Privacy protection policy according to the GDPR
I. Name and address of the data controller
WindStar Medical GmbH
60549 Frankfurt am Main
Tel.: +49 (0) 69 6540 272 102
is the data controller as defined in the EU General Data Protection Regulation (GDPR) and the national data privacy laws.
II. Name and address of the data protection officer
The data protection officer of the data controller is:
60329 Frankfurt am Main
III. General information about data processing
1. The extent to which personal data is processed
As a matter of principle, we collect and use personal data of the users of our homepage only to the extent that this is necessary for the provision of a functional website, our contents and services.
As a matter of principle, the collection and use of our users' personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by legal regulations or where obtaining prior consent is not possible for actual reasons.
2. Legal basis for processing personal data
The legal basis for the processing of personal data results in principle from:
• Art. 6 para. 1 s. 1 lit. a GDPR upon obtaining the consent of the data subject.
• Art. 6 para. 1 s. 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
• Art. 6 para. 1 s. 1 lit. c GDPR for processing required to fulfill a legal obligation.
• Art. 6 para. 1 s. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
• Art. 6 para. 1 s. 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage duration
The users' personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage beyond this may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Use of our website, general information
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:
(1) Information about the type of browser and the version used.
(2) The user's operating system
(3) The user's Internet service provider
(4) Name of the files or information retrieved
(5) The user's IP address
(6) Date and time of access
(7) Amount of data transferred
(8) http status code (e.g. "request required" or "requested file not found")
(9) Websites from which the user's system accesses our website and websites that are accessed by the user's system via our website.
The data described is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.
The collection of their personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore has no possibility to object.
3. Duration of storage
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.
If your data is stored in log files, it will be deleted after 7 - 10 days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or alienated. This means that it is no longer possible to identify the calling client.
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDSG).
Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in a specific case can be found below the respective cookie or the respective processing itself.
The primary legal basis for the storage of information in the end user's terminal equipment - in particular for the storage of cookies - is your consent, Section 25 (1) sentence 1 TTDSG. Consent is given when you visit our website - although this does not have to be given, of course - and can be revoked at any time in the cookie settings.
Pursuant to Section 25 (2) no. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies"), and therefore fall under the exemption regulation of Section 25 (2) TTDSG and therefore do not require consent.
When cookies are used, the following data is stored and transmitted:
(1) Items in a shopping cart
(2) Log-in information
The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 p. 1 lit. f GDPR. The purpose of the use of technically necessary cookies is to simplify the use of our website.
These are the following applications:
(1) Shopping cart
(2) Remembering search terms
We do not use user data collected through technically necessary cookies to create user profiles.
The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 p. 1 lit. a GDPR if the user has consented to this.
Cookie consent with Usercentrics
When you enter our website, the following personal data is transferred to Usercentrics:
• Your consent(s) or revocation of your consent(s)
• your IP address
• information about your browser
• information about your terminal device
• time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
For more information on data processing by "Usercentrics", please refer to the data protection information at https://usercentrics.com/de/datenschutzerklaerung/
Here you can view and adjust your cookie settings.
VI. Data transfers to third countries (outside of the EU):
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the determination of a level of data protection corresponding to the EU officially recognised by the EU Commission or the observance of officially recognised special contractual obligations, the so-called "standard data protection clauses".
VII. Electronic contact
It is possible to contact us via the e-mail address or telephone number provided. In this case, the user's personal data transmitted with the e-mail or telephone will be stored.
Customer support is a service provided by Sanvartis GmbH and includes pharmaceutical/medical information by specialist staff working there via e-mail and telephone. All information received is documented by Sanvartis and forwarded in writing to Districon GmbH and WindStar Medical GmbH within 24 hours.
The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 sentence 1 lit. b GDPR, additionally Art. 6 para. 1 sentence 1 lit. f GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail or telephone, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If the process is based on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest), you can object to the storage of your personal data at any time. However, we would like to point out that in such a case the conversation cannot be continued. All personal data stored in the course of contacting you will be deleted in this case.
VIII. Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The legal basis for the use of the technically necessary cookie is the legitimate interest of the website operator pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.
IX. Content Delivery Networks (CDN)
This site uses so-called Content Delivery Networks to provide popular online libraries and web fonts. Access then takes place directly on the servers of the operators, so that data such as the calling IP address, referrer, browser information, etc. accrue there.
The legal basis for this is our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, to present our site in a needs-oriented manner and to optimise the user experience.
You can prevent the collection and processing of your data by CDNs by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find such a blocker, for example, at www.noscript.net).
The following is a list of the CDNs we use:
1. Google Web Fonts
We integrate the fonts ("Google Web Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR. The aim is the optimisation and economic operation of our homepage.
The opt-out can be set at: https://adssettings.google.com/authenticated.
2. Adobe Typekit (Adobe Fonts)
We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. that gives us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe thereby receives the information that our website was accessed from your IP address.
X. Web Analytics
1. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by enabling a corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We use the statistics to improve our offer and make it more interesting for you as a user. The legal basis for using Google Analytics is your consent, as defined in Art. 6 para. 1 s. 1 lit. a GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html ,
Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html ,
data protection policy: http://www.google.de/intl/de/policies/privacy.
2. GA Audiences
Our website uses GA Audiences, a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA Audiences uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and that enable an analysis of the use of the respective devices. Some of the data is analyzed across devices. Google Audiences receives access to the cookies created in the context of the use of Google Adwords and Google Analytics. In the course of use, data, such as in particular the IP address and activities of the user, may be transmitted to a server of Google Inc. and stored there. Google Inc. may transfer this information to third parties if required to do so by law, or if such data is processed by third parties. You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by deactivating the execution of Java Script in your browser or installing a tool such as 'NoScript'. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). Further information on data protection when using GA Audiences can be found at the following link:
The legal basis for the processing of your data is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.
XI. Social Media
We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services there.
We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).
User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR. If the users are asked by the respective providers for consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 p. 1 lit. a. GDPR.
Further information on the processing of your personal data as well as your objection options can be found under the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made vis-à-vis the providers, then only they have direct access to the data of the users and have the corresponding information. Of course, we are available to answer any queries and support you if you need help. Providers:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
XII. Your rights/rights of the data subject
According to the EU General Data Protection Regulation, as an affected party you have the following rights:
1. The right to receive information
You have the right to receive from us as data controller the information whether and which personal data concerning you are processed by us as well as further information in accordance with the legal requirements pursuant to Art. 13, 14 GDPR.
You can claim your right to information under: firstname.lastname@example.org
2. The right to rectification
If the personal data processed by us and concerning you is incorrect or incomplete, you have a right to rectification and/or completion vis-à-vis us. The correction will be made without delay.
3. Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).
4. The right to delete
If the conditions set out in Article 17 of the GDPR apply, you may request that the personal data relating to you be deleted without delay.
We would like to point out that the right to erasure does not exist insofar as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to data portability
Under the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
7. Right to revoke the declaration of consent to data protection
You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right to objection
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 s. 1 lit. e or f GDPR.
9. Automated decision on an individual basis, including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10. Right to complain to a supervisory authority
Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.