Data privacy statement
Horresser Berg 1
D-56410 Montabaur
Telefon: +49(0) 2602 9213-0
Telefax: +49 (0) 2602 9213-15
E-mail: info@cegla.de
Thank you for your interest in our website. Your privacy and the protection of your personal data is very important to us. Therefore, our business operations are conducted under observance of all applicable laws concerning data protection and security. We are committed to ensuring that you feel secure when dealing with us. For this reason, we and our data protection officer are responsible for adherence to all statutory data privacy guidelines. We are aware of the importance of the information that you trust us with, and would like you to know the following:
- the purposes for which your (personal) data is collected, processed and used,
- how we handle and protect your data,
- who we make this data available to, and
- how you can exercise your rights.
Please read the following information carefully. If you have any questions, please contact our data protection officer. Their contact data will be found below this data privacy statement.
1. Definition of terms
Data protection is a complex subject. In order to facilitate comprehension of this data privacy statement, we have compiled a few basic concepts and definitions for you.
“Order Processing” (OP, for short) in accordance with Art. 28 of the General Data Protection Regulation (DS-GVO) [formerly known as “Order Data Processing” (ADV, for short) pursuant to section 11 of the Federal Data Protection Act (BDSG)] is simplified to mean a service under which personal data is collected, processed, and/or used by a Processor (Contract Processor as per DS-GVO and formerly known as an Order Data Processor as per BDSG), under the order and instruction of a Controller. Before such an order is assigned to a Processor, we enter into a special agreement with the Processor to ensure additional measures for protection of your personal data.
“Cookies” are small text files that are saved on the end device that you use (e.g. a computer or smartphone) and which store certain settings and data to exchange with our system through your browser. A cookie normally contains the name of the website visited from which the cookie files were sent, information on the age of the cookies, and an alphanumeric identification code. Cookies allow the system to recognise the user’s device and to make potential default settings available immediately.
A “third party” is a natural or legal person, public authority, agency or body other than the data subject, Controller, Processor or persons who have been authorised to process personal data under the direct authority of the Controller or Processor, cf. Art. 4 No. 10 DS-GVO (German General Data Protection Regulation). If personal data is passed on to a Processor in the course of order processing, pursuant to Art. 28 DS-GVO or formerly section 11 BDSG, this would not be considered a third party.
“IP addresses” are number sequences assigned to individual IT devices or to a group of them. The IP is used similarly to postal addresses, to assign data to the correct recipient.
“Personal data” includes all information pertaining to an identified or identifiable person, especially first and last names, date of birth, e-mail address, physical address, and bank and payment data, as well as health-related information, cf. Art. 4 No.1 DS-GVO (individual information for a specific or specifiable natural person formerly pursuant to section 3 para. 1 BDSG).
A “controller” is, pursuant to Art. 4 No. 7 DS-GVO (previously “responsible authority” as per section 3 para. 7 BDSG), the natural or legal person who determines, alone or jointly with others, the purposes and means of the processing of personal data. (on hand: the website operator).
2. Controller
The Controller responsible for your personal data on this website is:
CEGLA Medizintechnik GmbH & Co. KG
Horresser Berg 1
D-56410 Montabaur
Telefon: +49(0) 2602 9213-0
Telefax: +49 (0) 2602 9213-15
E-mail: info@cegla.de
If any agency – other than the aforementioned one – becomes the “Controller” as defined by the General Data Protection Regulation or the BDSG, you will be informed explicitly and separately of this change, if such change is not evident.
3. Use of the website
We automatically collect and store in our server log files the information that your browser transmits to us.
This includes:
- browser type / version
- operating system used
- referring URL (the previously-visited page)
- host name of the accessing computer (IP address)
- time of the server inquiry
We do not assign this data to specific persons. We do not consolidate this data with other data sources.
3.1 Cookies
Every time this website is accessed, data used for the call-up of files is recorded. In this process, we use your IP address or we place cookies in order to collect data. This is done, for example, through your browser, your computer, and the subpages that you visited. We require this data in order to make your visit to our website as pleasant as possible. However, we do not create an individual profile based on your usage. The analysis of usage is always conducted in anonymised form. Our web offering can fundamentally also be used without cookies. In this case, however, we would be unable to rule out limitations in the use of our website or a reduced user-friendliness. Most browsers allow for the deactivation of cookies or their limitation for particular websites. Browsers commonly also have the option of informing you as soon as cookies are used.
Cookies can be deleted from your hard disk at any time. If deleted, we would be unable to rule out limitations in the use of our website or a reduced user-friendliness. Whenever you use a different browser, you can also obtain information on cookies from your browser manufacturer’s website.
3.2 Privacy Policy Newsletter
If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
Use of rapidmail
Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the e-mail are so-called tracking links, with which your clicks can be counted. Depending on the font with which the respective newsletter is designed, a connection to external servers such as Google Fonts takes place.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO (German law).
Recipient: The recipient of the data is rapidmail GmbH.
Transmission to third countries: There is no transmission of data to third countries.
Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Possibility of revocation: You have the possibility to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
Further data protection information: For more details, please refer to the data security notices of rapidmail at: https://www.rapidmail.de/datensicherheit. For more details on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe
3.3 Communication via e-mail, contact form, telephone or fax
If you contact us via e-mail, fax, telephone or one of the contact forms available, we will use your personal information to contact you and offer purposeful advice, based on the information provided in your inquiry.
Further use of your personal data only occurs if a legal requirement allows it or if you have consented to it.
3.4 Transfer of your data, use of service providers
We collect and use your data in accordance with legal requirements and only for our own purposes. A transfer to so-called third parties does not occur unless there is a legal obligation to do so, or you have consented to the transfer.
Insofar as we resort to other service providers to facilitate our offerings and possibly grant them access to your data when required, we have as a matter of course an order processing contract (OP contract, for short) with our service providers (Processors, for short) pursuant to Art. 28 General Data Protection Regulation or formerly to section 11 BDSG. We also remain responsible for the protection of your data. The service providers used are not considered to be third parties based on conclusion of the contract.
3.5 Duration of usage / storage of data
Your personal data will be deleted as long as there are no statutory storage obligations present, and when you have made a request for its deletion, when the purpose for storing the data no longer applies, or when its storage is no longer permissible for other statutory reasons.
3.6 Data usage location
Your data is normally processed in Germany. In exceptional cases, the information that you transmit to us may be stored in servers within the European Union (EU). Should we deviate from this as “Controller” or “Responsible Body”, we will notify you accordingly.
4. Integration of third-party services and contents
4.1 General
It is possible that this online offering may include third-party content such as YouTube videos, material from Google Maps, or graphics from other websites. It is understood that the supplier of such contents (hereinafter referred to as the “third party supplier”) will take note of the user’s IP address. Without an IP address, the contents can generally not be sent to the individual user’s browser. The IP address is required to view these contents in your browser. We strive to only use contents from suppliers who use your IP address only to deliver such contents. We are unable to control, however, whether the third-party supplier stores IP addresses, e.g. for statistical purposes. If we become aware of this practice, we notify our users.
4.2 Use of Google Analytics
This website uses “Google Analytics”, a web analytics service provided by Google, Inc. through which so-called “cookies” (small text files) are stored on your computer. These cookies allow for an analysis of your use of the website. The information generated through cookies regarding your use of this website is normally transmitted to and stored in a Google Inc. server in the USA.
Generally, your IP address will be abbreviated in advance by Google within the member states of the European Union and in other countries that have signed the European Economic Area treaty. In exceptional cases, your full IP address may be transmitted to a Google, Inc. U.S. server and thus be abbreviated for the first time in the USA.
Google Inc. will use this information to evaluate your use of the website on our behalf. The collected data will not be merged with other data provided by Google.
Please note: This website uses Google Analytics with the extension “gat. anonymizeIp()”, in order to guarantee the anonymised collection of IP addresses.
You can prevent the storage of cookies by setting your browser software accordingly. However, we need to point out that in this case you might not have full access to all functions of this website. In cases in which you only want to prevent the processing of data by Google Inc., you can download and install a browser plug-in available at the following website: https://tools.google.com/dlpage/gaoptout?hl=de
This browser plug-in should be available for the following browsers: Microsoft Internet Explorer (current version), Google Chrome, Mozilla Firefox, Apple Safari and Opera.
You can prevent the collection of your data by Google Analytics by clicking on the following button. An opt-out cookie will be established, preventing the collection of your data during future visits to this website:
4.3 Use of YouTube
We have integrated YouTube videos into our website. YouTube is part of Google Inc., headquartered in San Bruno, California, USA. Whenever you visit websites equipped with a YouTube plug-in, a connection to the YouTube servers is established. In this process, the YouTube server is informed of which of our website pages you have visited.
If you are logged in to your YouTube account, you will be allowing YouTube to directly link your web surfing behaviour to your personal profile. You can impede this linking possibility by logging out of your YouTube account in advance. You can obtain additional information on the collection and use of your data by YouTube, in their data privacy information found at www.youtube.com.
4.4 Use of Google DoubleClick
Our website uses the Google DoubleClick service. This tool is used to switch advertisements when you visit our website. DoubleClick uses information (but no personal data such as your name or e-mail address) on your visits to this or other websites, to switch to displaying products and services that are of interest to you. For more information on this product and how to circumvent it, go to http://www.google.de/policies/technologies/ads/.
4.5 Use of jQuery
Our website uses jQuery technologies which are connected through Google APIs. Here, the appropriate program libraries are called up from Google servers. By calling up external Google servers in the USA, there is a possibility that Google may record and save your IP address, among other things. You can find information on data protection by Google in its data privacy statement found at: http//google.de/int1/de/policies/privacy/.
4.6 Use of ytimg
Google Inc. JavaScript code is reloaded on our website. If you activate JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Google. We do not know which data is linked by Google to the data obtained, or for what purposes Google uses this data. In order to generally prevent the implementation of JavaScript code by Google, you can install a JavaScript blocker (e.g. www.noscript.net).
4.7 Google web fonts
This website uses so-called web fonts, made available by Google, to achieve the uniform display of fonts. When a page is called up, your browser loads the required web fonts in your browser cache in order to correctly display texts and fonts.
For this purpose, the browser you use must establish a connection to the Google servers. In this manner, Google is able to acquire the knowledge that our website was called up by your IP address. The purpose for using Google web fonts is to obtain a uniform and attractive display of our online offerings. This is a legitimate interest pursuant to Art. 6 para. 1, letter F DS-GVO.
If your web browser does not support web fonts, your computer will use a standard font.
You can obtain additional information on Google web fonts at https://developers.google.com/fonts/faq and in the Google data privacy statement: https://www.google.com/policies/privacy/.
4.8 Use of Google Tag Manager
On this website we use the “Google Tag Manager” by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland (“Google” for short)), with which website tags can be administered through a single interface (e.g. Google Analytics). Google Tag Manager is a cookie-less domain that does not collect personal data. It allows for the activation of other tags that might collect data under certain circumstances. Google Tag Manager does not have access to this data. If deactivation is performed by the user at a domain or cookie level, it remains in place for all tracking tags that were implemented with Google Tag Manager.
You can find additional information at https://www.google.com/intl/de/tagmanager/use-policy.html.
4.9 Use of the SalesViewer® technology:
On this website, data on marketing, market research, and optimisation goals are collected and stored using the SalesViewer® technology of SalesViewer® GmbH, on the basis of the legitimate interests of the website operator (art. 6, para 1(f) of the DSGVO [General Data Protection Regulation]). To this end, a java script-based code is used, which assists with the collection of company-related data and its corresponding use. The data collected using this technology is encrypted using a one-way function (aka hashing) that does not allow for retroactive accounting. The data is immediately pseudonymised and is not used to personally identify the visitors to this website. The data saved within the scope of SalesViewer is deleted as soon as it is no longer required for its intended purpose, and deletion is not prevented by any statutory safekeeping obligations. Consent for data collection and storage can be rescinded at any time with future effect by clicking on the link https://www.salesviewer.com/opt-out, in order to prevent future collection within this website by SalesViewer®. If consent is rescinded, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you will need to click on the link once again.
5. Conference tools used
5.1 Microsoft Teams
We use Microsoft Teams. The supplier is the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. You can find details on the data processing under the Data privacy statement of Microsoft Teams.
Order processing: We have entered into an order processing agreement with the above-mentioned supplier. This is an agreement explicitly requiring protection under data privacy law, which guarantees that the personal data of visitors to our website is only processed in accordance with our instructions and under adherence to the DSGVO.
6. Data safety / safe data transmission
We would like to emphasise that safety gaps may occur during the transmission of data in the internet (e.g., via e-mail). Thus, it is not possible for us to fully protect against access by third parties. We secure our IT systems (including our website(s)) using technical and organisational measures (TOM, for short) against unwanted entry, access, forwarding, inputting, loss and distribution, as well as destruction and alteration by unauthorised parties.
Your personal data is transmitted through the internet in secured form using the Secure Socket Layer coding system (256-bit SSL encryption).
7. Rights of affected persons / data protection officer
The contact person who protects your rights is our data protection officer (see below for contact data).
7.1 Right to object
You can object at any time to the use of your data, with future effect.
7.2 Right to correction
Further, you can request that incorrect information on your person be corrected, to the extent that you are unable to do this yourself.
7.3 Right to information
Under statutory provisions you can be informed, as part of your right to information, of what information pertaining to your person we have stored and for what purpose.
7.4 Right to data transmission
You have the right to request a transfer of your data from us to a different entity.
7.5 Right of appeal
Pursuant to Art. 77 DS-GVO, you have the right to lodge an appeal with a supervisory authority or responsible agency, insofar as you have a reason for objection.
7.6 Data protection officer
To the extent that you want to make use of your rights as an affected person, or of your rights to deletion or blocking, please contact our data protection officer with adequate legitimation, and preferably in writing:
defensIT
Herr Eike Droßard
Frankenstr. 2
56068 Koblenz
0261 – 988896422
info@defensit.de
eike.drossard@defensit.de
or to the address of CEGLA Medizintechnik GmbH & Co. KG, to the attention of the data protection officer:
Data Protection Officer
CEGLA Medizintechnik GmbH & Co. KG
Horresser Berg 1
56410 Montabaur, Germany
8. Our social media presence
Responsible
CEGLA Medizintechnik GmbH & Co. KG
Horresser Berg 1
56410 Montabaur/Germany
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
Based on this data collection method, the operators of the social media portals can create user profiles in which your preferences and interests are stored.
Based on the collected data, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media presences are intended to ensure the most comprehensive internet presence possible. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO (a German law for data protection). The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. A DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the collected data is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies the data processing operations for which we or Meta are responsible when you visit our Facebook page. You can view this agreement at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.
For details, see Facebook’s privacy policy:
https://www.facebook.com/about/privacy/.
Twitter
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can independently adjust your Twitter privacy settings in your user account. To do so, click on the following link and log in:
https://twitter.com/personalization.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, see Twitter’s privacy policy:
https://twitter.com/de/privacy.
Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 und
https://de-de.facebook.com/help/566994660333381.
For details on their handling of your personal data, please refer to Instagram’s privacy policy:
https://help.instagram.com/519522125107875.
Pinterest
We have a profile on Pinterest. The provider of this service is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter referred to as Pinterest). According to Pinterest, the collected data is potentially also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Joint Controller Addendum) with Pinterest. This agreement specifies which data processing operations we or Pinterest are responsible for when you visit our Pinterest page.
Pinterest is responsible for exercising your data subject rights. Please read more about this and the processing of your data by Pinterest on the following page:
https://policy.pinterest.com/de/privacy-policy
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
For details on their handling of your personal data, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy:
https://policies.google.com/privacy?hl=de.
9. External links and information on the website
We will accept no liability for external links and for third-party offerings made accessible in this manner. Further, we would like to point out that the information on this website is exclusively intended for information purposes and has no binding effect whatsoever.
10. Changes to the data privacy statement
Advancing technology, legal provisions, and even revised procedures may have an effect, among other things, on this data privacy statement. Therefore, we reserve the right to amend this data privacy statement at any time, with future effect. The most current version of the data privacy statement can be found on this website. Please visit this section of our website regularly, to stay informed of all valid regulations.
Last updated: 15/06/2022