Data protection declaration

MedicalMountains GmbH (hereinafter ‘MedicalMountains’, or ‘we’ or ‘us’) is the controller within the meaning of data protection law.

The contact details of the controller are:

MedicalMountains GmbH
Katharinenstraße 2
78532 Tuttlingen
Telephone: +49 (0) 7461 / 9697 210
Telefax: +49(0) 7461 / 9697 219
Internet: www.medicalmountains.de
E-Mail: info@medicalmountains.de
Registered office of the company: Tuttlingen

Authorised managing directors:
Yvonne Glienke, Julia Steckeler

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by e-mail at info@medicalmountains.de.

In the following, we will inform you about the type, scope and purpose of the collection and use of personal data. You can access this information at any time on our website.

Purpose of the data
Wir erheben und verwenden personenbezogene Daten von Ihnen, soweit dies erforderlich ist, um die Inanspruchnahme unseres Internetangebotes zu ermöglichen oder abzurechnen (Nutzungsdaten), sowie dieses zu bewerten. Dazu gehören insbesondere Merkmale zu Ihrer Identifikation und Angaben zu Beginn und Ende sowie des Umfangs der Nutzung unseres Angebotes.

We collect and use your personal data insofar as this is necessary to enable or charge for the use of our website (usage data) and to evaluate it. This includes, in particular, features for your identification and information on the beginning and end as well as the extent of the use of our offer.

All personal data is used by MedicalMountains for the following purposes:

  • Sending information and events
  • New advertising, offers and service mailings
  • Sending out newsletters
  • Contact on contractual matters or employment relationships
  • Participation in surveys on the measurability of our website

The following data is collected by MedicalMountains through the offers:

Surname, first name, gender, title, telephone, mobile phone, fax, e-mail, street, city, postcode, position and industry.

In addition, we process

  • Contract data (e.g., subject matter of the contract, term, customer category)
  • Payment data (e.g. bank details, payment history)

of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Data transmission and logging for internal system and statistical purposes
For technical reasons, your Internet browser automatically transmits data to our web server when you access our website. This data includes the date and time of access, URL of the referring website, file accessed, amount of data sent, browser type and version, operating system and your IP address. This data is stored separately from other data that you enter when using our website. It is not possible for us to assign this data to a specific person. This data is analysed for statistical purposes and then deleted.

Inventory data
If a contractual relationship between you and us is to be established, developed or amended, we collect and use your personal data insofar as this is necessary for these purposes.

Managing contacts and sending messages
This type of service makes it possible to manage a database of e-mail contacts, telephone numbers or any other contact information in order to communicate with the user.

The services may also collect data about the date and time messages were read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.

With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter ‘newsletter’) with the consent of the recipient or with legal authorisation. If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the user’s consent.

Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Registration data: To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name to address you personally.

The newsletter and the associated performance measurement are sent on the basis of the recipient’s consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Art. 7 para. 2 no. 3 GDPR. § Section 7 para. 2 no. 3 UWG or on the basis of the legal authorisation pursuant to Section 7 para. 3 UWG.

The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.

Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.

Purpose limitation, data minimisation and transparency
The data obtained from customers may only be used for the purposes required by the service programme. For the use of additional purposes, confirmation of the new purpose must be obtained in advance from the data subject. Only data of data subjects that is relevant for the purpose of use is stored. All other data is not recorded and is not stored on the server.

The newsletter is sent using the mailing service provider ‘MailChimp’, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

You can view the privacy policy of the mailing service provider here: https://mailchimp.com/legal/privacy/.

The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with MailChimp are also logged.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass it on to third parties. We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement ‘Privacy Shield’ and thus undertakes to comply with EU data protection regulations. We have also concluded a ‘Data Processing Agreement’ with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view MailChimp’s privacy policy here.

Participation in surveys – SurveyMonkey

We use the survey platform ‘SurveyMonkey’ from SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings,

Shelbourne Road, Dublin, Ireland.

We use SurveyMonkey to provide you with surveys.

This purpose also constitutes our legitimate interest in processing the aforementioned data (Art. 6 para. 1 sentence 1 lit. f GDPR).

If we ask participants for their consent to the processing of their data, this is the legal basis for processing in accordance with Art. 6 para. 1 sentence 1 lit. a of the GDPR.

If you voluntarily participate in a survey, SurveyMonkey collects usage data. When you participate in surveys, the technical data required for the process and the data you enter are transmitted.

This may include information about which websites you visit, what you click on, when you do so, your language preference, what you purchase, etc. SurveyMonkey also collects device and browser data.

This includes information about the device and application you use to access our services. Emails sent by SurveyMonkey or its users through the Services also contain page tags that allow the sender to collect information about the recipient who opened the email and clicked on links in it. Furthermore, the SurveyMonkey web servers keep log files in which data is recorded each time a device accesses these servers. The log files contain access details such as sender IP address, internet provider, the files displayed on our website (e.g. HTML pages, graphics, etc.), operating system version, device type and timestamp.

Further information on the cookies used by SurveyMonkey, data protection and storage duration can be found at the following link: https://www.surveymonkey.de/mp/legal/privacy/

SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. based in the USA. It cannot be ruled out that your data collected by SurveyMonkey will also be transferred to the USA. However, SurveyMonkey Inc. has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and is certified accordingly. SurveyMonkey has therefore undertaken to comply with the standards and regulations of European data protection law.

Further information on the EU Privacy Shield and its validity can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analytics service provided by Google. GDPR) Google Analytics, a web analytics service provided by Google LLC (‘Google’). Google uses ‘cookies’. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to analyse the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymised user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on data use by Google, setting and objection options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (‘Data use by Google when you use our partners’ websites or apps”),

http://www.google.com/policies/technologies/ads (‘Use of data for advertising purposes’),

http://www.google.de/settings/ads (‘Manage information that Google uses to show you advertising’).

Cookies
We use cookies to extend the functionality of our website and make it more convenient for you to use. With the help of these ‘cookies’, data can be stored on your computer when you visit our website. You have the option of preventing the storage of cookies on your computer by making the appropriate settings in your browser. However, this may limit the functionality of our website.

CONSENT, PREF, VISITOR_INFO1_LIVE, YSC, GPS, remote_sid, nextid, requests
We embed YouTube videos in order to make them directly available to you.
These cookies are set by YouTube (google).

IDE
DoubleClick is used on the website to determine marketing solution data.
This cookie is set by DoubleClick (google).

NID
The cookie is included in requests sent by browsers to Google websites. The NID cookie contains a unique ID that Google uses to store your preferred settings and other information, in particular your preferred language (e.g. German), how many search results should be displayed per page (e.g. 10 or 20) and whether the Google SafeSearch filter should be activated. You can find more detailed information on this under the following link: https://www.google.com/policies/technologies/types/

PHPSESSID
The session ID, i.e. a randomly generated identification number for your session, is stored in this cookie. Depending on your browser settings, this cookie is deleted when you close a tab or window that has set this cookie. This makes it possible, for example, to have the browser automatically fill in previously completed fields on a form.

_ga, _gat, _gid
These cookies collect data for Google Analytics. This is used by MedicalMountains GmbH to evaluate the use of the website, such as the length of the session or the number of page views. Google uses this data for its own purposes. This is pseudonymised data. These cookies are set by Google Analytics.

pll_language
This cookie stores the language selection you have set for a website. The cookie remembers the language in which you last visited this page.

The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries.

Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us.

Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is checked, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail.

Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible.

Right to revoke consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. We will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Forwarding of data

Unless otherwise stated, your personal data will only be passed on without your consent in the following cases:

Personal data will be forwarded to law enforcement authorities and, if necessary, to injured third parties, insofar as this is necessary to clarify any unlawful use of our services and/or for legal prosecution.

However, there must be concrete evidence of unlawful behaviour. We are also legally obliged to provide information to certain public authorities on request. These include authorities that prosecute administrative offences subject to fines and tax authorities.

The basis for the disclosure of the data is the legitimate interest in combating abuse, enforcing claims and prosecuting criminal offences, Art. 6 para. 1 lit. f GDPR. In addition, data may be passed on due to legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

We also use processors:

b2match

We use the b2match platform of the provider B2Match GmbH, Vally-Weigl-Gasse 5/456, 1100 Vienna, Austria.

B2match enables us to create and manage event pages via a platform.

The use of personal data collected via b2match is limited to the purpose of providing these services.

B2match and we may collect personal data about the people who attend our events in order to personalise the event experience and future products and services.

The collection, use and processing of the data is based on the consent of the data subjects, Art. 6 para. 1 lit. a GDPR, as well as on Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

The transfer of data to b2match as a processor is based on Art. 28 para. 1 GDPR.

In addition, the website operator has a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of its services.

b2match collects data that is necessary for the provision and improvement of the platform and services. For this purpose, ‘log files’ (information about computer hardware and software; IP address, browser type, domain name, access times and referring website addresses) are also automatically created. This data is used by b2match to operate the platform, to maintain its quality and to provide general statistics on the use of the platform. The privacy policy of b2match is available at the following link: https://admin.b2match.com/terms/en/privacy-policy
Terms of use of b2match: https://admin.b2match.com/terms/en/terms-of-use-participants

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third parties within our online offer. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as ‘content’).

This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.

We integrate the videos of the platform ‘YouTube’ of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

We integrate the maps of the ‘Google Maps’ service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts
We integrate the fonts (‘Google Fonts’) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Links to other websites
We have included various links to other websites. When you click on these links, information is transmitted to the operator of the other website. This privacy policy does not regulate the collection, transfer or handling of personal data by third parties. Please check the privacy policy of the respective responsible organisation.

Data security
Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet. We take appropriate technical and organisational measures to protect our website and other IT systems against loss of availability, integrity and confidentiality. Your personal data is transmitted to our website in encrypted form. You can recognise the secure connection by the fact that the address displayed begins with ‘https://…’ instead of ‘http://…’ and a closed padlock is displayed in your browser. You can obtain more information about our SSL certificate by clicking on the padlock.

We reserve the right to amend this privacy policy at any time with effect for the future. The current version is always available on our website. Please visit our website regularly and inform yourself about the applicable data protection regulations.

Status: November 2020