HIPP ENDOSKOP SERVICE

your requirements are our aims

Data protection statement

Data protection statement

The protection of your personal data is important to us and therefore we would like to give you the simplest and most accurate information possible on contact options and about the data concerned.

First you will receive the following information about the possibilities for contacting our data protection officer, as well as options for encrypted contact. Then we introduce the legal and technical terms that will be used later. After that you will get an overview of the rights of the person concerned. Following that you will find the details of the person responsible. And finally the technologies, services and our handling will be addressed.

The protection of your personal data is important to us and therefore we would like to give you the simplest and most accurate information possible on contact options and about the data concerned.

First you will receive the following information about the possibilities for contacting our data protection officer, as well as options for encrypted contact. Then we introduce the legal and technical terms that will be used later. After that you will get an overview of the rights of the person concerned. Following that you will find the details of the person responsible. And finally the technologies, services and our handling will be addressed.

1 Contact the data protection officer

If you have questions or would like information, you can always contact our external data protection officer, whose contact details are as follows:

Oliver Offenburger, M.Sc.

Email: moc.ecivrespoksodne-ppihTOBMAPS]ta[ITNAnoitcetorpatad

eye-i4 GmbH Data Data Protection Department
Mönchweilerstraße 12
78048 Villingen-Schwenningen

Phone: 07721 69724 00
Fax: 07721 69724 01 
Website: https://eye-i4.de

Our preferred contact option is email. But you can also of course contact the data protection officer by post or phone. If you want to encrypt your email to our data protection officer we recommend that you read the following section.

Notes on enquiries:

When an email is received during normal working hours, we confirm receipt of the email the same day. If you do not receive confirmation, please contact us by phone.

If you make a postal request, we will still send you a confirmation of receipt on the day of delivery, but no later than one day after delivery. If you do not receive confirmation, please contact us by phone.

For a telephone enquiry you are kindly requested to call the number of our data protection partner, eye-i4 GmbH, directly.

1.1 Encryption of emails to our data protection officer

We are advocates of encrypted transmission by email. Therefore, to maintain confidentiality and integrity, we offer you the possibility of encrypting your requests to the data protection officer.

For encryption we use PGP. You can find information about free usage options and the setup on the website of our data protection partner; please see the following link: https://eye-i4.de/blog-kostenlose-pgp-verschluesselung.html

You can download our PGP key via the following link: https://www.hipp-endoskopservice.com/assets/files/pgp-key/hipp_public_key_data_protection_officer.asc 

If you would like fingerprint verification please, contact our data protection partner, eye-i4 GmbH, by phone.

If you have further questions about encryption you can contact our data protection officer.

2 Terms in legal context

Before further discussion of legal issues we would first like to introduce the associated terms:

2.1 EU DSGVO (also known as DSGVO)

The expression EU DSGVO (hereinafter also “DSGVO”) means the General Data Protection Regulation. This concerns a basic regulation of the European Union which regulates how personal data may be processed. For information the legal text of the GDPR can be viewed via the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

2.2 Person responsible

“Person responsible” means the natural or legal person, authority, institution or other body which alone or together with others decides on the purposes and means of processing personal data; if the purposes and means of this processing are determined by Union law of the law of the Member States the person responsible or the specific criteria for their appointment may be provided for under Union law or the law of the Member States.

2.3 Personal data and person affected

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “person affected”); a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by means of association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features which are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person

2.4 Processing

“Processing” means any process carried out with or without the aid of automated procedures, or any such series of operations relating to personal data, such as collecting, recording, organising, ordering, storing, adapting or altering, selecting, retrieving, using, disclosing through transmission, dissemination, or any other form of provision, matching or linking, restriction, deletion or destruction.

2.5 Restriction of processing

“Restriction of processing” means the marking of personal data stored in order to limit its future processing

2.6 Processor

“Processor” means a natural or legal person, authority, institution or other body which processes personal data on behalf of the person responsible.

2.7 Recipient

The “recipient” is a natural or legal person, authority, institution or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in connection with a particular investigation according to Union or Member State law are not considered to be recipients; the processing of these data by said authorities takes place in accordance with the applicable data protection rules according to the purposes of the processing.

2.8 Third party

“Third Party” means a natural or legal person, authority, institution or other body, besides the data subject, the person responsible, the processor and the persons authorised under the direct responsibility of the person responsible or the processor to process the personal data.

2.9 Consent

“Consent” of the data subject means any expression of will which is voluntarily given for the particular case, in an informed manner and unambiguously given, in the form of a statement or other unambiguous confirmatory act, with which the data subject indicates that they are in agreement with the processing of the personal data relating to them.

2.10 Breach of personal data protection

“Breach of personal data protection” means a breach of security which leads to destruction, loss or alteration, whether inadvertent or unlawful, or to the unauthorised disclosure of, or unauthorised access to, personal data which are transmitted, stored, or otherwise processed.

2.11 Health data

“Health Data” means personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about their health status emerges.

2.12 Company

“Company” means a natural or legal person which carries on an economic activity, regardless of its legal form, including partnerships or associations which regularly engage in economic activity.

2.13 Supervisory authority

The “supervisory authority” is an independent public authority established by a Member State in accordance with Article 51.

2.14 Relevant and well-founded appeal

The “relevant and well-founded appeal” means an appeal with regard to whether or not there has been a breach of this regulation, or whether the intended action against the responsible person or processor is in accordance with this regulation, which appeal clearly demonstrates the scope of the risks posed by the draft decision in relation to the fundamental rights and freedoms of data subjects and, where appropriate, the free movement of personal data within the Union.

3 Terms in the technical context

Before going into technical matters in further detail, we would first like to introduce the corresponding terms:

3.1 File system

The “file system” is any structured collection of personal data that is accessible according to certain criteria, irrespective of whether this collection is managed centrally, in a decentralised manner, or organised according to functional or geographical criteria.

3.2 Cookies
Cookies are text files that are stored on your device by a website using your browser. These text files can be aimed at implementing technical issues such as a shopping cart mechanism, or also to infect your visitor behaviour. For this purpose the text files can be provided with identification features and additional information.
You have the option of preventing the storage of cookies in the browser of your terminal device. If cookies are deactivated, there may be technical restrictions on the use of the website.
3.3 Server logs
Server logs are log files which are created by the web server and document access to a website. A log entry can contain a variety of information such as access time, browser type, the IP address of the visitor, etc.
3.4 Referrer
The referrer indicates that which brought someone to the page of the person responsible. With server logs, for example, the referrer can be read out.

4 Rights of the person affected

The rights of the persons affected arise from the DSGVO as well as from the respective national legal provisions for data protection. If you want to assert your rights, we ask you to contact our data protection officer us via the above-mentioned option. In the following, we would like to draw your attention to your rights, which result from the DSGVO, in particular chapter 3:

 

4.1 Obligation for information

The person affected data has the right to obtain information about the personal data held about the person affected, if the data was collected from person affected or if the data were not collected from the person affected. Corresponding is regulated in section Art. 13 and 14 DSGVO.

4.2 Right of information

The person affected has the right to ask the person responsible for confirmation whether relevant personal data relating to him are processed; if this is the case, he has a right to information about this personal data and to further information pursuant to Art. 15 DSGVO.

4.3 Right of correction

The person affected has the right to immediately demand the correction of incorrect data concerning him from the person responsible.
In consideration of the purposes of processing, the person affected has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

 

4.4 Right of deletion

The person affected the right to ask the person responsible for the personal data concerned to be deleted immediately, and the person responsible is obliged to delete personal data immediately if one of the reasons in accordance with Art. 17 DSGVO applies.

4.5 Right of restriction of processing

The person affected has the right to demand that the person responsible for processing restricts processing, if one of the requirements of Art. 18 DSGVO is fulfilled.

4.6 Obligation to inform
The person responsible shall notify all recipients, whose personal data have been disclosed, of any correction or deletion of the personal data or a restriction of the processing in accordance with Art. 16, Art. 17 para. 1 and Art. 18 DSGVO, unless this proves to be impossible or is associated with a disproportionate effort.
The person responsible will inform the person affected about these recipients, if the person responsible requests this.
4.7 Right of data transfer

The person affected has the right to obtain the personal data concerning him, which he has provided to a person responsible, in a structured, common and machine-readable format and he has the right to transfer these data to another person without hindrance by the person responsible, to whom the personal data were provided.

4.8 Right of objection

The person affected has the right, for reasons resulting from his particular situation, to object to the processing of personal data relating to him in accordance with Article 6 paragraph 1 letter e or f; this also applies to profiling based on these provisions. The person responsible will no longer process the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedom of the person affected, or the processing serves for the purpose of enforcing, pursuing or defending legal claims.

4.9 Complaint to the supervisory authority

In accordance with Art. 77 DSGVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or the seat of the person responsible.

Our responsible supervisory authority is:
State representative for data protection and freedom of information, Stuttgart

5 Information about the person responsible

The person responsible in accordance with Art. 24 DSGVO is listed below:
Hipp Endoskop Service GmbH
Glottertalstraße 10 
79108 Freiburg

You can obtain further information regarding the person responsible from the imprint.

6 Web technologies used

6.1 Server logs
If you are using the website purely for information, that is, if you do not register or otherwise transmit information, we take only the personal details that your browser sends to our server. If you wish to view our website, we take the following data, which are necessary for us in order for you to view our website and to ensure stability and security (based on article 6, section 1, S.1f) DSGVO):
  • Anonymised IP address;
  • Date and time of the enquiry;
  • Time zone difference from Greenwich Mean Time (GMT); Content of the request (particular page);
  • Access status/HTTP status code;
  • Quantity of data transmitted in each instance;
  • Website from which the request arrives (referrer);
  • Browser;
  • Operating system and its interface
  • Language and version of the browser software.
6.2 Cookies
When using our website, cookies are stored on your computer. You can configure your browser settings according to your wishes and e.g., refuse acceptance of third party cookies. Please note that you will then not be able to use all the functions of this website.
This website uses the following types of cookies, the scope and function of which are explained below:
  • Transient cookies;
  • Persistent cookies. 
6.2.1 Transient cookies

Transient cookies are automatically cancelled when you close your browser. This includes session cookies in particular. These store a so-called “session ID,” by which various enquiries from your browser are assigned to a common session. Thus your computer can be recognized when you return to our website. The session cookies are cancelled when you log out or close your browser.

7 Disclosure to third parties

Your personal details will not be passed to any third party other than in the following instances:
We pass on your personal details to a third party only if:
  • you have given express consent under article 6, section 1 S.1 a) DSGVO;
  • disclosure under article 6, section 1 S.1f) DSGVO is required for assertion, exercise or defence of legal rights and no grounds exist for an assumption that you have an
  • overriding interest warranting non-disclosure of your details;
  • in the case that there is a legal obligation for disclosure under article 6 section 1 S.1 c) DSGVO and
  • this is legally permissible and required under article 6 section 1 S.1 b) DSGVO for the processing of contractual relationships with you.