1. Responsible authority
This website and the services offered are operated by:
Interlock Medizintechnik GmbH, Zum Windpark 1, 23738 Lensahn, Germany
|Phone:||+49 4363 905900|
|Fax:||+49 4363 90590590|
2. General information
We have designed the website to collect as little information from you as possible. It is generally possible to visit our website without providing personal data. Only when you decide to use certain services (e.g. using the contact form, creating a customer account, registering for the newsletter) is it necessary to provide personal information. Here we make sure that your personal information is collected only according to the legal regulations or when you give your consent. We comply with the regulations of the General Data Protection Regulation (GDPR) and the respectively applicable national regulations such as the Federal Data Protection Act, the Telemedia Act or other special legislation on data protection.
3. Intended use and legal basis for processing personal information
We process your personal information for certain purposes.
Your personal information is usually processed for the following purposes:
a) To interact with you when you contact us (e.g. email address, first name, last name);
b) To operate our website and to provide you with information on this website (e.g. IP address, cookies , browser information)
c) To send newsletters with information about our offers and news about our services (e.g. name, email address)
d) To be able to enter into a contract with you and process orders (e.g. contract concerning our online shop).
e) To ensure that our website is as effective as possible and presented to you in an interesting manner (e.g. statistical analysis via Google Analytics);
The actual purposes for the processes are described here (e.g. contact form, web analysis, newsletter, etc.).
Regarding the legal basis for processing your personal information, the following applies:
We collect and use personal data which are required for explaining, implementing or processing our services (contract processing) on the legal basis of Art. 6 Para. 1 lit. b GDPR. If you give us your consent to process your personal data, the consent forms the legal basis for data processing in accordance with Art. 6 Para. 1 lit. a GDPR. Data processing is also permitted, if we collect and use your data to protect our legitimate interests and when your interests or basic rights and basic freedoms in this regard are not infringed on as a result of the processing of personal data. To the extent that we use external service providers as part of contract data processing, your data is processed on the legal basis of Art. 28 GDPR.
4. Collected and processed personal data
When providing our web services we collect and process certain personal data from you. The exact type of data we process, includes data you provide to fill out forms on the website (e.g. contact form) and also personal data needed to inform you about the data processed within the processing steps described here, respectively.
In summary, we collect and use the following data about you on our website:
General contact data:
- Last name, First name
- Email address
- Content of messages
- Last name, First name
- Email address
5. Collecting personal data during a visit to our website
If you are only using the website for information purposes, i.e. if you do not register or provide us with any other information, we will only collect the personal data that is transmitted to our server by your browser. If you would like to visit our website, we will collect the following data which is required for technical reasons in order to display our website to you and to guarantee stability and to keep our website secure (Legal basis is Art. 6 Para. 1 Clause 1 lit. f GDPR):
– IP address
– Date and time of query
– Time zone difference to Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status /HTTP status code
– Each transmitted data quantity
– Website, from which the request came
– Operating system and its interface
– Language and version of browser software.
6. Inclusion of services of other suppliers
Our website uses content and services of other suppliers. These include for example services for statistical analysis of website use and visits, or to include videos from video platforms. So that these data can be accessed and presented in the browser of the user, it is imperative that the IP address of the user is transmitted to this third-party provider.
On our website information is collected and stored using so-called browser cookies. Cookies are small text files which are stored on your data carrier and which store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumerical identification code.
Cookies make it possible for our systems to recognize the device of the user and possibly to make pre-settings immediately available. As soon as a user accesses the platform, a cookie is transferred onto the hard drive of the computer of the respective user. Cookies help us to improve our website and to provide you with improved services tailored to your needs. It makes it possible to recognize your computer or your (mobile) device, if you return to our website and in doing so:
- To store information about your preferred activities on the website and therefore to provide information within our website that match your individual interests.
- To speed up processing of your queries.
We work together with third-party providers who support us with internet services and help us make the website more interesting for you. When visiting the website cookies from these partner companies (third-party providers) are therefore stored on your hard drive. These are cookies which are automatically deleted after a prescribed time.
A list of the cookies we use can be found in the following table:
|Cookie Name||Initial supplier cookies or third-party provider cookies?||Description / function||Standard elapsed time|
|FRONTEND||Magento||Your session ID on the server.||1 hr.|
|FRONTEND_CID||Magento||Your session ID on the server.||1 hr.|
|EXTERNAL_NO_CACHE||Magento||A flag, which indicates whether caching is disabled or not.||1 hr.|
|CART||Magento||The association with your shopping cart.||1 hr.|
|CATEGORY_INFO||Magento||Stores the category info on the page, that allows to display pages more quickly.||1 hr.|
|COMPARE||Magento||The items that you have in the Compare Products list.||1 hr.|
|CURRENCY||Magento||Your preferred currency||1 hr.|
|CUSTOMER||Magento||An encrypted version of your customer ID with the store.||1 hr.|
|CUSTOMER_AUTH||Magento||An indicator if you are currently logged into the store.||1 hr.|
|CUSTOMER_INFO||Magento||An encrypted version of the customer group you belong to.||1 hr.|
|CUSTOMER_SEGMENT_IDS||Magento||Stores the Customer Segment ID||1 hr.|
|GUEST-VIEW||Magento||Allows guests to edit their orders.||1 hr.|
|LAST_CATEGORY||Magento||The last category you visited.||1 hr.|
|LAST_PRODUCT||Magento||The most recent product you have viewed.||1 hr.|
|NEW MESSAGE||Magento||Indicates whether a new message has been received.||1 hr.|
|NO_CACHE||Magento||Indicates whether it is allowed to use cache.||1 hr.|
|RECENTLY COMPARED||Magento||The items that you have recently compared.||1 hr.|
|STORE||Magento||The store view or language you have selected.||1 hr.|
|VIEWED_PRODUCT_IDS||Magento||The products that you have recently viewed.||1 hr.|
|OptanonConsent||OneTrust||Cookies Consent Notice (Infos: landingPath, datestamp, version, groups, AwaitingReconsent)||Session|
|OptanonAlertBoxClosed||OneTrust||Cookies Consent Notice Flag||Session|
Inclusion of cookies is based on the legal basis of Art. 6 Para. 1 lit. f. GDPR, to the extent that these are functional cookies required for operation of the website and on the other hand on the legal basis of Art. 6 Para. 1 lit. a GDPR, i.e. your consent for cookies to evaluate your user behaviour and for statistical purposes. The legitimate interest within the meaning of 6 Para. 1 lit. f GDPR is given from the purposes mentioned in 3 b.
8. Contacting us (contact form)
You can contact us by email or via our contact form. In this case we store personal information you share with us in order to process your questions or concerns and to contact you for this purpose. To the extent that we request information via our contact form, we have marked the mandatory fields required for contacting us correspondingly (asterix). Voluntary information allows us to understand your query and to improve the processing of your concern. The data called up are transmitted to us strictly voluntarily by you.
Depending on the type of query the legal basis for this processing is Art. 6 Para. 1 lit. b GDPR for queries which you pose yourself as part of pre-contractual actions or Art. 6 Para. 1 Clause 1 lit. f GDPR if your query is of other nature. Legitimate interest is given from the purposes mentioned in 3a. If personal data is used which is not required to fulfil an agreement or to keep our legitimate interest, the the personal data is transmitted to us on the basis of your consent provided in accordance with Art. 6 Para. 1 lit. a GDPR.
9. Online shop and customer account
If you would like to order from our web shop, it is necessary for contract conclusion that you provide personal data which is required for the processing of your order. For the processing of contracts mandatory information is marked separately, other data are voluntary. We process the data provided by you in order to handle your order. To do so, we may forward your payment data to our bank.
In addition you can voluntarily create a customer account (registration), through which we can store your data for future purchases. When creating a customer account the data given by you are stored until revoked. If you decide to create a customer account, at first only the following personal data are collected and processed during registration.
- Email address
After registering you can add additional information to your customer account. This includes the following data:
- Last name, First name
- Email address
- Delivery address
- Invoice address
We use what is known as a double opt-in procedure for registration, i.e. your registration is concluded only if you click on the link of a confirmation email sent to you to confirm your registration. If you do not confirm within 24 hours, your registration will be automatically deleted from our database. If certain personal information about you is mandatory, we have marked these mandatory fields correspondingly (asterix).
You can edit or also delete your data, including your user account in the customer area at any time. We can also process the data provided by you in order to inform you of additional interesting products from our portfolio or to send you emails with technical information.
Due to trade and tax-related stipulations we are obligated to store your address, payment and order data for a duration of ten years. However, after two years we restrict processing of these data to only maintain the legal obligations.
To avoid unauthorised third-party access to your personal data, especially your financial data, the order process is encoded using TLS technology.
Personal data which are mandatory to deliver goods or to process contracts are forwarded by us to contracted suppliers. This involves the following categories of providers:
- Delivery service providers
Legal basis for the processing of your aforementioned data is Art. 6 Para. 1 Clause 1 lit. b GDPR if this involves data required to fulfil an agreement. For the rest, the data are processed on the basis of our legitimate interest to provide our customers with their own customer area in which they can manage their orders and data provided by us. The legal basis for this is Art. 6 Para. 1 lit. f GDPR.
10. Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses "Cookies". These are small text files that your web browser stores on your computer and make it possible to analyse use of the website. Cookies used to create information about your use of our website, are transferred to a server at Google and stored there. Server location is usually the USA.
The setting of Google Analystics Cookies is performed on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
We use Google Analytics in connection with the function IP anonymisation. This ensures that Google shortens your IP address within Member States of the European Union or in other contract states of the Agreement within the European Economic Area prior to transmission to the USA. There can be cases of exception in which Google transmits the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website in order to compile reports about website activities and to provide additional services relating to website and internet use. There are no compilations of the IP addresses transmitted by Google Analytics with other data from Google.
The setting of cookies by your web browser is preventable. Some functions of our website can be limited however as a result. You can also disable the collecting of data with regard to your website utilisation including your IP address together with the subsequent processing by Google. This is possible if you download and install the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout
In order to fully comply with the statutory data protection regulations we have concluded a contract about order processing with Google.
Alternatively you can disable Google Analytics also by opting out by clicking here. If you delete cookies in your browser, you will have to re-click this link afterwards.
11. Google Tag Manager
Google is certified for the US-European Data Protection Agreement “Privacy Shield”. This Data Protection Agreement should guarantee compliance with valid EU data protection policies.
12. Use of YouTube
For the integration and presentation of video content our website uses plug-ins from YouTube which is operated by Google. Provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When calling up a site with integrated YouTube Plug-in, a connection to the YouTube servers is established. YouTube is hereby informed which of our sites you called up.
YouTube can allocate your surf behaviour directly to your personal profile if you are logged in to your YouTube account. You can disable this function by logging out beforehand.
We use YouTube to make our online services more enjoyable for you. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
14. Newsletter (via MailChimp)
With your consent you can sign up for our newsletter with which we will inform you about current offers that may be of interest to you. The goods and services acquired are mentioned in the Consent Form.
To register for our newsletter we use the double opt-in procedure. This means that we will send an email to your email address after you register with us in which you are requested to confirm that you wish to receive our newsletter. If you do not confirm your registration within 60 days, your information will be blocked and automatically deleted. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this is to show proof of your registration and if necessary to be able to clarify possible abuse of your personal data.
The only mandatory information required to send the newsletter is your email address. Any other information, specially marked data is voluntary and is used in order to be able to contact you personally. After you confirm we will store your email address in order to send you newsletters. Legal basis is Art. 6 Para. 1 clause 1 lit. a GDPR.
In order to manage our newsletter distribution and to design the newsletter as simple as possible, we use the external newsletter provider “MailChimp”. MailChimp is a newsletter distribution platform of the provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The Rocket Science Group LLC d/b/a MailChimp is certified in accordance with the Privacy Shield Agreement. This guarantees that the provider must comply with European Data Protection Legislation. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
We use the newsletter provider on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR and an order processing agreement in accordance with Art. 28 Para. 3 Clause 1 GDPR.
The newsletter service provider can use the data of the newsletter recipient in pseudonymised form, i.e. without allocation to the user, in order to optimise or improve its own services. This can e.g. be technical optimisation of distribution of the presentation of the newsletter or use of the data for statistical purposes. The newsletter service provider does not use the data of our newsletter recipient in order to write to these themselves or in order to forward the data to third-parties. The data protection provisions of the newsletter service can be viewed here at: https://mailchimp.com/legal/privacy/.
Your consent to receiving the newsletter can be withdrawn at any time and the newsletter cancelled. The withdrawal can be performed by clicking on the link provided in each newsletter email, via this form: Unsubscribe Newsletter, send email to email@example.com or by declaring your wish to opt-out in a message to the contact data given in the Legal Notice.
15. Rights of the affected person
You have the right:
- in accordance with Art. 15 GDPR to request information from us about the personal data we process. In particular you can obtain information about why we collect your data, the type of personal data we collect, to whom we disclose these data, how long we store your data, what you can do to have your data corrected, deleted, to restrict or object to the processing of your data, what legal action you can take, the origin of your data, if these have not be acquired by us, and whether automatic decision finding, including profiling exists and request where applicable detailed information thereof;
- In accordance with Art. 16 GDPR to request immediate correction of incorrect data or completion of your personal information which we store;
- In accordance with Art. 17 GDPR to request deletion of your personal data which we store, if this does not involve processing to exercise the right to free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or protect legal claims;
- in accordance with Art. 18 GDPR to request restriction of processing of your personal data if you do not feel that the data is accurate, that the processing is illegitimate, but you refuse to delete the information and we no longer need the data, but you need the data in order to assert, exercise or defend legal claims or if you have objected to the processing in accordance with Art. 21 GDPR;
- In accordance with Art. 20 GDPR your personal data which you have provided to us to maintain in a structured, conventional and machine legible format or to request the transmission to another responsible party (Data portability);
- In accordance with Art. 7 Para. 3 GDPR to withdraw your consent given to us. This has the consequence that we are no longer allowed in the future to continue processing data which was based on this consent and
- in accordance with Art. 77 GDPR to file a complaint with a supervisory authority . As a general rule you can seek advice from your local supervisory authority where you reside or at the workplace or at our business address.
- Right of objection
If your personal data are processed on the basis of legitimate interest in accordance with Art. 6 Para. 1 Clause 1 lit. f GDPR you have the right in accordance with Art. 21 GDPR to object to the processing of your personal data if there are reasons which are considered good cause or if the objection is due to direct advertising. In the latter you have a general right of objection that will be implemented without giving good cause.
If you wish to exercise your right to withdraw your consent, simply send an email to firstname.lastname@example.org.
16. Sharing your personal data
The forwarding of your personal data is performed as described below.
The hosting of the website is performed with an external provider in Germany. Here, we ensure that data processing is performed exclusively in Germany. This is required to operate the website, and for the reason to implement and to process the existing utilization agreement and is also possible without your consent.
Your data is forwarded also if we are authorised or obligated due to legal provisions and/or official or court orders to disclose your data. Here in particular this can be the provision of information for purposes of law enforcement, emergency response or for implementation of copyrights.
In the event that your data has been transmitted to a provider in the required scope these only have access to your personal data to the extent necessary to fulfil their duties. These providers are obligated to treat your personal data according to the valid data protection laws, in particular the GDPR.
As a general rule, we do not provide your data to third parties beyond the aforementioned circumstance without your consent. In particular we do not forward any personal data to an office in a third world country or an international organisation.
17. Data security
Unfortunately the transmission of information via the internet is never 100% secure, which is why we are unable to guarantee the safety of data transmitted via the internet to our website.
However, we do ensure that your data has been secured by technical and organisational action against loss, destruction, access, alteration or distribution of your data by unauthorised persons.
In particular we transmit your personal data encoded. To do so we use the coding system SSL/TLS (Secure Sockets Layer/ Transport Layer Security). Our security measures are improved corresponding to the technological development on an ongoing basis.
18. The duration of storage of personal data
With regard to the duration of storage we delete personal data as soon as storage thereof is no longer required to fulfil the original purpose and no legal retention periods exist. The legal retention periods form lastly the criterion for the final duration of storing personal data. After expiration of the retention period the corresponding data is routinely deleted. Due to the existence of retention periods the process is restricted due to blockage of the data.
19. References and links
Third-party providers can have deviating and independent provisions about how they collect, process and use personal data. It is therefore recommended that you inform yourself about how internet sites of third parties handle your personal data in practice before you provide them with personal data.
21. Data protection officer
We have commissioned the following as Data Protection Officer:
23568 Lübeck, Germany
Last updated: August 2018