal data pursuant to Art. 4, para. 7 GDPR

2. Data Protecting Officer

3. Data processing when accessing the website

4. Web analysis and use of cookies

4.1 Cookie consent / Consent

4.2 Information about the provider etracker

5. Transmission and disclosure of data to third parties and profiling

6. Transfer of data to a third country outside the EU

7. Third-party services embedded on the website

8. Security when using the website

9. Hosting the website

10. Data processing when contacting us by e-mail

11. Data processing when contacting us via the contact form for the purpose of booking a seminar and subscribing to the newsletter for seminars on the website

12. Your rights regarding the processing of your personal data

13. Responsible data protection supervisory authority

1. Controller for the processing of personal data pursuant to Art. 4, para. 7 GDPR

Postal address:

mdc medical device certification GmbH
Management
Kriegerstr. 6
70191 Stuttgart
Germany

E-Mail: mdc@mdc-ce.de

2. Data Protection Officer

We employ an internal data protection and data security officer. If you have any questions regarding the protection of personal data, please use the following e-mail address:

Postal address:

mdc medical device certification GmbH
Data protection and data security officer
Kriegerstr. 6
70191 Stuttgart
Germany

E-mail: datenschutz@mdc-ce.de

3. Data processing when accessing the website

When you access our website to obtain information and content, only the data that the browser you are using transmits to our IT systems is collected. The following data, which is technically necessary to ensure the stable and secure operation of the website, is collected on the legal basis of GDPR Art. 6, para. 1 lit. f:

• IP address
• Date and time the page was accessed
• Country and the time zone difference to GMT (Greenwich Mean Time)
• Content of the page view (specific page that was viewed)
• Access status/http status code
• the amount of data transferred in each case
• If applicable, the website from which the request originated
• The browser used
• The operating system and the interface used
• Language and version of the browser software used

In addition to the aforementioned data, only technically necessary cookies (so-called session cookies) are used and stored on your system when you use our website. These cookies are small text files which, however, do not transmit viruses to your system or execute programs. They are used exclusively to make the website effective and user-friendly.

Transient cookies are transmitted, which are deleted immediately when you close your browser. Persistent cookies are also transmitted, which are automatically deleted after a specified period. In your browser settings, you have the option of making settings regarding how your browser handles cookies, when they are deleted and whether, for example, cookies from third-party providers (third-party cookies) are generally rejected.

4. Web analysis and use of cookies

For web analysis, i.e. the analysis of usage data, we use the services of etracker GmbH, based in Hamburg, Germany ( www.etracker.com/en/ ). In contrast to the web analysis services of other providers, no cookies are transmitted by default. If it is necessary to use analysis and optimization cookies, this will only be done with your explicit consent in advance. If this is the case, cookies are used for the following purposes:

• Statistical reach analysis of this website
• Measuring the success of our online marketing campaigns
• For testing purposes, e.g. to test and optimize different versions of our online offering or its components

4.1 Cookie consent / Consent

In our privacy policy, we would like to inform you that we use etracker as a Consent Management Platform (CMP). This platform is essential for managing and documenting your consents regarding the use of cookies and the associated data transfers on our website. etracker enables us to securely record, store and process your data protection preferences. By using etracker, we ensure that all data collection and transfer only takes place with your express consent and therefore complies with legal requirements. Your consent is logged precisely to ensure transparency and traceability

4.2 Information about the provider etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany ( https://www.etracker.com/en/ ) to analyze usage data. We do not use cookies for web analysis by default. If we use analysis and optimization cookies, we will obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, to measure the success of our online marketing measures and test procedures, e.g. to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user’s end device. etracker cookies do not contain any information that enables a user to be identified. The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the data protection seal of approval in this respect. ePrivacyseal seal of approval. Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offer and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, merging with other data or disclosure to third parties takes place. You can object to the data processing described above at any time. The objection has no negative consequences. Further information on data protection at etracker can be found here.

5. Transmission and disclosure of data to third parties and profiling

Your personal data will not be used for other purposes, merged with other data (profiling) or passed on to third parties.

6. Transfer of data to a third country outside the EU

We do not pass on any data to bodies in a third country outside the EU. Please note that when using the embedded services of third-party providers, data may also be forwarded to a third country. Please refer to the data protection notices of the respective providers.

7. Third-party services embedded on the website

The following third-party services can be accessed via our website:

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data in Google’s privacy policy:
https://www.google.de/intl/de/policies/privacy/ .

Provider of social media platforms:

facebook Ireland Ltd.
4 Grand Canal Square Grand Canal Harbour
Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy

Instagram
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
Privacy policy: https://help.instagram.com/519522125107875/?helpref=hc_fnav

LinkedIn Corporation
2029 Stierlin Court
Mountain View
CA 94043, USA
Privacy policy: https://de.linkedin.com/legal/privacy-policy

XING
New Work SE
Gänsemarkt 43
20354 Hamburg
Deutschland
Privacy policy: https://privacy.xing.com/en/privacy-policy

Kununu
New Work SE
Am Strandkai 1
20457 Hamburg
Deutschland
Privacy policy: https://privacy.xing.com/en/privacy-policy

We provide information about our company on the platforms of the aforementioned providers for the purpose of external presentation.

The legal basis for the processing of your personal data is the legitimate interest of the controller pursuant to Art. 6 (1), f. GDPR.

The data is processed exclusively by the named providers.

We would like to point out that you use these pages on the respective platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating, etc.). Alternatively, you can also access the information offered via this page on our website at www.mdc-ce.de/en/.

When you visit our pages on the specified platforms, the providers process your IP address and other information that is stored on your end device in the form of cookies, among other things. This information is used to provide us, as the operator of the pages, with statistical information in anonymized form about the use of the respective page.

You can find more detailed information from the respective providers under the following links:

Facebook: http://de-de.facebook.com/help/pages/insights (registration required)
Instagram: https://de-de.facebook.com/business/help/441651653251838?id=419087378825961 (registration required)
Xing: https://privacy.xing.com/en/privacy-policy
Kununu: https://privacy.xing.com/en/privacy-policy 
LinkedIn: https://de.linkedin.com/legal/privacy-policy

The data collected about you in this context is processed by the aforementioned providers. processed and, if necessary, transferred to countries outside the European Union. What information the providers process and how it is used is described by the providers in general terms in their data usage guidelines. There you will also find information about contact options and the settings options for advertisements and your privacy.

In what way the aforementioned providers use the data from the visit to the pages for their own purposes, to what extent activities on the provider pages are assigned to individual users, how long the providers store this data and whether data from a visit to the provider pages is passed on to third parties is in some cases not conclusively and clearly stated by the providers and is not known to us.

When you access a page of the aforementioned providers, the IP address assigned to your end device is transmitted to the providers. The providers state that this IP address is anonymized. All providers also store information about the end devices of their users (e.g. as part of the “login notification” function); this may enable the providers to assign IP addresses to individual users.

If you as a user are currently logged in to one of these providers, a cookie with your respective provider ID is stored on your device. This enables the providers to track that you have visited this page and how you have used it. Buttons integrated into websites enable the providers to record your visits to these websites and assign them to your respective user profile. This data can be used to tailor content or advertising to you.

If you wish to avoid this, you should log out of the respective provider pages after each use (also from the respective apps) or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, information that can be used to directly identify you will be deleted. This allows you to use our company website without revealing your provider ID. If you access interactive functions on the site (like, comment, share, messages, etc.), a login screen will appear. Once you have logged in, you will once again be recognizable to the respective provider as a specific user.

Information on managing your privacy settings can be found on the websites of the respective providers mentioned.

As the provider of the information service, we do not collect or process any other data from your use of the service provided on the providers’ websites.

8. Security when using the website

Our website, including all subpages, uses SSL or TLS encryption to ensure secure and encrypted transmission of data and to prevent unauthorized third parties from accessing transmitted data.

9. Hosting the website

The website is provided on systems from Hetzner, which we have rented as a dedicated server. This means that only permanent IT employees of mdc may access the data. There is no order processing in this case.
Hetzner secures its IT systems according to the state of the art. The servers are located in Germany and Finland. Further information about the service provider can be found on the following website: https://www.hetzner.com/de/

10. Data processing when contacting us by e-mail

If you contact us by e-mail, it is necessary for us to process personal data. These are the e-mail address and the IP address of the sender as well as the e-mail message itself and any attached files, which may contain personal data. The processing is carried out on the basis of our legitimate interest in communicating with you on the legal basis of GDPR Art. 6, para. 1 lit. f.

11. Data processing when contacting us via the contact form for the purpose of booking a seminar and subscribing to the newsletter for seminars on the website

If you contact us via the contact form provided on the website for the purpose of booking a seminar, in addition to your e-mail address and IP address, we process the other data provided there, such as your surname, first name, address, telephone number, fax number and company address in accordance with the statutory provisions. This data is collected and processed for the purpose of initiating, concluding, processing and reversing a purchase contract. The processing is carried out for the implementation of pre-contractual measures and subsequently for the fulfillment of a contract pursuant to Art. 6 para. 1 lit b GDPR.
We have commissioned a subcontractor for processing in this area. The product “brevo” from the company Sendinblue GmbH, Berlin, Germany is used for this purpose. To ensure that the transport and processing is carried out in accordance with data protection regulations, we have concluded an order processing contract with this company in which all relevant aspects are specified. For information about the company and its data protection information, please visit the following company website: https://www.brevo.com/

12. Your rights regarding the processing of your personal data

In accordance with the General Data Protection Regulation (Art. 15 – 21), you have the following rights:

• Right to object to the processing of personal data without giving reasons. You also have the right to withdraw any consent you have given.
• Right to information: You have the right to obtain information about which personal data is processed and how it is processed.
• Right to rectification: You have the right to have incomplete or inaccurate personal data completed or rectified.
• Right to erasure and restriction of processing: In accordance with and within the scope of the statutory provisions, you have the right to erasure or restriction of processing of your personal data.
• Right to data portability: You have the right to have personal data provided by you made available in a structured and commonly used format in accordance with the legal requirements and to have it transmitted to another controller on your instructions.
• Right to lodge a complaint: If you believe that the personal data provided is not being processed in accordance with the law, you have the right to lodge a complaint with the supervisory authority responsible for us.

13. Responsible data protection supervisory authority

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart

Postal address:
P.O. Box 10 29 32
70025 Stuttgart

Phone: +49 (0) 711 – 616641-0
E-Mail: poststelle@lfdi.bwl.de