DATA PROTECTION NOTICE
We, the companies of the DENTAURUM Group, attach great importance to the protection of your personal data and adherence to the requirements of the data protection laws.
In this notice you are given essential information about data collection and data processing and the rights you enjoy under data protection law.
What data are collected and processed by us and in what way they are used by us depends on the circumstances of the specific individual case, so not all of the information may apply to you.
I. NAME AND ADDRESS OF DATA CONTROLLER
The "data controller" as defined by the EU General Data Protection Regulation (GDPR), the data protection laws of the member states and other requirements of data protection law is:
DENTAURUM GmbH & Co. KG
Turnstr. 31 – 75228 Ispringen / Deutschland
The data controller’s data protection officer is:
II. GENERAL INFORMATION ABOUT DATA PROCESSING
Data security – data access
All data are treated in strict confidence. We always process personal data in accordance with the data protection requirements in force at any time and in accordance with the principles of data avoidance and data economy and only so far as is necessary to perform and process orders, to provide contractually due services and to provide a functionable Website.
The data collected by us are protected by technical organisational security precautions against unauthorised access and manipulation, and every employee who has access to personal data is instructed in data protection law and sworn to abide by the requirements of the GDPR and to secrecy.
On our Website personal data are both collected and, where necessary, transmitted in the form of obligatory SSL encryption.
Personal data are stored at computer centres in countries of the European Union.
Personal data are regularly collected and processed only with the agreement of the data subject. If we obtain the data subject’s prior agreement to the processing of such data, we do so on the legal basis of Art. 6 Para. 1 Point a GDPR. Exceptions are made only in instances where agreement has not been able to be obtained for factual reasons and data processing is permitted by legal regulations.
The legal basis for the processing of personal data that is necessary for performance of a contract with the data subject is Art. 6 Para. 1 Point b GDPR. This also applies to processing operations that are necessary for a precontractual measure.
In instances where data processing is necessary to fulfil our company’s legal obligations it is done on the legal basis of Art. 6 Para. 1 Point c GDPR.
If the data subject’s or another natural person’s vitally important interests make the processing of personal data necessary, it will be done on the basis of Art. 6 Para. 1 Point d GDPR.
If data processing is necessary to safeguard a legitimate interest of our company and none of the data subject’s overriding interests, fundamental rights and fundamental freedoms stand in its way, processing is done on the basis of Art. 6 Para. 1 Point f GDPR.
Our legitimate interest arises out of the purpose of data collection and data processing for order and contract performance and the provision of contractually due services.
The following data are collected and processed for this purpose:
- form of address and title
- first name, last name
- road, house number
- post code, location
- if necessary, email address
- if necessary, telephone/mobile phone number
- if necessary, function/position in practice or company
- if necessary, date of birth
- if necessary, bank details
The only persons having access to these data are employees entrusted with contract and order performance and persons responsible for ensuring orderly system operation (administrators).
Further, the data furnished may also be used to prepare statistics and evaluations; this is done in an anonymised form and solely for our own purposes.
Personal data are deleted as soon as the purpose of storage no longer applies. Exceptions are instances where
- the data subject has agreed to a longer period of storage,
- further storage is necessary for contract performance or for the purpose of evidence or
- EU regulations, national laws or other regulations require a legal period of retention.
By giving your agreement you declare that you expressly agree until revocation that we may collect, process and use the data furnished to us by you for the purpose of order and contract performance and the provision of contractually due services.
At the same time you declare that you expressly agree that we may under a contractual relationship contact you by email, telephone or post.
III. Provision of Website and setting up of logfiles
Whenever our Website is accessed the following data and information from the accessing computer are automatically collected by our system:
- the user’s IP address,
- date and time of access,
- information about the browser type and version used,
- the user’s operating system,
- the user’s Internet service provider and
- Websites from which the user’s system reaches our Website.
Temporary storage of the IP address in the logfiles of our system is done on the basis of Art. 6 Para. 1 Point f GDPR and for the duration of the session is necessary to enable an exchange with the user’s computer, to ensure the functionability of the Website and to ensure the security of our technical information systems. These data are not stored together with other of the user’s personal data or evaluated for marketing purposes.
Furthermore during every visit to our Websites what are known as session cookies are temporarily stored on the user’s computer system and automatically deleted when you close your browser.
We also use technically unnecessary cookies that enable user habits to be analysed in order to improve the quality of our Website and its content. Here the following data can be collected:
- search terms entered,
- frequency of page access,
- use of Website functions.
These data are anonymised by technical means so that a match with the accessing user is no longer possible. Also they are not stored together with the user’s other personal data. The legal basis for processing personal data while using cookies for purposes of analysis is Art. 6 Para. 1 Point f GDPR.
The user has total control over the use of data transmitted to us by the cookies stored on his or her computer when our site is accessed. By changing the settings in your Web browser you can disable or restrict (individually or automatically) the transmission of cookies and delete cookies already stored. If cookies for our Website are disabled, it may not be possible to fully use all the functions of the Website.
Our Website offers the option of subscribing to a cost-free newsletter that is sent by email. When registering for the newsletter the following data are collected and transmitted to us:
- the user’s email address and
- the date and time of registration.
Your agreement to the processing of these data as part of the registration procedure is obtained in accordance with Art. 6 Para. 1 Point a GDPR and at the same time attention is drawn to this data protection notice.
The data are used solely for despatch of the newsletter. They are not disclosed to third parties. The only exception is the sharing of a limited amount of data to outside service providers that have been engaged to despatch the newsletter or have been integrated into this task.
Data furnished by the user on registration are stored for as long as the newspaper subscription applies. This may be discontinued at any time using a special link provided in every newsletter. At the same time as discontinuation of the subscription the agreement to store the data collected during the registration process may also be revoked.
On our Website we offer exclusively dental practices and dental laboratories the option of registering for a customer account that allows them to take advantage of certain content and services offered through our Website, such as in particular the option of ordering from our online shop.
During the registration process, in addition to the business information furnished optionally through an input mask by the user, the following data are collected and sent to us:
- the user’s IP address,
- date and time of registration.
At the same time in accordance with Art. 6 Para. 1 Point a GDPR the user’s agreement to process these data is obtained.
The data so collected are in accordance with Art. 6 Para. 1 Point b GDPR necessary for ordering products and performing orders, including the issue of invoices, later. Payment data are not collected either during registration or when processing orders online.
Data will be disclosed to third parties only if for the purpose of order performance they have to be communicated to logistics companies to enable them to deliver ordered goods.
As user, you may cancel your registration at any time, and stored data may be altered at any time. If the user so wishes, at the same time all the data collected during the registration process can be deleted, if they are no longer needed to achieve the purpose for which they were collected. Furthermore, storage to fulfil contractual or legal obligations may need to be considered, and particularly the data relating to product orders and the relevant documents are stored in strict accordance with mandatory tax law and other legal requirements and set time periods for claims under guarantees and warranties.
VII. Contact form and email contact
On our Website there is a contact form for making contact by electronic means. If a user chooses this option, the data required for communication, such as
- email address and
and any other information that is possibly needed in individual cases for using or performing a service offered by us are entered into an input mask and transmitted to us. The following data are also stored when the message is sent:
- the user’s IP address;
- date and time of registration;
Your agreement to the collecting and processing of the data as part of the registration procedure is obtained in accordance with Art. 6 Para. 1 Point a GDPR and at the same time attention is drawn to this data protection notice.
Contact may also be made through the email address provided, in which case the personal data furnished by the user with the email is stored on the basis of Art. 6 Para. 1 Point f GDPR.
These data are used solely for conversation with the user and are not disclosed to third parties. The data are deleted, if circumstances indicate that the issue in question has been finally clarified and conversation with the user has ended.
The user may at any time revoke his or her agreement to the processing of personal data. In instances where contact is made by email he or she may at any time object to the storage of data. If the user objects, all his or her personal data that have been stored during contact will be deleted. The conversation can then not be continued.
VIII. Web analysis
1. Google Analytics
We use in our online shop Google Analytics, the Web analysis service of Google Inc. based at Mountain View, California, USA (referred to in the following as "Google"), which uses and stores on your computer the cookies described in Section IV above in order to enable an analysis of your use of our online shop to be carried out. The information generated by cookies is normally transmitted to a Google server in the USA and stored there. The IP address then transmitted from your browser by Google Analytics is not combined with other data by Google. Furthermore, on this Website we have extended Google Analytics to include the code "anonymizeIP" in order to mask your IP address and so ensure that data collection is anonymous. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and there shortened.
On our behalf Google will use this information to evaluate your use of our online shop, to gather together reports about online shop activities and to provide other of our company’s services relating to online shop use and Internet use. You can, of course, prevent the storage of cookies by means of an appropriate setting on your browser.
You can also prevent the recording of data (incl. your IP address) generated by cookies and relating to your use of our online shop and of their processing by Google by downloading and installing the browser plug-in available through the following link:
Alternatively, you can, particularly if using browsers on mobile terminal devices, prevent recording by Google Analytics by clicking on this Link. This causes an opt-out cookie to be set that with future effect prevents your data from being recorded during visits to our online shop. This cookie is effective only on this browser and only for our company’s online shop and is stored on your device. If you delete the opt-out cookie on this browser, you will have to reset the opt-out cookie.
Our company also uses the services of etracker GmbH based in Hamburg, Germany, to analyse user data. Here, too, cookies are used that enable the use of this Website by its users to be analysed and user-related contents or advertising to be displayed.
The data generated by this analytical cookie are processed and stored on our behalf in Germany only. These data are therefore subject to rigorous German and European data protection laws.
Data are processed on the legal basis of Art. 6 Para. 1 Point f GDPR, and our legitimate interest here consists in the optimisation of our online offering and our Website. Because our visitors’ privacy is especially important to us, the IP address is anonymised at etracker as soon as possible and registration or device identifiers are converted to an unequivocal code that cannot be matched to one person. These data will neither be combined with other data nor disclosed to third parties nor used for any other purpose.
3. Google Maps
Our Website uses Google Maps, Google’s online map service, to show maps and prepare approach-route maps. When Google Maps is visited, Google is informed that you have accessed this service through our Website, regardless of whether you have a Google user account or not. If during this access you are logged via a Google account, data are directed straight to your user account at Google. If you do not want this, you must log out from there before using the service.
By using Google Maps you declare that you agree to the data automatically collected and entered by you being recorded, processed and used by Google and possibly third-party providers. You will find the terms and conditions of use for Google Maps at this Link. You can disable the Google Maps map service using your browser settings; use is then no longer possible.
Our Website uses plug-ins of the Facebook network offered by Facebook Inc. based at Menlo Park, California, USA (referred to here as "Facebook"). These plug-ins are identified by a Facebook logo or the extension "Like" or "Share". If you enable such a plug-in by mouse click, your browser sets up a direct connection to the Facebook servers. The content of the plug-in is then transmitted straight to your browser from Facebook and integrated into the page. At the same time Facebook is sent the information that your browser has accessed the relevant page of our Website, even if you have no Facebook profile or are not logged in there in that instance. This information (including IP address) is sent by your browser straight to a Facebook server in the USA and stored there. If you are logged in to Facebook, the visit to our Website can be matched straight to your Facebook profile. If you interact with the plug-ins (e.g. by means of the "Like" button), this information is likewise sent to Facebook and stored. The information is also published on your Facebook profile and shown to your Facebook friends.
For the purpose and scope of data collection and the further processing and use of data by Facebook as well as your rights in this respect and optional settings to protect your privacy, please refer to Facebook’s data protection notice. If you do not want Facebook to match the information gathered about your visit to our Website straight to your Facebook profile, you must log-out from Facebook before visiting our Website.
IX. Data subject’s rights
If personal data from you are processed, you are a "data subject" as defined by the GDPR and you enjoy the following rights against us as "data controller":
Right to revoke the declaration of agreement at any time
You have the right under Art. 7 Para. 3 at any time to revoke the declaration of agreement made by you in accordance with data protection law. This means that we must with future effect immediately discontinue processing data on the basis of this agreement. The lawfulness of the processing undertaken on the basis of this agreement until revocation is not affected by this revocation.
Right to information
Under Art. 15 GDPR you may ask for information about your data stored with us to be given you. As well as confirmation of whether personal data relating to you are being processed by us this information includes in particular information about
- the purposes of processing,
- the category of the personal data,
- the categories of persons to whom the data have been or are being disclosed,
- the scheduled duration of storage or criteria for specification of such duration,
- the origin of your data, if they were not collected from you.
Information about whether the personal data are being transmitted to a third-party country or an international organisation can also be asked for.
Right of rectification
You have the right to immediate rectification or completion of correct data under Art. 16 GDPR, if the personal data relating to you and stored with us are incorrect or incomplete.
Right of deletion
You have the right under Art. 17 GDPR to ask for your data stored with us to be deleted, if no legal or contractual retention periods or other legal obligations or rights to further storage have to be adhered to; an obligation to delete such personal data immediately exists in particular if the personal data are no longer need for the purposes for which they were collected or in any other way processed or if you revoke your agreement on which processing was based and there is no other legal ground for processing.
Right to restriction of processing
You have the right under Art. 18 GDPR to ask for the processing of your personal data to be restricted, if its correctness is disputed by you or processing is unlawful but you do not it to be deleted and we no longer need the data but you need them so assert, exercise or defend legal claims or have made an objection to processing under Art. 21 GDPR.
Right to data transmissibility
You have the right under Art. 20 GDPR to be given in a structured, commonly used and machine-readable format your personal data that you have furnished to us or to ask for such data to be transferred to another data controller.
Right to notification
In instances where you have asserted the right to rectification, deletion or restriction of processing we are required to notify all persons to whom these personal data have been disclosed of rectification, deletion or restriction of processing, unless it is impossible to do so or to do so would entail disproportionate effort and expense. There is also the right to be notified about such persons.
Right to object
If your personal data are being processed on the basis of legitimate interests under Art. 6 Para. 1 P. 1 Point f GDPR, you have the right under Art. 21 GPDR to make an objection to processing of your personal data, if there are grounds for doing so that arise out of your particular situation or the objection is directed against direct marketing. In the latter instance you have a general right to object that can be implemented by us without notification of a particular situation.
Automated decision-making in individual cases, including profiling
You have the right under Art. 22 GDPR not to be subjected to decision-making based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly effects you. This does however not apply in instances where the decision is necessary for entering into or performing a contract between you and the data controller.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject has the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Processing Regulation.
X. Changes – supervisory authority – contact persons
To ensure that our data protection notice complies with the requirements of the law at all times, we reserve the right to make changes at any time. This also applies if the data protection notice has to be adapted to accommodate new offerings or updated services. We shall notify you of any changes accordingly, and the data protection notice shall have force and effect when you next visit our Website.
Address of supervisory authority
Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart
Tel.: 0711/61 55 41 – 0
If you have any questions about data protection, please apply to our company data protection officer at: firstname.lastname@example.org
As at: May 2018