top of page

Contact details for all data subjects

Name and contact details of the data controller (Art. 13 para. 1a DSGVO)
MEDIRA GmbH

Ziegelwasen 4
D-72336 Balingen
Email: info@medira.com

Name and contact details of the data protection officer (Art. 13 para. 1b DSGVO)

Steffen Wacker
W-consults
Email: privacy@medira.com

What data of yours is processed by us? And for what purposes?

 

If we have received data from you, we will only process it for the purposes for which we received or collected it.


Data processing for other purposes will only be considered if the legal requirements necessary in this respect pursuant to Art. 6 (4) DSGVO exist.


In the following, we inform you about the purposes for which we process your data in particular.

Duty to inform website visitors

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Processing and handling of inquiries when using the contact form integrated into the website (Art. 6 para. 1 f DSGVO).

  • Technical operation of the website (Art. 6 para. 1 f DSGVO)

  • Optimization of the website offer by evaluating website usage data (Art. 6 para. 1 f DSGVO)

  • Interests of the responsible party when weighing interests (Art. 13 para. 1d DSGVO)

 

 

Assertion of legal claims and defense in the event of legal disputes

  • Ensuring IT security and the IT operation of the company

  • Prevention of criminal offences

  • Measures for business management and further development of services and products

  • Recipients or categories of recipients of the personal data (Art. 13 para. 1e DSGVO)

  • Software manufacturers of third-party components, advertising agency, affiliated companies, IT service providers.

 

Transfer to third countries (Art. 13 para. 1f DSGVO).
There may be a transfer of data to Switzerland to affiliated companies.

Storage period in accordance with legal retention obligations (Art. 13 para. 2a DSGVO).
As a rule, personal data will be deleted within ten years after termination of the contractual relationship or earlier if the purpose for storing the data no longer applies and there are no statutory retention obligations to the contrary.

Existence of a necessity to provide personal data (Art. 13 para. 2e DSGVO).
The collected data is necessary for the technical operation of the website and the processing of your inquiries.

Duty to inform customers

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Processing of customer inquiries and orders that are transmitted in person, by e-mail, telephone or other technical means of communication (Art. 6 para. 1b DSGVO)

  • Processing of complaints (Art. 6 para. 1c DSGVO)

  • Billing purposes (Art. 6 para. 1b DSGVO)

  • Implementation of marketing measures (Art. 6 para. 1a DSGVO)

  • Implementation and documentation of product training measures (Art. 6 para. 1a DSGVO & Art. 6 para. 1c DSGVO)

  • Informing customers in the event of a product recall (Art. 6 para. 1d DSGVO)

  • Fulfillment of legal obligations (Art. 6 para. 1c DSGVO)

  • Sending of information materials (Art. 6 para. 1b DSGVO)

  • Support of operational processes by service providers (Art. 28 DSGVO)

 

Interests of the controller in the event of a balance of interests (Art. 13 para. 1d DSGVO)

  • Assertion of legal claims and defense in legal disputes

  • Ensuring IT security and the IT operation of the company

  • Prevention of criminal offences

  • Measures for business management and further development of services and products

 

Recipients or categories of recipients of the personal data (Art. 13 para. 1e DSGVO)
Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, tax office, purchasing groups, consultants, affiliated companies

Transfer to third countries (Art. 13 para. 1f DSGVO)
There may be a transfer of data to Switzerland to affiliated companies.

Storage period according to legal storage obligations (Art. 13 para. 2a DSGVO)
All commercial or tax-relevant documents are stored for at least 10 years, under special circumstances due to other legal bases also for 18 years. E-mail correspondence is stored in our archiving system for at least 10 years, irrespective of its deletion from the respective mailbox.

Existence of a necessity to provide personal data (Art. 13 para. 2e DSGVO).
The collected data is necessary for the conclusion of the purchase contract or legal information purposes. Data for marketing purposes are provided voluntarily.

Information obligation for interested parties

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Establishment of contact and contact mediation by an affiliated company, a customer or a medical advisor on the basis of transmitted contact data (e.g. business card) (Art. 6 para. 1a DSGVO).

  • Processing of contact requests (Art. 6 para. 1f DSGVO)

  • Preparation of offers for interested parties (Art. 6 para. 1f DSGVO)

  • Conclusion of purchase or trade contracts (Art. 6 para. 1f DSGVO)

  • Fulfillment of legal obligations (Art. 6 para. 1c DSGVO)

 

Interests of the controller in the event of a balance of interests (Art. 13 para. 1d DSGVO)

  • Assertion of legal claims and defense in legal disputes

  • Ensuring IT security and the IT operation of the company

  • Prevention of criminal offences

  • Measures for business management and further development of services and products

 

Recipients or categories of recipients of the personal data (Art. 13 (1e) DSGVO)
IT service provider, affiliated companies

Transfer to third countries (Art. 13 para. 1f DSGVO).
There may be a transfer of data to Switzerland to affiliated companies.

Storage period in accordance with legal retention obligations (Art. 13 para. 2a DSGVO).
Personal data is usually deleted within ten years or earlier if the purpose of the processing no longer applies (e.g. if a prospective customer does not become a customer) or if the data subject so requests, provided that this does not conflict with any statutory retention obligations.

Existence of a necessity to provide personal data (Art. 13 para. 2 e DSGVO).

The collected data is necessary for the processing of inquiries from interested parties, for the preparation of offers, the conclusion of purchase or trade contracts or the implementation of business operations.

Duty to inform suppliers and service providers

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Purchase and processing of services and (Art. 6 para. 1f DSGVO).

  • Fulfillment of legal obligations (Art. 6 para. 1c DSGVO)

  • Sending of information materials (Art. 6 para. 1b DSGVO)

  • Support of operational processes by service providers (Art. 28 DSGVO)

 

Interests of the controller in the event of a balance of interests (Art. 13 para. 1d DSGVO)

  • Assertion of legal claims and defense in legal disputes

  • Ensuring IT security and the IT operation of the company

  • Prevention of criminal offences

  • Measures for business management and further development of services and products

 

Recipients or categories of recipients of the personal data (Art. 13 para. 1e DSGVO)
Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, purchasing groups, consultants, affiliated companies

Transfer to third countries (Art. 13 para. 1f DSGVO)
There may be a transfer of data to Switzerland to affiliated companies.

Storage period according to legal storage obligations (Art. 13 para. 2a DSGVO)
All commercial or tax-relevant documents are stored for at least 10 years, under special circumstances due to other legal bases also for 18 years. E-mail correspondence is stored in our archiving system for at least 10 years, irrespective of its deletion from the respective mailbox.

Existence of a necessity to provide personal data (Art. 13 para. 2e DSGVO).
The collected data is necessary for the conclusion and performance of the supplier or service relationship.

Duty to inform patients

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Support of operational processes as a service provider for clinics and distributors in assessing the suitability of patient anatomies for our medical devices based on pseudonymized computed tomographies (Art. 6 para. 1f DSGVO).

  • If pseudonymization of the computed tomographies is not sufficient to uniquely identify a patient in the context of an implantation of our medical devices, we may also store the full name to exclude confusion (Art. 6 para. 1d DSGVO).

  • Development of a heart valve prosthesis specially made for the patient in the context of a custom-made product ordered by a clinic or a distributor (Art. 6 para. 1b DSGVO, Art. 6 para. 1c DSGVO & Art. 6 para. 1d DSGVO).

 

Interests of the controller in case of balancing of interests (Art. 13 para. 1d DSGVO)

  • Assertion of legal claims and defense in legal disputes

  • Ensuring IT security and IT operations of the Company

  • Prevention of criminal acts

  • Measures for business management and further development of services and products

  • Exclusion of confusion that could lead to danger to life and limb

 

Recipients or categories of recipients of the personal data (Art. 13Abs. 1e DSGVO)
Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, consultants, affiliated companies, distributors

Transfer to third countries (Art. 13 para. 1f DSGVO)
There may be a transfer of data to Switzerland to affiliated companies.

Storage period according to legal storage obligations (Art. 13 para. 2a DSGVO)
All commercial or tax-relevant documents are stored for at least 10 years, under special circumstances due to other legal bases also for 15 years. E-mail correspondence is stored in our archiving system for at least 10 years, regardless of whether it is deleted from the respective mailbox. Data on patients are stored for 8 weeks for rejected cases after receipt of the data, respectively 8 weeks for cases after implantation. In the case of custom-made implants, we store the data for 15 years due to legal requirements.

Existence of a necessity to provide personal data (Art. 13 para. 2e DSGVO).
The collected data is necessary for the conclusion and implementation of the supplier or service relationship.

 

Duty to inform applicants

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)
Processing of job applications and conclusion of employment contracts (Section 26 (1) BDSG-neu).

Interests of the controller when weighing interests (Art. 13 para. 1d DSGVO).
Not applicable.

Recipients or categories of recipients of the personal data (Art. 13 (1e) DSGVO)

IT service provider, affiliated companies

Transfer to third countries (Art. 13 para. 1f DSGVO).
There may be a transfer of data to Switzerland to affiliated companies.

Storage period in accordance with legal retention obligations (Art. 13 para. 2 a DSGVO).
Personal data is deleted six months after the end of the application process, taking into account Section 61b (1) ArbGG in conjunction with Section 15 AGG.

Existence of a necessity to provide personal data (Art. 13 para. 2e DSGVO).
The collected data is necessary for the implementation of the application procedure. If it is not provided, it will not be possible to carry out the application procedure.

Duty to inform employees

Purpose and legal basis of data processing (Art. 13 para. 1c DSGVO)

  • Administration of the personnel file (§ 26 para. 1 BDSG-neu in conjunction with Art. 88 para. 1 DSGVO)

  • Payroll accounting (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) DSGVO)

  • Administration of pension plans (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) DSGVO)

  • Access and time recording (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) DSGVO)

  • Collection of driver's license data for company car management and organization of rental cars (Art. 6 para. 1c DSGVO)

  • Processing of fines in road traffic (Art. 6 para. 1c DSGVO)

  • Exhibition of visual material of the data subject on the company website, in marketing materials or internal documents (e.g. employee book) with the data subject's consent (Art. 6 para. 1a DSGVO)

  • Support of operational processes by service providers (Art. 28 DSGVO)

  • Exercise of rights or fulfillment of legal obligations arising from labor law, social security law and social protection, e.g. provision of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy (Art. 9 para. 2b DSGVO)

  • Processing of health data for the assessment of your ability to work (Art. 9 para. 2h DSGVO)

  • Implementation of operational integration management (Art. 9 para. 2a DSGVO)

 

Interests of the controller in the event of a balance of interests (Art. 13 para. 1d DSGVO)

  • Assertion of legal claims and defense in legal disputes, ensuring IT security and the IT operation of the company

  • Prevention of criminal offences

  • Measures for business management and further development of services and products

 

Recipients or categories of recipients of the personal data (Art. 13 para. 1e DSGVO)

Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, tax office, IT service providers, consultants, affiliated companies, customers/traders, travel and passenger transport service providers, car rental companies, advertising agencies, photographers, insurance companies, third-party debtors in the event of wage and salary garnishments, insolvency administrators in the event of private insolvency

 

Transfer to third countries (Art. 13 para. 1f DSGVO)
There may be a transfer of data to Switzerland to affiliated companies.

Storage period in accordance with legal retention obligations (Art. 13 para. 2 a DSGVO).Personal data is deleted six months after the application process has ended, taking into account Section 61b (1) ArbGG in conjunction with. § 15 AGG. In the case of inclusion in the applicant pool, deletion takes place after 2 years if no suitable position can be offered.

 

Existence of a necessity to provide personal data (Art. 13 para. 2 e DSGVO).
The collected data is necessary for the implementation of the application process. If it is not provided, it will not be possible to carry out the application procedure.

General rights of data subjects

Right to information, correction, deletion, restriction, data portability and objection (Art. 13 para. 2b DSGVO)
As a data subject, you have the right to information, correction and deletion of your data and to restriction of processing, as well as a right to data portability at any time. For this purpose, please contact the data controller using the contact details provided.

Right of objection (Art. 21. para. 1 DSGVO).
Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time by contacting us at the contact details provided, if reasons arise from your particular situation that conflict with this data processing. We will then stop this processing unless it serves overriding interests worthy of protection on our part.

Right of withdrawal (Art. 13. para. 2c DSGVO).Insofar as you have consented to the processing of your data, you have the right to revoke this at any time for the future. The lawfulness of the processing until the revocation is not affected by this. For this purpose, please contact the controller using the contact details provided.

 

Right of complaint (Art. 13 para. 2d DSGVO).
As a data subject, you may contact the competent state commissioner for data protection and freedom of information of Baden-Württemberg at any time in case of complaints.

Information requirements

bottom of page