Responsible body and data protection officer
91315 Höchstadt/ Aisch
Tel. +49 9193 500900
Contact data protection officer:
Responsible data protection supervisory authority
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Tel.: +49 981 531300
Data protection declaration of medwork GmbH
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU Data Protection Basic Regulation (EU DS-GMO) and the country-specific implementation laws applicable to us. With the help of this data protection declaration we inform you comprehensively about the processing of your personal data by medwork GmbH and the rights to which you are entitled.
Personal data is the information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address but also your IP address.
Anonymous data exists if no personal reference to the user can be established.
- The right to information (Art. 15 EU DS-GMO),
- The right to cancellation (Art. 17 EU DS-GMO),
- The right to rectification (Art. 16 EU DS-GMO),
- The right to data transfer (Art. 20 EU DSGVO),
- The right to restrict data processing (Art. 18 EU DS-GMO),
- The right to object to data processing (Art. 21 EU DS-GMO).
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling in so far as it is connected with direct advertising.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, if possible to: firstname.lastname@example.org.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
When processing your personal data, the provisions of the EU DS-GMO, the BDSG (new) and all other applicable data protection regulations are observed. Legal bases for data processing result in particular from Art. 6 EU DS-GMO.
We use your data for business initiation, to fulfil contractual and legal obligations, to execute the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent is also a data protection permission regulation. Here we inform you about the purposes of data processing and about your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent (Art. 6 I 1 a EU DS-GMO).
Processing of special categories of personal data in the sense of Art. 9 (1) EU DS-GMO only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of processing prevails (Art. 6 I 1 f EU DS-GMO).
We will only pass on your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, data will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).
Within our company, we ensure that only those persons receive your data who need it to fulfil their contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers.
Data will only be transmitted to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual obligation, is required by law or you have given us your consent.
We transfer your personal data to a service provider or to group companies outside the European Economic Area: USA.
Compliance with the data protection level is ensured by: EU standard contractual clauses.
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
In order to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously checked in cooperation with security experts and adapted to new security standards.
The data exchange from and to our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption for contact forms. Only we can decrypt this data. It is also possible to use alternative communication channels (e.g. by post).
Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
The context determines which data we process: This depends on whether you place an order online or enter an enquiry in our contact form, whether you send us an application or submit a complaint.
Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
- Name of the Internet service provider
- Information about the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your Internet Service Provider
- Requested files, transferred data volume, downloads/file export
- Information about the websites you visit, including date and time
- For reasons of technical security (in particular to prevent attempts to attack our web server) these data are stored in accordance with Art. 6 paragraph 1 letter F EU-DS-GMO. After 7 days at the latest, anonymization takes place by shortening the IP address, so that no reference to the user is established.
- Name, first name
- Information about wishes and interests (your message to us including the subject of your inquiry)
- All data that you provide to us by e-mail. We do not request the transmission of certain data.
We do not use purely automated processing processes to bring about a decision.
Our website also contains – clearly recognisable – links to the websites of other companies. As far as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of these pages.
At the time of linking, the linked pages were checked for possible legal infringements and recognisable infringements. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. Upon notification of violations of the law, such links will be removed immediately.
Our Internet pages use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive).
These cookies enable us to analyse how users use our websites. In this way we can design the website content according to the visitor’s needs. In addition, cookies enable us to measure the effectiveness of a particular ad and to have it placed depending, for example, on the user’s thematic interests.
Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer if they are valid (usually six months) or if you delete them yourself before they expire.
Most web browsers automatically accept cookies. However, you can usually change the settings of your browser if you prefer not to send the information. You can still use the offers on our website without restrictions (exception: configurators).
Please note: If you deactivate the setting of cookies, not all functions of our website may be fully usable.
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The tool tag manager itself (that implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
On the basis of our legitimate interest (i.e. our interest in the analysis, optimisation and economic operation of our online services as defined in Art. 6 Para. 1 lit. f. of the German Civil Code), we make no representations or warranties with respect to the accuracy, completeness or quality of the information provided.
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, by activating IP anonymisation on this website, your IP address will be shortened by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information for the purpose of evaluating website usage, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Sessions and campaigns are terminated after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns end after six months. Users’ personal data is deleted or anonymised after 14 months.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link [https://tools.google.com/dlpage/gaoptout?hl=de].
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data from this website in the future (under “Statistics”):
An opt-out cookie is stored on your device. If you delete your cookies, you must click this link again.
We would like to point out that on this website Google Analytics was extended by the code “gat._anonymizeIp” in order to guarantee an anonymous recording of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the DoubleClick cookie (see Google Adwords and DoubleClick) as well as the data from the Google advertising functions for purely statistical purposes. If you do not wish to do this, you can deactivate it via the ad default manager (https://www.google.de/settings/ads or https://www.google.com/settings/ads/onweb/?hl=de).
By certifying to the EU-US Privacy Shield
Google guarantees that the EU’s data protection requirements are also met when processing data in the USA.
Insofar as Google Ad Manager, a web advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), places advertisements (text ads, banners, etc.) on this website, your browser may store a cookie sent by Google Inc. or third parties. The information stored in the cookie may be recorded, collected and analysed by Google Inc. or third parties.
In addition, Google Ad Manager may use (re)marketing tags (also known as “web beacons”) to collect information. Through their use, for example, the visitor traffic on the website can be recorded and evaluated.
Processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6 Para. 1 lit. f DSGVO and you may exercise your rights at any time.
The information generated by the cookie and/or the (re)marketing tag about your use of this website may be transmitted to and stored by Google on servers in the United States.
Google uses the information obtained in this way to evaluate your usage behaviour with regard to the Google Ad Manager advertisements. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
If you are registered with a Google service, Google can assign the visit to your account.
You can object to tracking: You can set your browser so that you are informed when cookies are set and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
In addition, you can install the plug-ins provided by Google under the following link: https://www.google.com/settings/ads/plugin
Further information on the use of data by Google, setting and objection options can be found in Google’s data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
By certifying to the EU-US Privacy Shield
Google guarantees that the EU’s data protection requirements are also met when processing data in the USA.
On this website we use the reCAPTCHA feature of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function is mainly used to distinguish whether an entry is made by a natural person or whether it is misused by mechanical and automated processing.
The legal basis for the processing is Art. 6 para. 1 lit. f EU-DS-GVO on the basis of our legitimate interest in the security of our Internet presence and in the prevention of misuse and spam.
The query includes the dispatch of the IP address and any other data required by Google for the service reCAPTCHA to Google. For this purpose your input will be transmitted to Google and used there.
Google LLC, based in the United States, is certified to the U.S. Privacy Shield Agreement, which ensures compliance with EU privacy standards (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our website we use Google Fonts to display external fonts.
This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.Google LLC, based in the USA, is certified for the US European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
To enable the display of certain fonts on our website, a connection is established to the Google server in the USA when our website is accessed.
Legal basis is Art. 6 Para. 1 lit. f) DSGVO. Our justified interest lies in the optimisation and economic operation of our Internet presence.
By means of the connection to Google established when our Internet presence is accessed, Google can determine which website has sent your enquiry and to which IP address the representation of the text is to be transmitted.
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Maps is a web service that displays interactive (land) maps to help you visualize geographic information. Using this service will show you our location or the location of events and make it easier for you to get to us.
Already when you call up the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google’s servers in the USA and stored there. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in at Google, your data will be directly assigned to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. In particular, such evaluation is carried out in accordance with Art. 6 para. 1 lit.f DSGVO on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the design of its website to meet needs. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
By certifying to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active=a2zt000000001L5AAI&status=Active, Google guarantees that the EU’s data protection requirements are also met when processing data in the USA.
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our online offer.
By visiting our site, a device ID is generated in the local storage of your web browser and stored beyond the session, moreover, calling up the site leads to a connection with the Google Marketing Platform. When you start the video, it may trigger further data processing. We have no control over this.
When you’re logged in to Google, your information will be directly associated with your account. If you don’t want to be associated with your profile on YouTube, you’ll need to log out before activating the video.
YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Possibility of appeal: https://adssettings.google.com/authenticated
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Notes on data protection in the social media
medwork GmbH maintains various appearances in the “social media” in order to communicate with the users registered there and inform them about our offers.
We draw your attention to the fact that the use of these platforms with the functions made available by them is your own responsibility. This applies in particular to your specific usage behaviour on these platforms. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
With regard to the processing of your personal data, however, we have a joint responsibility with Facebook towards all customers, interested parties and users. We are aware of this responsibility and the protection of your data is important to us. Unfortunately, we cannot fully fulfill our responsibility because Facebook does not provide us with the transparency we need to fulfill our information obligations. However, we strive to take all necessary steps to protect your privacy.
We would also like to point out that when using the platforms, your data may be processed outside the European Union. By being certified according to the EU-US Privacy Shield, the US providers guarantee that the data protection requirements of the EU are also complied with when processing data in the USA.
In addition, your usage and user-related information may be processed for market research and advertising purposes. For example, user profiles can be created on the basis of your usage behaviour and the resulting interests. In this way, for example, advertisements can be placed inside and outside the platforms. Cookies are usually stored on your end device for this purpose. Irrespective of this, data that is not collected directly from your terminal device can also be stored in the user profiles (especially if you are a member of the respective platforms and are logged in to them).
As the provider of this information service, we also collect and process the following data from your use of our service:
- Facebook Insights (https://www.facebook.com/legal/terms/page_controller_addendum)
The processing of users’ personal data is carried out on the basis of our legitimate interests in effective information for users and communication with users pursuant to Art. 6 Para. 1 lit. f. EU-DS-GVO. If you are asked by the respective providers for their consent to data processing (e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 Para. 1 lit. a., Art. 7 EU-DS-GVO.
Possibility of objection
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored member data in the respective network, you must
- log out from the respective network before you visit our website,
- delete the cookies present on the device and
- close and restart your browser.
After logging in again, however, you will be recognizable to the network again as a specific user.
For a detailed description of the respective processing and the opt-out options, we refer you to the following linked information from the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can best be asserted with the providers. Because only the providers have access to the user data and can react directly to your inquiry and give information. Should you nevertheless need help, you can contact us.
Notes on copyright and art copyright
Should you wish to publish pictures, texts, plans, videos, music etc. on our website, you should be aware that you may assign all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights owner yourself.
There is a contact form on our website which can be used for electronic contact. If you write to us using the contact form, we will process the information you provide in the contact form to contact you and answer your questions and requests.
Here, the principle of data economy and data avoidance is observed, in that you only have to provide the data that we absolutely need to contact you. This is your email address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be entered optionally (e.g. for more individual answers to your questions).
If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your inquiry. If you only provide us with the mandatory information, you will not suffer any disadvantages. If you do not provide the mandatory information, we will unfortunately not be able to answer your message.
medwork GmbH is interested in maintaining customer relations with you and sending you information and offers about our products, services and events. Therefore, we process your data in order to send you relevant information and offers by e-mail.
If you do not wish to do so, you can object at any time to the use of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is connected with direct marketing. If you file an objection, we will no longer process your data for this purpose.
The objection can be made free of charge and free of form without giving reasons and should be addressed to +49 9193 500900, by e-mail to email@example.com or by post to “medwork GmbH, Medworkring 1, 91315 Höchstadt, Germany”.
Persons under 16 years of age may not transmit any personal data to us or submit a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children’s online activities and interests.