PRIVACY STATEMENT ACCORDING TO THE DSVGO
We are very pleased about your interest in our company. Data protection is of particular importance for the management of LUMed GmbH. A use of our internet pages is basically possible without any indication of personal data. However, if an affected person wishes to use our company's special services through our website, personal data processing may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally request the consent of the affected person.
​
The processing of personal data, such as the name, address, e-mail or telephone number of an affected person, always takes place in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to LUMed GmbH. Through this privacy policy, our company seeks to inform the public about the nature, scope and purpose of the personal information we collect, use and process. Furthermore, affected persons are informed of their rights under this privacy policy.
​
Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.
​
1. Definition and Terminology
The privacy policy of LUMed GmbH is based on the terminology used by the European directive and regulatory authority when adopting the General Data Protection Regulation (DSGVO). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.
​
a) Personal data means any information related to an identified or identifiable natural person (affected person). An identifiable natural person is, directly or indirectly, related to an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
​
b) Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
​
c) Processing means any process or series of operations related to personal data, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
​
d) Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
​
e) Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects that are related to job performance, economic situation, health. To analyze or predict preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
​
f) Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subjected to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
​
g) The person responsible is a natural or legal person, public authority, body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the person responsible or the specific criteria for his designation may be provided for under Union or national law.
​
h) The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
​
i) Recipient is a natural or legal person, agency or other entity to whom personal data is disclosed, whether it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
​
j) Third party is a natural or legal person, public authority, body or other than the affected person, the person responsible, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
​
k) Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the affected person for the case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is
​
2. Name and Address of the Person Responsible
Person responsible in terms of general data protection regulations, any other data protection regulations of member states of the European Union and any other regulations with data protection meaning is:
LUMed GmbH
Ottostr. 7b
76344 Eggenstein-Leopoldshafen
Deutschland
Tel.: 0721 / 350 53 08
Fax: 0721 / 350 53 11
E-mail: info@lumed-gmbh.de
Website: www.lumed-gmbh.de
​
3. Extent of Processing of Personal Data
In general we process personal data of our users to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for compelling reasons and the processing of the data is permitted by law.
​
4. Legal Basis of Processing
The consented processing of personal data is based on the law of art. 6 I lit. a DSGVO.
For processing of personal data which is necessary for the performance of a contract to which the affected person is a party, Art. 6 I lit. b DSGVO is the legal basis. The same applies to processing operations that are necessary to carry out pre-contractual measures.
​
If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DSGVO.
​
In case vital interests of the affected person or any other natural person require the processing of personal data, Art. 6 (1) shall apply. c DSGVO as legal basis. This would be the case, for example, if a visitor to our premises was injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party.
​
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. DGSVO as legal basis for the processing.
​
5. Collection of general Data and Information
The LUMed GmbH website collects a series of general data and information each time the website is accessed by an affected person or an automated system. This general data and information is stored in the log files of the server. Data collected are:
(1) Used browser types and versions
(2) Operating system of the user
(3) Website from which an accessing website comes to our website (so-called referrer)
(4) Sub-webpages that are accessed via an accessing system from our website
(5) Date and time of the access
(6) IP-Address
(7) Internet service provider of the user
(8) other similar data and information related to security in the case of attacks on our information technology systems
When using this general data and information, LUMed GmbH does not draw conclusions about the affected Person. Rather, this information is needed to
(1) to show the correct content of our website
(2) the permanent functionality of our information technology systems and to ensure the technology of our website as well as
(3) to law enforcement agencies in case of cyberattacks for prosecution provide necessary information.
This anonymously collected data and information is evaluated by the LUMed GmbH to increase the privacy and data security in our company, to ultimately ensure an optimal level of protection for the personal data we process.
​
The data will be deleted as soon as it is no longer necessary for its collection. In case of collecting the data for providing the website, this is the case when the respective session is completed.
​
6. Cookies
The websites of LUMed GmbH use cookies. Cookies are text files that are stored on a computer system via an Internet browser. Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie.
​
It consists of a string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual's browser from other internet browsers that contain other cookies. A web browser can be recognized and identified by the unique cookie ID.
​
The use of cookies allows LUMed GmbH to provide users of this website with more user-friendly services that would not be possible without the cookie setting.
​
With a cookie the information and offers on our website can be optimized for user’s benefit. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies need not reenter their credentials each time they visit the website, as this is done by the website and the cookie stored on the user's computer system.
​
The affected Person can prevent the setting of cookies through our website at any time by setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an Internet browser or other software programs. This is possible with all common internet browsers. If the affected person deactivates the setting of cookies in the Internet browser, not all functions of our website may be fully usable.
​
7. Contact options via Website
On our website is a contact form available, which can be used for electronic contact. If a user takes this opportunity the data of the input mask will be transmitted and stored:
​
-
IP Address
-
Date and time of registration
-
Surname
-
Last name
-
Message
-
E-Mail (mandatory)
​
By the time of sending a message the following data will be stored:
-
IP-address
-
Date and time of registration
​
For processing of the data during the sending process your consent is obtained and referred to this privacy statement.
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
​
Purpose of Data Processing The purpose of the data processing of the personal data from the input mask is solely for processing the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
​
8. Routinely Deletion and Blocking of Personal Data
The data will be deleted as soon as the storage is no longer necessary. For the personal data collected through the contact form and those sent by e-mail, this is the case when each conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
​
9. Rights of the Person affected
If your personal data is processed, you are the person affected referring DSGVO and you have the following rights to the person responsible:
​
a) Right to information
Any person concerned by the processing of personal data shall have the right, granted by the European Directive and Regulatory Authority, at any time to obtain from the person responsible information free of charge on the personal data stored about him and a copy of that information. Furthermore, the European legislator and regulator has provided the affected person with the following information:
​
-
terms of use
-
the categories of processed personal data
-
the recipients or categories of recipients to whom the personal information has been disclosed or yet to be disclosed, in particular for beneficiaries in third countries or international organizations.
-
if possible, the planned duration for which the personal data are stored, or if this is not possible, the criteria for determining this duration
-
the existence of a right to rectification or erasure of the persons concerned data or limitation of processing by person responsible or a right to object to this processing
-
the existence of a right of appeal at a supervisory authority
-
if the personal data are not collected from the data subject
-
the existence of automated decision-making including profiling in accordance with Article 22 Abs.1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, and the implications and consequences of such processing for the affected person.
In addition, the affected person has a right to be informed whether personal data has been transmitted to a third country or to an international organization.
​
If this is the case, then the affected person is entitled to provide information about the appropriate guarantees in accordance with Art. Art. 46 DGSVO in connection with the transmission.
If an interested party wishes to exercise this right to information, they may at any time contact an employee of the person responsible.
​
b) Right to Rectification
Any person affected by the processing of personal data has the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning him / her. Furthermore, the affected person has the right to request the completion of incomplete personal data, including of a supplementary statement, considering the purposes of the processing.
If an affected person wishes to exercise this right of rectification, they may, at any time, contact an employee of the person responsible.
​
c) Right to erasure
Any person affected by the processing of personal data shall have the right granted by the European Directives and Regulators to require the controller to immediately delete the personal data concerning him, if one of the following reasons are fulfilled and processing is not required:
​
-
The personal data has been collected for such purposes or otherwise processed, for which they are no longer necessary.
-
the affected person disclaims the consent to use the personal data according to art. 6 para. 1 letter a DSGVO or art. 9 para. 2 letter a DSGVO and there is no other legal basis to process the data.
-
The affected person enters an objection according art. 21 para. 1 DSGVO and there are no legitimate reasons for processing the data, or the affected person disclaims the use of the data.
-
The personal data have been used illegal.
-
The deletion of personal data is required to fulfill a legal obligation by the EU or the law of the Member States to which the person responsible is subjected.
-
the personal data were collected referring services of the information society according art. 8 para. 1 DSGVO. If one of the above reasons is correct and an affected person wishes to arrange for the deletion of personal data stored at LUMed GmbH, they may at any time contact an employee of the person responsible. The employee of the LUMed GmbH will arrange that the deletion request to be fulfilled immediately.
d) Information of third parties
If the personal data has been made public by LUMed GmbH and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 (1) DSGVO, LUMed GmbH takes appropriate measures, including technical ones, considering the available technology and the implementation costs in order to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links to such as personal data or copies or replications of such personal data from those other data controllers unless the processing is not required
​
e) Right to limit Data Processing
Every affected person has the right to request the limitation by the person responsible of the data processing according to the law of the European directive and regulatory body, the following points preconditioned:
​
-
the correctness of the data is doubted by the affected person in a timely manner
-
the use of the provided data is wrongful and the affected person denies their right to delete the data and rather requests a limited use.
-
the person responsible has no longer any use of the provided data and the affected person still needs them to enforce legal rights.
-
the affected person claimed the use of the provided data according to art. 21 para. 1 DSGVO and this demand against LUMed hast still to be verified.
Beside these preconditions the affected person may contact LUMed GmbH anytime to request a limited use of the provided data
​
f) Data transferability
Every affected person has the right to receive the provided data in writing and machine readable from the person responsible. Furthermore, the affected person has the right to transfer these data to a third, not-involved party as far as
​
-
- The consent is based on art. 6 para. 1 letter a DSGVO or art. 9 para. 2 letter a DSGVO or on a contract according to art. 6 para. 1 letter b DSGVO and
-
- The processing is done through automated procedures concerning serving public benefits or exercising public authority.
Furthermore the affected person has the right to request a direct transfer of the provided data by the person responsible according to art. 20 para. 1 DSGVO. Rights and civic liberties must be unimpaired. To enforce this right every LUMed GmbH employee can be contacted.
​
g) Right to Disclaim
Every affected person or involved party has the right given by the law of the European directive and regulatory body to disclaim processing of personal data according to Art. 6 para. 1 letter e or f DSGVO. This includes consented terms of profiling. LUMed GmbH will stop processing the affected data unless processing this data must be continued due to compelling reasons that are preponderating rights and civic liberties of the affected person or are necessary for enforcement, plea or exercise of legal rights.
LUMed GmbH is processing personal data for direct marketing reasons. The affected person hast he right to disclaim processing of this data anytime for this purpose. This includes related profiling. LUMed GmbH will stop processing this data immediately.
​
Furthermore, the affected person has the right to disclaim the use of personal data anytime related to scientific or historical research purposes according to Art. 89 para. 1 DSGVO, unless the use for these purposes serves public interests. LUMed GmbH employees can be contacted for these reasons anytime. The affected person furthermore is at liberty to disclaim through automated procedures according to guideline 2002/58/EG.
​
h) Automated Decisions for individual Cases including Profiling
Every affected person or involved party has the right not to be subjected to fully automated processing of personal data – including profiling - by the European directive and regulatory body. This is related to any taking of effect or similarly affection or impairment as far as the decision is
1) necessary to conclude a contract between affected person and person responsible or
2) made on reasonable consent of the affected person LUMed GmbH is in charge to set up adequate actions to preserve rights and civic liberties. This includes the right to challenge the decision for the parties involved.
Therefore, the affected person can get in touch with an LUMed GmbH employee.
​
i) Right of revocation of data protection consent
Every affected person or party involved has the right to disclaim processing personal data by the law of the European directive and regulatory body. Use of data is continued until effective date of disclaiming.
10. Entitled Interests in processing of Person Responsible or Third Party
Processing of personal data is based on article 6 I lit. f DSGVO and in favor of employers and stakeholders.
​
11. Duration of data storage of personal data
Duration of data storage is regulated by law. By expiration of this statutory period data will be deleted frequently except usage of personal data is required contractual.
​
12. Legal or contractual Regulations for the Provision of Personal Data
Necessity for the conclusion of the contract; engagement of affected person to provide the personal data; optional consequences of prevention. We inform you that the provision of personal data can either be regulated by law (i.e. tax regulation) or by contract (i.e. statements of contractual partners). To conclude a contract, it might be occasionally necessary to process personal data provided by affected persons. Affected persons are bounded to provide personal data in case any contract is concluded. Preventing these data results in distracting contract conclusion. Affected and involved persons are asked to contact our staff to clarify detailed and individual if the provision of the data is regulated by law or contractual as well as the consequences of preventing them.