Note: This is a automatic generated translation. The original text is written in german. The german version is legally binding. You can find the original text below this translation.
We are pleased about your visit to our website and your interest in Porta Medika. We take the protection of your data very seriously and guarantee a confidential treatment of your personal information in the framework of the General Data Protection Regulation (GDPR).
That's why we inform you here about the backup and use of your data.
1. Privacy at a glance
The following notes give a simple overview of what happens to your personal information when you visit our website. Personal data is all data that personally identifies you. Detailed information on data protection can be found in the privacy statement listed below.
Please note that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
Data collection on our website
Who is responsible for the data collection on this website?
The data processing is carried out by the Humanitas Foundation e.V.
Which categories of affected persons are there?
Visitors and users of the online offer (hereinafter we refer to the affected persons as "users").
Which data is processed?
Inventory data (e.g., person master data, name or address).
Contact information (e.g., e-mail, phone numbers).
Content data (e.g., text input, photographs, videos).
Usage data (e.g., visited web pages, interest in content, access times).
Meta / communication data (e.g., device information, IP addresses).
How do we collect your data?
Your data will be collected on the one hand, that you tell us. This may be e.g. to trade data that you enter in a contact form, or that you enter during the ordering process.
Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (for example Internet browser, operating system or time of the page request). The collection of this data is automatic as soon as you enter our website.
What do we use your data for?
Provision of the online offer, its functions and contents
Answering contact requests and communicating with users
Audience measurement / Marketing
Personalization of the customer account
Additional business related processing:
Contract data (e.g., subject, term, customer category).
Payment data (e.g., bank details, payment history)
What rights do you have regarding your data?
At any time you have the right to obtain free information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. For this purpose and for further questions about data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the competent supervisory authority.
Analysis tools and third-party tools
2. General information and mandatory information
Note to the responsible body
The responsible data processing unit on this website is:
Humanitas Foundation e.V.
Olper Str. 67, 59872 Meschede
Telephone: +49 2903 3999626
E-mail: info (at) portamedika.shop
Responsible entity is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
Data protection officer:
If you have further questions on the collection, processing and use of your personal information, then please contact our data protection officer.
datenschutz (at) humanitasfoundation.com
Humanitas Foundation e.V.
Emil-Figge-Strasse 43, 44227 Dortmund Germany
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and direct mail (Article 21 GDPR)
If your personal data is processed to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object, your personal data will then no longer be used for the purpose of direct advertising (objection under Art. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the case of violations of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process on the basis of your consent or in fulfillment of a contract, in itself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another person in charge, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or. TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.
If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
Information, blocking, deletion and correction
You have the right to free information on your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to rectification, blocking or deletion of this data. For further information on personal data you can contact us at any time at the address given in the imprint.
Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:
If you deny the accuracy of your personal information stored with us, we usually need time to verify this.
For the duration of the audit you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal information, but you need it to exercise, defend or enforce legal claims, you have the right to demand that your personal information be restricted instead of being deleted.
If you have filed an objection pursuant to Art. 21 (1) GDPR, a balance must be made between your interests and ours.
As long as it is not clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data may be - except for their storage - only with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the European Union or a Member State.
Collaboration with contract processors, joint controllers and third parties
If, in the course of our processing, we disclose data to other persons and companies (contract processors, joint controllers or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (eg if the data is transmitted to third parties, such as to payment service providers, to fulfill the contract), users have consented to a legal obligation to do so or on the basis of our legitimate interests (eg the use of agents, web hosts, etc.).
If we disclose data to other companies in our group, convey it or otherwise grant access to it, this is done in particular for administrative purposes as a legitimate interest and, moreover, based on a legal basis.
Transfers to third countries
If we process data in a third country (ie outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or in the context of the use of third party services or disclosure, or transfer of data to other persons or companies This will only happen if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only in the presence of legal requirements. That the processing is e.g. based on specific guarantees, such as the officially recognized level of data protection (for example, the US Privacy Shield) or compliance with officially recognized specific contractual obligations.
Opposition to advertising emails
The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.
3. Data collection on our website
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version Operating system used Referrer URL Host name of the accessing computer Time of server request IP address
A merge of this data with other data sources will not be done.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and the optimization of his website - for this purpose, the server log files must be recorded.
Order processing in the online shop and customer account
We process the data of our customers as part of the ordering process in our online shop to allow them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes inventory data, communication data, contract data, payment data and persons affected by the processing belong to our customers, prospects and other business partners. Processing is for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer service. Here we use session cookies for the storage of the shopping cart contents and permanent cookies for the storage of the login status.
Users can create a user account. As part of the registration, the necessary mandatory information will be communicated to the users. The user accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to their retention is necessary for commercial or tax reasons. Information in the customer's account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (for example, in the case of litigation). It is the responsibility of the users to secure their data upon termination before the end of the contract.
As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the pursuit of our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after expiration of legal warranty and other contractual rights or obligations (for example, payment entitlements or performance obligations from contracts with customers), whereby the necessity of keeping the data is checked every three years; in the case of storage due to legal archiving obligations, the deletion takes place after its expiration.
External payment service providers
We use external payment service providers through whose platforms users and we can make payment transactions (e.g., with a link to the payment service providers' privacy policies:
American Express (https://www.americanexpress.com/en/content/privacy-policy-statement.html)
As part of the fulfillment of contracts, we set the payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. Incidentally, we use external payment service providers on the basis of our legitimate interests. Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.
For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of rendering our contractual services. The processing principles are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose and interest in processing lies in administration, financial accounting, office organization, data archiving, that is, tasks that serve to maintain our business, perform our duties and provide our services. The deletion of the data in terms of contractual performance and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, and other fee agents and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. We generally store this majority of company-related data permanently.
Business analysis and market research
In order to operate our business economically, to recognize market trends, wishes of the contractors and users, we analyze the data available to us for business transactions, contracts, inquiries, etc. We process stock data, communication data, contract data, payment data, usage data, metadata based on the nature 6 para. 1 lit. f. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyzes are carried out for the purpose of business analysis, marketing and market research. In doing so, we can provide the profiles of registered users with information, e.g. take into account their services. The analyzes serve us to increase the user-friendliness, the optimization of our offer and the business economics. The analyzes are for us alone and will not be disclosed externally unless they are anonymous, aggregated value analyzes.
If these analyzes or profiles are personal, they will be deleted or anonymised upon termination of the users, otherwise after two years from the conclusion of the contract. Incidentally, the overall business analyzes and general trend provisions are created anonymously if possible.
Provision of our statutory and business services
We process the data of our members, supporters, prospects, customers or other persons in accordance with Art. 6 para. 1 lit. b. GDPR, if we offer them contractual services or in the context of an existing business relationship, e.g. members, or are themselves recipients of benefits and benefits. Incidentally, we process the data of affected persons in accordance with. Art. 6 para. 1 lit. f. GDPR based on our legitimate interests, e.g. when it comes to administrative tasks or public relations.
The data processed, the nature, scope and purpose and necessity of their processing are determined by the underlying contractual relationship. This includes in principle inventory and master data of the persons (eg, name, address, etc.), as well as the contact data (eg, e-mail address, telephone, etc.), the contract data (eg, services used, communicated contents and Information, names of contact persons) and if we offer paid services or products, payment data (eg, bank details, payment history, etc.).
We delete data that is no longer required to serve our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant to the transaction, as well as with regard to any warranty or liability obligations. The necessity of keeping the data is checked every three years; otherwise the statutory storage obligations apply.
Users can create a customer account. As part of the registration, the required mandatory information is communicated to the users and based on Art. 6 para. 1 lit. b GDPR processed for purposes of providing the user account. The processed data include in particular the login information (name, password and an e-mail address). The data entered during registration will be used for the purpose of using the user account and its purpose.
Users may have access to information relevant to their user account, e.g. technical changes, be informed by e-mail. If users have terminated their user account, their data will be deleted with respect to the user account, subject to a statutory retention requirement. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 (1) lit. GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or delete the purpose for data storage (for example, after your request has been processed). Mandatory statutory provisions - especially retention periods - remain unaffected.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and / or on our legitimate interests (Article 6 (1) (f) GDPR), since we have a legitimate interest in the effective Processing of requests addressed to us.
The data sent by you to us via contact requests remains with us until you ask us to delete, revoke your consent to the storage or the purpose for the data storage is omitted (eg after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Comments on this website
In addition to your comment, the comment function on this page will also contain information about when the comment was created, your e-mail address and, if you do not post anonymously, the username you selected.
Storage duration of the comments
The comments and related data (e.g., IP address) are stored and remain on our website until the commented content has been completely deleted or the comments must be deleted for legal reasons (e.g., offensive comments).
The comments are stored on the basis of your consent (Art. 6 (1) a GDPR). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the already completed data processing operations remains unaffected by the revocation.
4. Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.
We point out that data of the users outside the area of the European Union can be processed. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles are created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. Place advertisements inside and outside the platforms that are allegedly in line with users' interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them).
The processing of the personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with. Art. 6 para. 1 lit. f. GDPR. If the users are asked by the respective providers of the platforms for a consent to the above-described data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
5. Analysis tools and advertising
Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before saving.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising.
The information generated by the cookie about the use of this website will not be disclosed to third parties. You can prevent the storage of cookies by a corresponding setting of your browser software; However, please be aware that in this case you may not be able to use all features of this website.
If you wish to receive the newsletter offered on the website, we require an e-mail address from you, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter , Further data are not collected or only on a voluntary basis. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the "unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
The data deposited with us for the purpose of obtaining the newsletter will be saved by us from the newsletter until your cancellation and will be deleted after cancellation of the newsletter. Data stored for other purposes with us remain unaffected.
7. Plugins and Tools
Google Web Fonts
This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. The Google fonts are installed locally. There is no connection to Google servers.
We use "Google reCAPTCHA" (hereafter "reCAPTCHA") on our websites. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
With reCAPTCHA we want to check if the data entry on our websites (for example in a contact form) is done by a human or by an automated program. For this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (for example, the IP address, the website visitor's visit time on the website, or user mouse movements). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyzes are completely in the background. Site visitors are not advised that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f GDPR. The Web site operator has a legitimate interest in protecting its web sites from abusive automated spying and SPAM.
Use of Facebook social plugins
Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. GDPR) we use social plugins ("plugins") of the social network facebook.com, which operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook").
For this, e.g. Content such as images, videos or text and buttons include, with which users can share the content of this online offer within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)
When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and we inform the users accordingly to our knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Other settings and inconsistencies regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info / choices / or the EU page http://www.youronlinechoices.com/. The settings are platform independent, i. they are adopted for all devices, such as desktop computers or mobile devices.
Created with: e-recht24.de & Datenschutz-Generator.de by RA Dr. med. Thomas Schwenke
Status of processing: 15.January 2019
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i. the EU and the EEC, unless the legal basis in the data protection declaration is mentioned:
The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR;
The legal basis for the processing for the fulfillment of our services and the execution of contractual measures as well as the answer to inquiries is Art. 6 para. 1 lit. b GDPR;
The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
The legal basis for the processing required to perform a task in the public interest or in the exercise of official authority which has been delegated to the controller is Article 6 (1) lit. e GDPR.
The legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR.
The processing of data for purposes other than those to which they have been granted is governed by the provisions of Article 6 (4) GDPR.
The processing of special categories of data (according to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) GDPR.
In accordance with legal requirements, we take into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational Measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the enjoyment of data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection through technology design and privacy-friendly default settings.
Glossary of terms used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
"Profiling" means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal To analyze or predict preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
"Responsible person" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
"Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.