Data protection notice
Our handling of your data and your rights
Information pursuant to Articles 13, 14 and 21 General Data Protection Regulation – GDPR
We hereby inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.
Which data is processed in detail and how it is used depends largely on the products you have purchased from us.
1. Who is responsible for data processing and to whom can I contact?
Responsible authority is:
Healy World GmbH
Potsdamer Platz 1
You can contact our data protection officer at:
Healy World GmbH
Potsdamer Platz 1
2. What sources and data do we use?
We process personal data that we have received from you in the course of our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we have legitimately received from other sales partners of our products (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of a consent given by you). Relevant personal details are personal data (name, address and other contact data, birthday). In addition, this may also include order data (e.g. order documents), data from the fulfilment of our contractual obligations (e.g. contracts, delivery notes), product data (e.g. purchased devices, modules), advertising and sales data (including advertising scores), data about your use of our offered telemedia (e.g. newsletters) and other data comparable to the categories mentioned.
3. How we process your data (purpose of processing) and on what legal basis
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
For the fulfilment of contractual obligations (Art.6 para.1 letter b GDPR)
The processing of personal data (Art.4 No.2 GDPR) takes place for the provision and fulfilment of purchase transactions, in particular for the execution of our contracts or pre-contractual measures with you and the execution of your orders as well as all activities required with the operation and administration of a medical device manufacturer.
The purposes of data processing depend primarily on the specific product (e.g. device/system, module) and may include customer data management, customer product management, customer support and customer care.
Within the balancing of interests (Art.6 para.1 letter f GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples:
- Advertising or market and opinion research, unless you have objected to the use of your data;
- Enforcement of legal claims and defence in legal disputes;
- Measures for business management and further development of services and products.
On the basis of your consent (Article 6(1)(a) GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. advertising, information purposes), the legality of this processing is given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the validity of the GDPR, i.e. before 05.25.2018.
Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.
On the basis of legal requirements (Art.6 para.1 letter c GDPR) or in the public interest (Art.6 para.1 letter e GDPR)
In addition, as the sales department of a medical device manufacturer, we are subject to various legal obligations, i.e. legal requirements (e.g. Medical Devices Act – MPG).
The purposes of the processing include, among other things, the knowledge and storage of the whereabouts of medical devices and the fulfilment of fiscal control and reporting obligations.
4. Who gets my data?
Within the Healy World GmbH, those departments and employees receive the data they need to fulfil our contractual and legal obligations. Contractors used by us (Art.28 GDPR) may also receive data for these purposes. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, debt collection, consulting and sales and marketing.
We may only disclose information about you if required to do so by law, if you have given your consent or if we are authorized to provide such information. Under these conditions, recipients of personal data can be, for example:
Service providers or similar institutions to which we transfer personal data in order to carry out the business relationship with you (depending on the contract: e.g. logisticians).
Other recipients of data may be those bodies for which you have given us your consent to the transfer of data.
5. How long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that parts of our business relationship, e.g. our maintenance contract, are long-term debt relationships that are designed for years.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB), the Fiscal Code (AO), the Medical Devices Act (MPG), among others. The periods for storage and documentation specified there range from two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB) can normally amount to 3 years.
6. Is data transferred to a foreign country or an international organisation?
Data will only be transmitted to third countries (countries outside the European Economic Area (EEA)) if this is necessary or legally required for the execution of your orders. We use computer systems for customer data processing, whose servers are located outside the EEA, in the USA; these use a “privacy shield” and therefore comply with the requirements of the GDPR. We will inform you separately about details, if required by law.
7. What data protection rights do I have?
Any person concerned has the right of access under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR, the right to limitation of processing under Article 18 GDPR and the right to data transferability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Art.77 GDPR in conjunction with § 19 BDSG).
8. Is there an obligation for me to provide data?
In the context of our business relationship you only have to provide that personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.
9. To what extent is there automated decision making in individual cases?
Zur Begründung und Durchführung der Geschäftsbeziehung nutzen wir grundsätzlich keine automatisierte Entscheidungsfindung gemäß Art.22 DSGVO. Sollten wir diese Verfahren in Einzelfällen einsetzen, werden wir Sie hierüber gesondert informieren, sofern dies gesetzlich vorgegeben ist.
10. To what extent is my data used for profile development (scoring)?
We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
In order to be able to inform and advise you specifically about products, we use evaluation instruments. These enable demand-oriented communication and advertising, including market and opinion research.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
The use of our website is generally possible without providing personal data. As far as on our sides personal data (for example name, address or E-mail addresses) are collected, this takes place, as far as possible, always on voluntary basis. This data will not be passed on to third parties without your explicit consent. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Some of the Internet pages use so-called cookies. These Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general. You can also activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.
Server log files
The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
This data cannot be assigned to specific persons. This data is not combined with other data sources. We reserve the right to check this data subsequently if we become aware of specific indications of illegal use.
If you send us enquiries using the contact form, your details from the enquiry form, including the contact data you provided there, will be stored for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by a cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
We have activated the IP anonymization function on this website. This will cause your IP address to be shortened by Google within Member States of the European Union or in other states party to the agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
Objection to data collection
Contract data processing
We have entered into a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.
Demographic features on Google Analytics
This website uses the “demographic features” function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time from your Google Account display preferences or opt-out of Google Analytics collecting your information as described in the “Opt-out of data collection” section.
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Right to information, deletion, blocking
You have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing as well as a right to correction, blocking or deletion of these data at any time. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.
Contradiction advertising mails
We herewith object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.
Healy World GmbH
Potsdamer Platz 1
District court Berlin-Charlottenburg, HRB 197967 B
CEO: Babak Jafarian
Information about your right to object
according to Art.21 General Data Protection Regulation (GDPR)
1. Right of objection in individual cases
You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art.6 para.1 letter f of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art.4 No.4 GDPR, which we use for advertising purposes. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
2. The right to object to the processing of data for direct marketing purposes
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should be addressed to:
Healy World GmbH
Potsdamer Platz 1