Data Protection

Who is responsible for data processing and to whom can you contact?

The Responsible Body as defined by the data protection laws is:

Dufner Instrumente GmbH
Fabrik für ärztliche Instrumente
Föhrenstr. 9
78532 Tuttlingen, Germany

Tel: +49 (0)7461 3697


What sources and data do we use?

We process personal data that we receive from you in the course of our business relationship. We receive the data directly from you, e.g. in the context of inquiries, orders, offers, order confirmations, contracts or through personal contacts with our employees. In addition, to the extent necessary for the provision of our services, we process your personal data which we may obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet).

Specifically, we process the following data:

What do we process your data for (purpose of processing) and on what legal basis?

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following we will inform you on which legal basis we process your data.

The processing of data takes place for the fulfilment of a contract with you or for the execution of pre-contractual measures, which take place on the basis of an inquiry. The purposes of data processing depend in detail on the specific business relationship.

If necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. This is done for the following purposes, among others:



Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, procurement and avoidance of legal risks). As far as the specific purpose permits, we process your data pseudonymized or anonymized.

If you have given us your consent to process personal data for specific purposes, the respective consent is the legal basis for the processing stated there.

This applies in particular to

You can revoke your consent at any time. This also applies to the revocation of declarations of consent that you have given us before the validity of the GDPR, i.e. before 25 May 2018. The revocation of consent is only valid for future processing.

We are subject to various legal obligations, e.g. by the Medical Devices Act, Medicines Act, Industrial Code, Commercial Act. The purposes of the processing include, inter alia

Who gets my data?

Your data will be passed on within DUFNER Instrumente GmbH if this is necessary to fulfill our contractual and legal obligations or if the internal organization requires the passing on (e.g. central financial accounting, purchasing, development, production and logistics). Within DUFNER Instrumente GmbH, appropriate and legal requirements for the protection of your personal data have been established.

Your personal data will not be passed on to third parties (outside DUFNER Instrumente GmbH) unless you have given us your prior consent or a legal basis exists. A legal obligation comes into consideration in particular with the following recipient:

In addition, we employ various service providers (contractors according to Art. 28 GDPR), which we contractually oblige according to the specifications of the GDPR and whose compliance we monitor. These include companies in the areas of IT services, printing services, telecommunications, contract manufacturing, consulting or sales and marketing. Contractors may only use personal data in accordance with our instructions and for a specific purpose.

Excluded from this is the transfer to service partners, such as logistics service providers or forwarding agencies, insofar as the transfer is necessary for their order. They receive the data required for delivery for their own use. We limit ourselves to the transmission of the data necessary for delivery.

Is data transferred to a third country or an international organization?

We only transfer your data to countries outside the European Economic Area (third countries) if

If we transfer your data to a third country or an international organization, this is always done in accordance with the requirements of the GDPR. In addition, in accordance with the principle of data minimization, we only transmit data that is limited to the minimum necessary.

In some cases, we use service providers whose headquarters, parent company or sub-service provider is located in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR), appropriate guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective remedies are available to you as a party concerned. We have concluded a contract with the service provider to ensure compliance with the basic European data protection regulation and its requirements.

Google Analytics

This web site uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses "cookies", small text files that are saved on your computer and can be used to analyze your usage of the web site. The information generated by the cookie on your usage of the web site is generally sent to a Google server in the USA and stored there. However, as a result of the activation of IP-anonymization on these web sites, Google first abbreviates your IP-address within member states of the European Union or other states that are included in the Agreement on the European Economic Area. Only in exceptional cases is the complete IP-address sent to a Google server in the USA and abbreviated there. Google uses this information on behalf of the operator of this web site to evaluate your usage of the web site, to compile reports on web site activity, and to provide additional services linked to the usage of the web site and the internet for the operator of the web site. Google does not combine the IP-address sent by your browser to Google Analytics with any other information. You can block the storage of cookies by appropriate settings in your browser software. However, please note that in this case you may not be able to make full use of all the functions of this web site. In addition, you can prevent the recording of the data generated by the cookie and sending the information on your usage of the web site (including your IP-address) to Google and the processing of the data by Google by downloading and installing the browser plugin available at the following link: Browser add-on for deactivating Google Analytics

In addition or as an alternative to the browser add-on you can suppress tracking by Google Analytics on our web site by clicking on this link. This will install an opt-out cookie on your device. The cookie will prevent Google Analytics from recording information for this web site and for this browser in future while the cookie remains installed in your browser.

Google Maps

We embed maps of „Google Maps“service: Google LLC, 1600 Amphithatre Parkway, Mountain View, CA 94043, USA. Data protection:, Opt-Out:

How long will my data be stored?

If necessary, we process your personal data for the duration of the business relationship, this includes the initiation and processing of this as well as the storage due to legal retention periods.

If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted. Unless there are legal obligations of the responsible person against a deletion. This can be the case for the following purposes, among others:

Is there an obligation for me to provide data?

As part of our business relationship, you must provide the personal data required for the establishment and execution of the respective business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will generally not be able to enter into the business relationship with you and to fulfil the resulting obligations.

To what extent is there automated decision making?

In principle, we do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

What data protection rights do I have?

In accordance with Art. 15 GDPR you can require information about your personal data processed by us. If your details are not or no longer accurate, you can request a correction (Art. 16 GDPR). Should your details be incomplete, you may demand a completion. If we have passed on your details to third parties, we will inform these third parties about your correction - insofar as this is required by law.

According to art. 17 GDPR you can request the deletion of your personal data if

Please note that legal obligations of the person responsible can lead to the fact that your data cannot be finally deleted or only after expiration of a period.

In addition, you have a right to limitation of processing in accordance with Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data transferability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).

Information about your right of objection according to Art. 21 GDPR

Right of objection on a case-by-case basis

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests), including profiling within the meaning of Article 4(4) GDPR based on this provision. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can make changes or withdraw an approval with effect into the future by informing us.