Data protection information of the Dreve Group
Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is
Company Dreve ProDiMed GmbH
Max-Planck-Str. 31
59423 Unna
Germany
Phone: +49 2303 8807-0
Fax: +49 2303 8807-745
E-Mail: info@dreve.de
Name and address of the data protection officer
The data protection officer of the controller is
Deutsche Datenschutz Consult GmbH
Christoph Heinrich
www.deutsche-datenschutz-consult.de
Stresemannstraße 29
22769 Hamburg Germany
Tel.: +49 40 228 60 70 402
E-Mail: datenschutzbeauftragte@dreve.de
Server statistics
When you visit our website, we collect the following data that your browser transmits:
The data is processed temporarily to enable correct delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The delivery of the website at the user's request constitutes a legitimate interest, which is why the temporary storage and processing in this context is based on Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective session has ended.
The above-mentioned data is also stored in the log files of our system, whereby the IP address is only recorded in anonymized form. The logging is used for the internal evaluation of our offer, to optimize the display of our website and to identify and prevent misuse. The stored data is not merged with other data sources or used for marketing purposes. Log files are deleted after 30 days at the latest. As the IP address is stored anonymously in the log files, this is no longer personal data.
Cookies
This website uses cookies. A "cookie" is text information that the visited website places on the viewer's computer via the web browser, where it can later be read again by the web browser.
Cookies can be used to store information about details you provide when you visit the website - for example, your choice of language, entries in form fields, etc. Cookies can also be used to store a unique identifier that makes your browser recognizable to the website.
We ourselves use both session cookies (which are automatically deleted when the browser is closed) and persistent cookies (which remain on your computer until the set expiry date) on this website.
In addition, third-party services are integrated on this website, which may also place cookies on your computer. See below for the integrated services.
Cookies are set on the basis of Art. 6 para. 1 sentence 1 lit.f GDPR, whereby our legitimate interest lies in the provision of a functional and user-friendly website, answering customer inquiries and optimizing our website.
We use the personal data collected with the help of cookies to optimize the information and offers on our website in your interest by optimizing the navigation of the site from a technical point of view, e.g. by the possibility of saving your settings for your next visit or features such as the recognition of a closed session to enable a login or a shopping cart, etc.
The user data collected by the cookies is not used to create user profiles.
Session cookies set by us are deleted when the browser is closed; persistent cookies set by us are deleted after the set expiry date. You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. As a user, you therefore have full control over the use of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
Contact form
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. This data includes the user's formulated request:
The following data is also stored at the time the message is sent:
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
If necessary, the data is processed in the context of the initiation or execution of a contractual relationship, Art. 6 para. 1 lit. b GDPR. In addition, processing may take place within the scope of our legitimate interests, Art. 6 para. 1 lit. f GDPR. Our legitimate interest here is to provide an uncomplicated way for potential interested parties in our services or other visitors to our website to contact us. Our legitimate interests may also lie, for example, in the internal forwarding of the inquiry to enable another employee to answer it or in similar organizational measures to make work easier. This does not include surprising or excessive processing that is detrimental to the sender.
The data from the input screen is collected solely for the purpose of processing your request and providing information about our services. Your data will not be passed on or used for other purposes.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The contact form generates an email and sends it to an internal Dreve email address. Since emails can constitute business letters within the meaning of the German Commercial Code (HGB), they are stored for a period of 6 years starting with the year following the receipt or sending of the email. This is done on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with the archiving obligation from § 257 HGB. Contact requests that do not constitute business letters are deleted when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of 30 days at the latest.
The user can object to the storage of their personal data at any time. To do so, simply send an informal e-mail to our data protection officer (see address above), stating the data required to assign the contact. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
Correspondence in connection with the execution of contracts
If you correspond with us by e-mail, we collect, store and process your name, your e-mail address and all content of the correspondence. This data is processed to initiate or execute a contractual relationship with you or the controller that you represent.
The legal basis for the processing is generally Art. 6 para. 1 lit. b GDPR if the communication is for the initiation or execution of a contractual relationship with you. If you represent a company in communication with us, the processing is carried out on the basis of Art. 6 para. I lit. f GDPR, whereby our legitimate interest lies in the establishment and support of business relationships. In individual cases, processing may also be based on Art. 6 para. 1 lit. a GDPR if you have given us your consent for contact and/or correspondence.
If we receive your e-mail address in connection with the performance of a contract with you or the company you represent, we will send you information about our products and services at irregular intervals. This is done on the basis of our legitimate interest in presenting our product portfolio to our customers and arousing further interest in our services. In this respect, the processing of your e-mail address is based on Art. 6 para. 1 lit. f GDPR. You can object to the processing of your e-mail address for this purpose at any time in accordance with Art. 21 para. 2 GDPR without giving reasons.
If required for the fulfillment of the contract or by law, we disclose or transfer personal data of our customers to third parties only if this serves the provision of our services in accordance with Art. 6 para. 1 lit b. GDPR, is required by law pursuant to Art. 6 para. 1 lit. c. GDPR, serves our interests or those of our customers in the efficient and cost-effective provision of services as a legitimate interest pursuant to Art. 6 para. 1 lit f. GDPR, or in the context of consent pursuant to Art. 6 para. 1 lit. a., Art. 7 GDPR.
Your data will only be stored for as long as it is needed to process the correspondence. In addition, we are legally obliged to retain business correspondence for a period of 6 years. In this respect, your data is stored on the basis of Art. 6 para. 1 lit. c GDPR to fulfill the statutory retention obligations. After expiry of these retention obligations, your data will be deleted unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Our services for registered users
Use of the customer portal
If you would like to take advantage of the opportunity to order goods in our general web store or in our order portals for dental and hearing technology, you have the option of registering on our portal. For this we require personal data from you:
During the usage process, technically necessary information such as IP address, time of access, etc. is also collected, which allows us to technically implement our service in accordance with current security standards.
After a comparison with the relevant sanction lists (in accordance with Art. 6 para. 1 lit. c GDPR in the event of a possible personal reference), you will then have the opportunity to use our services. The legal basis for the data collected as part of the registration and use of our portal is the necessity for the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b GDPR, if you are acting as an independent individual in your own name, alternatively our legitimate interest in being able to name an individually identifiable natural person at our contractual partner, Art. 6 para. 1 lit. f GDPR.
As soon as you create an order within one of our portals or in the web store, you may also be required to provide information about your payment details, which are necessary for the execution of the contract. A credit check may also be carried out in individual cases, but not in a generalized and automated manner. If such a credit check is carried out, this also applies to natural persons acting independently if they decide to register on our portal. In such a case, the check carried out is necessary for the performance of the contract in accordance with Art. 6 para. 1 lit. b GDPR. Although a scoring value is calculated automatically by the company commissioned to carry out a credit check, no automated decision-making takes place on the basis of this value, but rather on the basis of an individual assessment of the individual case.
Your data will be stored for 6 or 10 years within the framework of the statutory obligations to provide evidence under commercial and tax law, calculated from the year following the conclusion of the contract, Art. 6 para. 1 lit. c GDPR.
Chat service
After registering, our customers have the option of contacting us via chat for advice on our products. To make this possible, we use products from the provider Userlike UG, Probsteigasse 44-46, 50670 Cologne. This provider acts as a processor for us as soon as personal data is involved. In this case, we process the data of our contact person as part of our legitimate interest in being able to offer our customers an uncomplicated and up-to-date consulting option, Art. 6 para. 1 lit. f GDPR. There is also the option of not providing any further data apart from the connection data (IP address, etc.) that is collected for technical reasons. There is no direct assignment of the chat to the customer in our customer database. Information is only added manually to our customer database if this is appropriate in accordance with our legitimate interest in offering our customers an optimal service, Art. 6 para. 1 lit. f GDPR.
Orders placed for you by third parties
If we receive your data from an organization that places orders with us on your behalf, we process your data on the basis of your consent, which you have given to this organization for the transfer of the data to us. We have concluded contractual arrangements with our customers who place such orders for end users, which ensure that the customer obtains such consent from the data subject before forwarding the data to us.
In this respect, your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Newsletter
Registration
For our newsletter, we collect your e-mail address, your preferred form of address, your first and last name and your particular interests. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
The newsletter is sent on the basis of the consent of the recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission in accordance with § 7 para. 3 UWG.
The logging of the registration procedure is carried out on the basis of our obligation to provide evidence pursuant to Art. 6 para. 1 lit. c i.V.m. Art. 7 para. 1 GDPR.
We use your e-mail address to send the newsletter, e-mails, and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, these are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.
Our interest in logging the registration process is based on the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to comply with our obligations to provide evidence, Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR.
The data collected will be retained until you withdraw your consent. In order to be able to prove a previously given consent, we can store e-mail addresses that have been deleted due to revocation for up to three years before we delete them. The processing of this data is then limited to the purpose of fulfilling our obligation to provide evidence and a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter.
Performance measurement
The newsletters may contain links which, when clicked on, transmit information about the clicked link and/or the newsletter itself to us. As part of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are initially collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. The evaluations are used to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
These evaluation activities are in our legitimate interests as the operator of the newsletter, Art. 6 para. 1 lit. f GDPR.
Customer satisfaction surveys
For the clinical follow-up of our products, we conduct surveys among our customers to determine their satisfaction with our services. The aim of these surveys is to collect additional clinical data on the product after it has been placed on the market and to use this data to evaluate the safety, performance and efficacy of the product on an ongoing basis. For this purpose, we provide our customers with questionnaires that they can use to give us feedback on the products they have purchased from us.
To draw the customer's attention to the survey, we use the e-mail address received in connection with the purchase of the product or link to the website with the questionnaires in the invoice or other order-related documents.
The customer satisfaction survey itself is anonymous. We collect the product for which you are providing feedback, your role (retailer, user, or patient) and the information you provide about the product you purchased from us. A personal reference can only be established if you create this yourself by entering information in the free text fields. However, processing of personal data within the scope of the survey is neither intended nor intended.
The processing of your email address in order to encourage you to participate in the customer satisfaction analysis is based on Art. 6 (1) lit. c GDPR in conjunction with. Article 61 (11) MDR. This norm indicates that the clinical evaluation and associated documentation must be updated throughout the life cycle of the medical device based on clinical data. This implementation should be documented in the manufacturer's post-market clinical follow-up plan (PMCF plan) in accordance with Annex XIV Part B and the post-market surveillance plan (PMS plan) in accordance with Article 84.
The (typically anonymous) results of the surveys are processed by our product management and quality assurance departments and are not passed on to third parties. The data is deleted as soon as it is no longer relevant for the medical device.
Infomails for existing customers
If we receive your email address in connection with the purchase of goods or services, we reserve the right to inform you occasionally by email about similar goods or services from our company. This use of your email address is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in presenting you with interesting offers from our portfolio and thus promoting interest in our products and services.
Success (e.g. opening or click rates) is not measured for the info mails.
You can object to the use of your e-mail address for this purpose at any time by clicking on the corresponding link provided at the end of each such e-mail .
Online survey
When you purchase goods or services from us, we indicate in our communication that you have the opportunity to tell us how satisfied you were with our services via an online survey.
As part of the online customer satisfaction survey, we collect basic usage data such as your IP address and time of access, which is necessary for the technical implementation of the survey. Apart from this, we ask about purchasing behavior and satisfaction without establishing a direct personal reference. The survey is therefore largely anonymous; a personal reference is only theoretically conceivable if the IP address is taken into account.
This data is evaluated in order to identify potential for improvement in relation to our online store and thus optimize it. At the same time, we want to be able to respond to justified criticism and offer our users the most pleasant shopping experience possible. We have a legitimate interest in improving the user experience, which is why the processing of your data for the survey is based on Art. 6 para. 1 lit. f GDPR.
Information provided as part of the online survey will be stored for a period of one year and then deleted.
Online presence in social media
We maintain online presences on the Xing, Instagram, Facebook, and LinkedIn platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise stated in our privacy policy, we process users' data if they communicate with us via these platforms, e.g. write posts on our online presence or send us messages. This is done on the basis of our legitimate interest in being able to offer an appealing interaction option for our customers and interested parties, Art. 6 para. 1 lit. f GDPR.
Furthermore, the data of visitors to our online presences is evaluated by the platform operators and the anonymized data is made available to us. We are responsible for providing our online presence on the platforms and obtaining statistical evaluations of our visitors on these online presences in our legitimate interest in being able to evaluate our offer and our market reach, Art. 6 para. 1 lit. f GDPR.
The actual statistical analysis is the responsibility of the platform operator. For more information, you can contact the responsible platform operators at any time or refer to their privacy policies.
Name: Xing, responsible for New Work SE
Address: Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy https://privacy.xing.com/de/datenschutzerklaerung
Name: Instagram, Controller: Facebook Ireland Limited
Address: 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy: https://help.instagram.com/519522125107875
Name: Facebook Ireland Ltd
Address: 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland
Privacy Policy: de-de.facebook.com/policy.php
Shared responsibility: https://www.facebook.com/legal/terms/page_controller_addendum
Name: LinkedIn
Address: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: https://de.linkedin.com/legal/privacy/eu?
Third-party services
Google Maps
We integrate the maps of the "Google Maps" service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The processed data includes, in particular, IP addresses and location data of the users, but the latter are not collected without their consent (usually carried out as part of the settings of your mobile devices). The data may be processed in the USA. The legal basis for the access to Google Maps implemented by us is your consent pursuant to Art. 6 para. 1 lit. a., Art. 7 GDPR, which you give by activating the map by clicking on the placeholder.
For more information, please refer to Google's privacy policy: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated
You can object to the use of your data by Google Maps at any time by clicking on this link: https://adssettings.google.com/authenticated
Youtube
On our website, we use the plugin of the YouTube service offered by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, which is represented by Google Inc. with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: YouTube). The plugin can be recognized on our website by the term "Youtube", combined with the symbol of the red rectangle with the play button.
When we embed YouTube videos on our website, initially only a placeholder is loaded, which informs you about the activation of the YouTube plug-in and links to YouTube's data protection information. Only when you click on the placeholder do you activate the YouTube plug-in and a direct connection is established between your browser and the YouTube server. As a result, YouTube receives the information that your browser has accessed the corresponding page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube. This information (including your IP address) is transmitted directly from your browser to a YouTube server in the USA and stored there.
If you are logged in to YouTube, YouTube can directly associate your visit to our website with your YouTube profile. If you interact with the plugins, for example by pressing the "Play" button, the corresponding information is also transmitted directly to a YouTube server and stored there. The purpose and scope of the data collection and the further processing and use of the data by YouTube as well as your rights in this regard can be found in the data protection information at
https://policies.google.com/privacy?hl=de
You can find your settings options for protecting your privacy here:
https://adssettings.google.com/authenticated
The integration of the YouTube component takes place on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR, as you consent to the processing by YouTube by activating the plug-in.
If you do not want YouTube to assign the data collected via our website directly to your YouTube account, you must log out of YouTube before visiting our website.
Your rights
You have the right to request rectification, restriction of processing, portability and/or erasure of your personal data. In addition, you can request information about processing operations relating to your personal data and have the right to be informed of the recipients of your data if you have exercised your right to erasure, restriction of processing or rectification.
Furthermore, you can complain to the competent supervisory authority about processing operations and object to the processing of your personal data.
Right of objection
If we process your personal data on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object to this processing. If we process your personal data for direct marketing purposes, the objection can be made without justification (Art. 21 para. 2 GDPR). In this case, we will cease processing immediately. Otherwise, the reasons arising from your particular situation must be explained (Art. 21 para. 1 GDPR) so that we can reassess the balance of interests under Art. 6 para. 1 lit. f GDPR accordingly.
Right to information
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing, in accordance with applicable law, which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.
Right to rectification
You have the right to have your data stored by us corrected if it is incorrect.
Right to restriction of processing
Furthermore, you can have the processing of your data restricted under the conditions of Art. 18 para. 1 GDPR (for example, if the accuracy is disputed or the processing is unlawful). We may then only process data affected by this under the conditions of Art. 18 para. 2 GDPR (for example with your consent or for the exercise of or defense against legal claims).
Right to erasure
You can also request the deletion of your personal data under the conditions of Art. 17 para. 1 lit. a-f GDPR (for example, if we no longer need the personal data or the processing is unlawful), unless the exceptions of Art. 17 para. 3 lit. a-e GDPR apply (for example, where we are legally obliged to process the data).
Right to data portability
You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transmitted to another location.
Right to lodge a complaint with a supervisory authority
You have the option of lodging a complaint with a data protection supervisory authority of your choice if you are of the opinion that the processing of your personal data by us is unlawful.
Note on data security
We use the SSL (Secure Socket Layer) method on our website in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
No automated decision-making
We would like to point out that in the context of the use of our services and the use of our services, you will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Date of Information: 10.2024