§ 1 Controller / data protection officer
(1) Zimmer GmbH Daempfungssysteme (Am Glockenloch 2, 77866 Rheinau, Germany) assigns high priority to the protection of your personal data and your privacy rights. Following and complying with the data protection and data security laws has become second nature to us. All details about your person, such as your title, first name, last name, postal address, phone number, fax, e-mail address, IP address, etc., are termed personal data. We wish to inform you about when and which data we collect and how we use them.
(2) If you have any questions or issues about data protection, please contact the data protection officer by e-mail to datenschutzbeauftragter@zimmer-group.de or by letter to Datenschutzbeauftragter, Zimmer GmbH, Im Salmenkopf 5, 77866 Rheinau, Germany.
§ 2 Your rights as the data subject
(1) By contacting our data protection officer, you may exercise the following rights at any time:
· information about your data in our storage facilities and how they are used (Art. 15 GDPR),
· rectification of incorrect personal data (Art. 16 GDPR),
· erasure of your data in our storage facilities (Art. 17 GDPR),
· restriction of data processing when legal obligations still prevent us from erasing your data (Art. 18 GDPR),
· objection to our processing your data (Art. 21 GDPR), and
· data portability when you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
(2) If you have granted us your consent, you may revoke this at any time with future effect.
(3) When you have cause for complaint, you may also contact a supervisory authority at any time, e.g. the supervisory authority responsible in the federal state of your domicile or the authority responsible for us.
· Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
(State Commissioner for Data Protection and Freedom of Information)
· Street address: Königstrasse 10 a, 70173 Stuttgart, Germany
· Postal address: Postfach 10 29 32, 70025 Stuttgart, Germany
· Phone: +49 711 615541-0, Fax: +49 711 615541-15
· E-mail: poststelle@lfdi.bwl.de
§ 3 Website access
Every time you access our website and every time you retrieve a file provided there, this is logged. This record serves internal system-based purposes. The record logs: date and time of retrieval, the called URL, the protocol used for the call (e.g. http/1.1), the origin, i.e. the calling page (e.g. Google), and the caller’s user agent (details on browser, e-mail client, etc.). For security reasons, also the IP address is logged. This log is accessed only for the tracking of criminal activities in the event of security breaches and is retained for ten (10) weeks. Personal user profiles are not generated! Legal basis is point (f) of Art. 6(1) GDPR.
§ 4 Cookies
(1) The website uses so-called cookies in several places. A cookie is an element of data that a website sends to your browser to store on your system as an identifier that identifies your system. Cookies are often only used to measure the use (number of visitors and duration of a visit) and effectiveness (topics that the visitor is most interested in) of a website and to simplify navigation or use and as such are not linked to personal data. But they can also be used to personalize a known visitor’s website experience. A user reference can then be established here by assigning profile information or user settings. Over time, this information provides valuable insights that will help us improve the user experience on a website.
(2) Cookies are usually divided into session cookies and permanent cookies. Session cookies allow you to navigate efficiently through the website, whereby the cookies log your path through the individual web pages so that you are not asked to enter information that you have already entered recently during the same visit to the website in question. Session cookies are stored in temporary storage and deleted as soon as the web browser is closed. Permanent cookies, on the other hand, save user settings for the current visit and for future visits to the website. They are saved on your hard drive and are still valid when you restart the browser. For example, we use permanent cookies to record your language selection and country information.
(3) Since required (most basic functions of the website) and functional (analysis of website usage to improve performance) cookies enable you to use some functions of our website, we recommend that you do not save them in your browser. To generally deactivate settings. If your browser allows the exclusion of third-party cookies (so-called marketing cookies or targeting cookies to display advertisements and track your path on the Internet), the functionality of our website is not affected.
§ 5 Google Webfonts
These web pages use external fonts, so-called Google Fonts. Google Fonts is a service of Google, Inc. (referred to hereinafter as “Google”). These web fonts are incorporated by means of a call to a server, usually a Google server in the USA. This also transmits to the server which of our web pages you have visited. Google also stores the IP address of the browser used on the visitor’s terminal when accessing these web pages. Further details can be found in the Google privacy policy here.
§ 6 Use and communication of personal data
(1) When you provide us with your personal data, we use these only to reply to your requests, for technical administration, and, if you have consented thereto, for our marketing. Your personal data are communicated or otherwise transmitted to third parties only when this is necessary to conclude the contract (specifically the communication of purchase order data to suppliers), we are obliged to do so under the law, or you have consented thereto beforehand.
(2) You have the right to revoke the consent you have granted previously at any time with future effect.
(3) Stored personal data are erased when you revoke your consent to their storage, when they are no longer necessary to fulfil the purpose pursued at the time of their storage, i.e. the process has been concluded and there are no statutory retention periods to the contrary, or when their storage violates other laws. If erasure of the data is not possible, they are quarantined for the duration of the statutory retention period.
(4) In the event of conduct in breach of contract, we may forward your personal data to those persons authorised to enforce the demands and rights of Zimmer GmbH Daempfungssysteme.
§ 7 Online ordering
(1) When ordering online, you provide your personal data, i.e. details serving to identify your person (e.g. name, first name, phone number, e-mail address). As a private person, you may order as a “Guest” without first having to set up a customer account or, as an alternative, a password-protected customer account. As a contractor, you are obliged before ordering to create a customer account and to register your company.
The customer account presents an overview of orders placed and ongoing order processes. In this case, the operator accepts no liability for password abuse, provided that this has not been caused by the operator itself. When personal data such as name, postal address, e-mail address, etc., are collected on our pages, this information, whenever possible, is always provided on a voluntary basis. We use your data solely for the purpose of contract fulfilment. Before your ordered goods can be shipped, the data essential to delivery or order handling are communicated to service providers (e.g. DHL). Your data are erased when their storage is no longer necessary or all legal retention periods have expired.
(2) We transmit personal data to third parties only when the conclusion of contract makes this necessary, e.g. the credit institute authorised to transact the payment.
(3) Data are transmitted for no other reason or only when you have consented explicitly to this transmission. Your data are not communicated to third parties without your explicit consent, e.g. for advertising purposes.
(4) Data processing is based on point (b) of Art. 6(1) GDPR, under which data processing is permitted for the purpose of fulfilling a contract or taking steps prior to entering into a contract.
§ 8 PayPal
(1) Our website offers the option of payments via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (referred to hereinafter as “PayPal”).
(2) When you select PayPal as your payment mode, the payment details you have entered are transmitted to PayPal.
(3) Your data are transmitted to PayPal in compliance with point (a) of Art. 6(1) GDPR (consent) and point (b) of Art. 6(1) GDPR (processing for the performance of a contract). You may revoke your consent to data processing at any time. A revocation does not affect the applicability of past data processing.
§ 9 Registration on this website
(1) You can use additional site functions by registering on our website. The data you provide we use only for the purpose of providing the offer or service you have registered for. You must provide to the full extent the mandatory details needed for your registration. Otherwise, your registration will be rejected.
(2) We use the e-mail address you provided for your registration to inform you of all important changes, e.g. to available offers or product specifications.
(3) The data you enter for your registration are processed on the basis of your consent (point (a) of Art. 6(1) GDPR). You may revoke at any time any specific consent you have granted. This requires only an informal e-mail sent to us. This does not affect the lawfulness of prior data processing.
(4) The data you provide for your registration are retained in our storage facilities for as long as you are registered on our website, after which they are erased. This does not affect statutory retention periods.
§ 10 Other
(1) We do not employ any automated processing that culminates in automated decision-making or your personal profiling.
(2) Zimmer GmbH Daempfungssysteme uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel-code technology is used to collect, process and store data in order to create at least pseudonymised, but where possible and sensible, completely anonymous user profiles. Data collected, which may initially still include personal data, is transmitted to Visable or is collected directly by Visable and is used to create the aforementioned user profiles there. Visitors to this website are not personally identified and no other personal data is merged with the user profiles. If IP addresses are identified as personal, they are immediately deleted. You can object to the processing operations described with future effect at any time: Exclude visitor recording (Note: Link sets a 1st-party cookie for an opt-out)
§ 11 Safety advisory
By implementing the full range of technical and organisational measures, we make every effort to store your personal data in such a manner that they are inaccessible to third parties. When communicating by unencrypted e-mail, we cannot warrant full data security. In the case of confidential data, therefore, we recommend the postal services.