Information on the processing of customer and business partner data

We provides you with information about the processing of your personal data by Geratherm Medical AG and your rights under data protection legislation.

1. Who is responsible for data processing, and who is the data protection officer?

The controller of data processing within the meaning of data protection legislation and other data protection provisions, in particular Art. 4 No. 7 of Regulation (EU) 2016/679 of 27.4.2016 (hereinafter referred to as the GDPR), is:

Geratherm Medical AG
Fahrenheitstrasse 1
98716 Geschwenda
Tel.: (036205) 980
Website: www.geratherm.com
Email: info@geratherm.com

Dr. Gert Frank is the authorised representative.

Contact details of our data protection officer:
Geratherm Medical AG
Fahrenheitstrasse 1
98716 Geschwenda
Tel.: (036205) 980
Website: www.geratherm.com
Email: info@geratherm.com

Of course, you may also contact the controller with any questions you have about data protection. We also have complete versions available for inspection of the Federal Data Protection Act as published on 14 January 2003 (Federal Law Gazette I p. 66), last amended by Art. 10 Para. 2 of the Act dated 31 October 2017 (Federal Law Gazette I p. 3618) (hereinafter referred to as the FDPA (new)), and of the EU General Data Protection Regulation (hereinafter referred to as the GDPR), which has been legally binding since 25 May 2018.

2. The collection and storage of personal data, and the nature and purpose of their use
When you establish contact or enter into a contractual relationship with us, we collect the following information:
• Title, first name, surname, email address
• Address
• Telephone number (landline and/or mobile phone)
• The information (economic profile and commercial data) required for implementation of your project.

This data is collected
• so that we can identify you as our business partner or customer
• to enable us to correspond with you
• for invoicing purposes.

The data is processed at your request; pursuant to Art. 6 Para. 1 Sent. 1 Letter b GDPR, this processing is necessary for the aforementioned purposes so that the business relationship can be managed in the appropriate manner, and so that both parties can meet their obligations under the contractual relationship which they have concluded.
The personal data which is collected is stored and then deleted at the end of the statutory prescribed period for claims arising from the contractual relationship, i.e. in most circumstances once three years have elapsed since the end of the year in which the claim first arose, unless we are obliged to store such data for a longer period pursuant to Art. 6 Para. 1 Sent. 1 Letter c GDPR because of our obligations regarding the retention and documentation of data under tax or commercial law (on the legal basis of the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Fiscal Code (AO)), or if you have consented to a longer period of retention pursuant to Art. 6 Para. 1 Sent. 1 Letter a GDPR.

3. Disclosure of data to third parties

Your personal data shall not be disclosed to third parties for reasons other than those specified below.
Your personal data shall be disclosed to a third party if this is necessary for the management of a contractual relationship with you pursuant to Art. 6 Para. 1 Sent. 1 Letter b GDPR. This includes in particular disclosure to participants in the project and their representatives. Data shared in this way may only be used by the third parties for the specified purposes.

4. Rights of the data subject

You are entitled
• pursuant to Art. 7 Para. 3 GDPR to withdraw the consent you have given us at any time. This will result in us no longer being allowed to continue processing your data in the future where this requires your consent;
• pursuant to Art. 15 GDPR to request information about personal data concerning yourself which we are processing. More specifically, you are entitled to information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request rectification, erasure, or the restriction of processing, or to object to such processing, the right to lodge a complaint, the source of the data where they have not been collected by ourselves, and the existence of automated decision-making, including profiling, and meaningful information about the logic involved;
• pursuant to Art. 16 GDPR to obtain the rectification without undue delay of inaccurate personal data concerning yourself and/or to have incomplete personal data completed which is stored by us;
• pursuant to Art. 17 GDPR to obtain the erasure of personal data concerning you which is stored by us unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR to the restriction of processing of personal data concerning yourself where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose its erasure and we no longer need the personal data, but you require them for the establishment, exercise or defence of legal claims, or where you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive the personal data concerning yourself which you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller; and
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. This can usually be the supervisory authority with jurisdiction at your habitual place of residence or place of work, or at our company headquarters.

5. Who can I turn to if I want to complain?

You are entitled to lodge a complaint about the nature, content or scope of the data processing with the aforementioned data protection officer or a supervisory authority (Art. 77 GDPR in conjunction with Art. 19 FDPA (new)). The supervisory authority with jurisdiction in our case is:
Der Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit,
Hässlerstrasse 8,
99096 Erfurt
Tel.: (0361) 57311 2900

6. Right to object

If processing of your personal data is necessary on the basis of legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 Letter f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation. If you wish to exercise your right to object, it will suffice to send an email to: datenschutz@geratherm.com