Who is responsible for data processing and to whom can you contact?
The Responsible Body as defined by the data protection laws is:
Dufner Instrumente GmbH
Fabrik für ärztliche Instrumente
78532 Tuttlingen, Germany
Tel: +49 (0)7461 3697
What sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. We receive the data directly from you, e.g. in the context of inquiries, orders, offers, order confirmations, contracts or through personal contacts with our employees. In addition, to the extent necessary for the provision of our services, we process your personal data which we may obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet).
Specifically, we process the following data:
Contact master data (e.g. name, address, contact details)
Order data (e.g. in the context of order processes)
Documentation data (e.g. call notes)
Data on the initiation and implementation of our business relationships
Correspondence (e.g. correspondence)
Use data (e.g. websites visited, interest in contents, access times)
Meta/ Communication data (e.g. device information, IP-addresses)
What do we process your data for (purpose of processing) and on what legal basis?
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following we will inform you on which legal basis we process your data.
For the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR)
The processing of data takes place for the fulfilment of a contract with you or for the execution of pre-contractual measures, which take place on the basis of an inquiry. The purposes of data processing depend in detail on the specific business relationship.
In the context of balancing interests (Art. 6 para. 1 f GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. This is done for the following purposes, among others:
General business management
Testing, optimization and further development of products and services Assertion of legal claims and defense in legal disputes
Ensuring the IT security and IT operation of the Group
Prevention and investigation of criminal offences
Transfer of data within DUFNER Instrumente GmbH, insofar as this is necessary for the processing of the respective business relationship
Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, procurement and avoidance of legal risks). As far as the specific purpose permits, we process your data pseudonymized or anonymized.
On the basis of your consent (Art. 6 para. 1 a GDPR
If you have given us your consent to process personal data for specific purposes, the respective consent is the legal basis for the processing stated there.
This applies in particular to
Transmission of data within DUFNER Instrumente GmbH
Transmission of data to third parties
You can revoke your consent at any time. This also applies to the revocation of declarations of consent that you have given us before the validity of the GDPR, i.e. before 25 May 2018. The revocation of consent is only valid for future processing.
Due to legal requirements (Art. 6 Par. 1 c GDPR)
We are subject to various legal obligations, e.g. by the Medical Devices Act, Medicines Act, Industrial Code, Commercial Act. The purposes of the processing include, inter alia
Enforcement of our general terms and conditions
Administration of our business
Processing for the fulfilment of legal storage or documentation obligations
Who gets my data?
Your data will be passed on within DUFNER Instrumente GmbH if this is necessary to fulfill our contractual and legal obligations or if the internal organization requires the passing on (e.g. central financial accounting, purchasing, development, production and logistics). Within DUFNER Instrumente GmbH, appropriate and legal requirements for the protection of your personal data have been established.
Your personal data will not be passed on to third parties (outside DUFNER Instrumente GmbH) unless you have given us your prior consent or a legal basis exists. A legal obligation comes into consideration in particular with the following recipient:
Public authorities, regulating authorities and bodies, e.g. tax revenue authorities
Jurisdiction/law enforcement agency, e.g. police, public prosecutors, courts
Counsel and notaries, e.g. insolvency proceedings
Certified Public Accountant
In addition, we employ various service providers (contractors according to Art. 28 GDPR), which we contractually oblige according to the specifications of the GDPR and whose compliance we monitor. These include companies in the areas of IT services, printing services, telecommunications, contract manufacturing, consulting or sales and marketing. Contractors may only use personal data in accordance with our instructions and for a specific purpose.
Excluded from this is the transfer to service partners, such as logistics service providers or forwarding agencies, insofar as the transfer is necessary for their order. They receive the data required for delivery for their own use. We limit ourselves to the transmission of the data necessary for delivery.
Is data transferred to a third country or an international organization?
We only transfer your data to countries outside the European Economic Area (third countries) if
It is necessary for the manufacture of our products and for the execution of our orders,
It is required by law, or
You have given us your consent.
If we transfer your data to a third country or an international organization, this is always done in accordance with the requirements of the GDPR. In addition, in accordance with the principle of data minimization, we only transmit data that is limited to the minimum necessary.
In some cases, we use service providers whose headquarters, parent company or sub-service provider is located in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR), appropriate guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective remedies are available to you as a party concerned. We have concluded a contract with the service provider to ensure compliance with the basic European data protection regulation and its requirements.
This web site uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses "cookies", small text files that are saved on your computer and can be used to analyze your usage of the web site. The information generated by the cookie on your usage of the web site is generally sent to a Google server in the USA and stored there. However, as a result of the activation of IP-anonymization on these web sites, Google first abbreviates your IP-address within member states of the European Union or other states that are included in the Agreement on the European Economic Area. Only in exceptional cases is the complete IP-address sent to a Google server in the USA and abbreviated there. Google uses this information on behalf of the operator of this web site to evaluate your usage of the web site, to compile reports on web site activity, and to provide additional services linked to the usage of the web site and the internet for the operator of the web site. Google does not combine the IP-address sent by your browser to Google Analytics with any other information. You can block the storage of cookies by appropriate settings in your browser software. However, please note that in this case you may not be able to make full use of all the functions of this web site. In addition, you can prevent the recording of the data generated by the cookie and sending the information on your usage of the web site (including your IP-address) to Google and the processing of the data by Google by downloading and installing the browser plugin available at the following link: Browser add-on for deactivating Google Analytics
In addition or as an alternative to the browser add-on you can suppress tracking by Google Analytics on our web site by clicking on this link. This will install an opt-out cookie on your device. The cookie will prevent Google Analytics from recording information for this web site and for this browser in future while the cookie remains installed in your browser.
We embed maps of „Google Maps“service: Google LLC, 1600 Amphithatre Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
How long will my data be stored?
If necessary, we process your personal data for the duration of the business relationship, this includes the initiation and processing of this as well as the storage due to legal retention periods.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted. Unless there are legal obligations of the responsible person against a deletion. This can be the case for the following purposes, among others:
Fulfilment of commercial and tax storage obligations in accordance with e.g. the German Commercial Code (HGB), Fiscal Code (AO), Money Laundering Act (AMLA). The periods for storage and documentation specified there range from two to ten years.
Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
Is there an obligation for me to provide data?
As part of our business relationship, you must provide the personal data required for the establishment and execution of the respective business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will generally not be able to enter into the business relationship with you and to fulfil the resulting obligations.
To what extent is there automated decision making?
In principle, we do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.
What data protection rights do I have?
In accordance with Art. 15 GDPR you can require information about your personal data processed by us. If your details are not or no longer accurate, you can request a correction (Art. 16 GDPR). Should your details be incomplete, you may demand a completion. If we have passed on your details to third parties, we will inform these third parties about your correction - insofar as this is required by law.
According to art. 17 GDPR you can request the deletion of your personal data if
Your personal data is no longer required for the purposes for which it was collected
You revoke your consent and there is no other legal basis for doing so
You object to the processing and there is no predominant reason of protection for processing
Your personal data have been processed unlawfully
Your personal data have to be deleted to comply with legal requirements
Please note that legal obligations of the person responsible can lead to the fact that your data cannot be finally deleted or only after expiration of a period.
In addition, you have a right to limitation of processing in accordance with Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data transferability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).
Information about your right of objection according to Art. 21 GDPR
Right of objection on a case-by-case basis
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests), including profiling within the meaning of Article 4(4) GDPR based on this provision. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You can make changes or withdraw an approval with effect into the future by informing us.