Data Protection

Information on the data processing carried out for this website as per art. 13 EU General Data Protection Regulation (GDPR) on the collection of personal data from data subjects.

FormMed HealthCare AG is the controller of this website. As the provider of a teleservice, at the beginning of your visit, it has to inform you of the type, extent and purpose of the collection and use of personal data in a transparent, comprehensible and easily accessible form, using clear, simple language. This content must always be available to you.

We give great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the current European and national legislation.

With the below data protection regulation, we want to show you how we handle your personal data and how you can get in touch with us:

FormMed HealthCare AG
Schönberger Weg 13
60488 Frankfurt am Main
Commercial registry No.: HRB 89952
Board: Dr. med. Martin Lemperle, Jan Moch
Telephone: +49 (0)69 / 76805698-22

Our data protection officer:
Sven Lenz
Deutsche Datenschutzkanzlei GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten

For data protection questions or additional data protection requests, you can send an email to the following address:

A. General

This data protection declaration has been written, as far as possible, using gender-neutral language. For definitions of the terms “personal data” and “processing”, see art. 4 GDPR.

The personal data processed by this website include
- Basic data (e.g. customer names and addresses),
- Contractual data (e.g. services used, payment information),
- User data (e.g. pages visited on our website) and
- Content data (e.g. entries in online forms).

B. Specific

Data protection information

We guarantee that we will only process the data you provide in connection with handling your queries, for internal purposes or to render or provide the services and content you have requested.

Legal basis of data processing

We only process your personal data in compliance with the relevant data protection provisions. The legal reasons are:
- To render our contractual services
- Processing is a legal requirement
- You have given consent electronically (e.g. by subscribing to the newsletter)
- To exercise our legitimate interest

We will be happy to show you where the above legal principles are set out.

Processing in order to render our services and implement contractual measures:
Art. 6 para. 1 b) GDPR

Processing to fulfill our legal obligations:
Art. 6 para. 1 c) GDPR

Art. 6 para. 1 a) and art. 7 GDPR

Processing to exercise our legitimate interest:
Art. 6 para. 1 f) GDPR

Data transfer to third parties

We are obliged to make it known that data transfer to third parties does take place.

Transfer of your data to third parties only takes place within the framework of the legal regulations in force. We only transfer your data if this is necessary for contractual purposes or on the basis of legitimate interests in the economic and effective continuation of our business operations.

If we use subcontractors to provide our services, we take suitable legal precautions and implement technical and organizational measures to ensure the protection of personal data in accordance with the legal regulations.

Data transfer to third countries or international organizations

Third countries are those where the GDPR is not directly applicable. This fundamentally covers all countries outside the EU and European Economic Area.

No data transfer takes place to third countries or international organizations without a legal reason being given.

Duration of storage of your personal data

We stand by the principles of data avoidance and data minimization. This means we only store your data for the length of time necessary to achieve the purposes described here or in accordance with the retention limits set out by the legislature. If the purpose is no longer valid, your data will be restricted or deleted in accordance with the legal provisions.

To this end, we have created an internal concept to make sure this happens.

Means of contact

If you get in touch with us via the website, you consent to electronic communication.  During electronic contact with us, your personal data will be processed. The information you give will only be used in order to process your request and stored only for potential subsequent queries.

We are happy to inform you of the legal basis for this:
- processing in order to render our services and implement contractual measures as per art. 6 para. 1 b) GDPR

We draw attention to the fact that emails in transit can be read or altered by unauthorized persons. We would also like to draw your attention to the fact that we use software to filter out undesired emails (spam filter). The spam filter may mean emails are rejected if incorrectly identified as spam.

What are your rights?

a) Right of access
You have the right to information about the data stored relating to you. On request, we will tell you in writing which of your personal data we have stored. This will also include the origin and recipients of your data and the purpose of the data processing.

b) Right to rectification
You have the right to correct any incorrect data we hold about you. Here, you can also demand restriction of processing, say, if you challenge the correctness of your personal data.

c) Right to restriction of processing
You can also have your data restricted. So the data restriction is respected, the data must be held in a locked file for control purposes.

d) Right to erasure
You can request the erasure of your personal data if there is no legal reason for it to be retained. If such an obligation exists, we will restrict your data on request. If suitable legal conditions are in place, we will delete your data without your requesting it.

e) Right to data portability
You are entitled to request us to send you the personal data you have provided to us in a format that allows its transfer to a different location.

f) Right to complain to a regulatory authority
You have the option to send a complaint to a responsible data protection authority.

The Data Protection and Freedom of Information Officer for the State of Hessen is:
Postfach 3163
65021 Wiesbaden
Telephone: +49 (0)611 / 1408-0
Fax: +49 (0)611 / 1408-900

You can open the complaints form at the following link:  

Note: a complaint can be sent to any data protection authority within the EU.

g) Right to object
You have the right at any time to object to the processing of your data as per art. 6 para. 1 (e, f) GDPR for reasons relating to your personal situation; this also applies to profiling based on these provisions.

FormMed HealthCare AG will then not process your personal data any further, unless it can demonstrate compelling legally protected reasons for this processing that override your own, or if processing serves the establishment, exercise or defense of legal claims.

If your personal data are processed for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for such purposes; this also goes for profiling, inasmuch as it is connected to direct marketing. In the case of such an objection, we will no longer use your personal data for the purpose of direct advertising. Here, it is enough to send us an email in this regard.

h) Right to revocation
You have right at any time to withdraw consent you have given to the processing of your data with future effect and without giving reasons. By revocation, you incur no disadvantage. Here, it is enough to send us an email in this regard.

Such revocation does not affect the legality of any processing that took place on the basis of art. 6 para. 1 a) GDPR before it was issued.

To exercise your rights as a data subject, send an email to the following address:

Protection of your personal data

We take the most up-to-date contractual, technical and organizational safety measures to ensure that data protection laws are complied with and thus to protect data against accidental or intentional tampering, loss, destruction or unauthorized access.

Our security measures include, in particular, the encrypted transfer of data between your browser and our server. To this end we use 256-bit SSL (AES 256) encryption.

In this, your personal data are protected in the following aspects (excerpt):

a) Guaranteeing the confidentiality of your personal data
To guarantee the confidentiality of your personal data which we store, we have taken numerous access control measures.

b) Guaranteeing the integrity of your personal data
To guarantee the integrity of your personal data which we store, we have taken numerous transfer and input control measures.

c) Guaranteeing the availability of your personal data
To guarantee the availability of your personal data which we store, we have taken numerous order and availability control measures.

The security measures we use are constantly being improved to match technological developments. Despite these precautionary measures, because of the insecure nature of the internet, we cannot guarantee the security of the data you transfer to our website. Because of this, any data transfer to our website by you takes place at your own risk.

Data collection, third-party modules and analysis tools

Server log files

The provider of the pages collects and automatically stores information in so-called “server log files”, transmitted automatically to us by your browser. These include:

- browser type and version
- operating system used
- referrer URL
- host name of the computer making access
- time of server request
- IP address

No collation of these data with other sources is carried out.

The basis for this data processing is our legitimate interest as per art. 6 para. 1 f) GDPR.


Cookies are small text files stored locally in the temporary storage of your internet browser. These cookies allow, say, your browser to be recognized again. The files are used to help the browser navigate through the website and make use of all functions to the fullest extent.
Cookies required for the execution of electronic communications processes or to provide certain functions desired by you (e.g. basket function) are stored on the basis of art. 6 para. 1 f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically flawless and optimized provision of services. If other cookies (e.g. cookies to analyze your surfing behavior) are stored, these will be specially treated in this data protection declaration.

Accordingly, we can store cookies on your device if these are absolutely necessary for the operation of our website. For all other cookie types, we require your consent.
Our website uses various types of cookies. Some cookies are placed by third parties who provide content to our sites.

You can alter or revoke your consent at any time on our website.
Please enter your consent ID and the date if you wish to contact us regarding your consent.

Your consent applies to the following domains:

Your current status: [placeholder_cookiebot_status]

Your consent ID: [placeholder_cookiebot_consentID]

Consent date: [placeholder_cookiebot_consentDate]

Change your consent  |  Revoke your consent

The cookie declaration was last updated on [placeholder_cookiebot_consentDate] by Cookiebot.


This website uses the cookie consent tool made by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”), which places technically obligatory cookies in order to store your preferences. This data processing takes place as per art. 6 para. 1 f) GDPR on the basis of our legitimate interest in the provision of a cookie consent service to website users. You can find more details on data protection in the data protection declaration at

Google Analytics 

This website uses functions of the web analysis service Google Analytics provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. 

Google Analytics uses so-called “cookies,” i.e. small text files saved on your computer that enable your use of our website to be analyzed. The information generated by the cookie on your use of this website will normally be transmitted to and stored at a Google server in the US.  

For further information about Google Analytics’ treatment of user data, please see Google’s Privacy Policy: 

Browser plugin 

You may disable cookies through your browser settings; however, please note that this may prevent you from using every function of this website to its full extent. Furthermore, you may prevent the collection and processing of data generated by the cookie on your use of our website (incl. your IP address) by Google by downloading and installing the browser plugin at the following link: 

Objection to data collection

You can prevent Google Analytics from recording your data by clicking on the following link. It will place an opt-out cookie that prevents the collection of your data every subsequent time you visit this website: Deactivate Google Analytics

Google Analytics’ Demographics and Interests  

This website uses the function “Demographics and Interests” of Google Analytics. This allows reports to be prepared about the age, sex and interests of website users. This data is obtained from interest-based ads from Google and from visitor data of third-party providers. This data cannot be used to identify specific persons. You can disable this function at any time via the display settings on your Google account or disable the collection of your data by Google Analytics by following the procedure described under “Objecting to data collection”. 

Contract data processing 

We concluded a processing agreement with Google and fully apply the strict requirements of German data protection authorities when using Google Analytics. 

IP anonymization 

On this website, we use the function “Enable IP anonymization”. This causes Google to shorten your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptions will your full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to assess your use of our website, compile reports about website activities and to provide further services to the website operator in connection with website and internet use. The IP address transmitted by your browser via Google Analytics will not be merged with other Google data.  

Legal basis 

Google Analytics cookies are saved on the basis of Article 6(1) Letter f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize the website operator’s advertising offers and ads.


DocCheck uses so-called “cookies” – small text files stored in users’ browsers to make use of the services easier. The information generated by these cookies is only transferred to DocCheck servers and is shared neither with the website operator nor with other third parties. Data transfer to countries outside the European Union does not take place. You can find more information in the data protection declaration at

Log data 

When you use DocCheck’s password protection, DocCheck will collect so-called log data (IP address, access date, access time, referrer URL, information about hardware and software used, e.g. browser features or device information, such as resolution) of the user based on the website of the information provider which uses “embedded” or iFrame login.  
This data is not used to draw conclusions about the user’s personal identification, but serves to ensure the correct display of the page or iFrame contents and/or the security of DocCheck services. 

Qualityclick Affiliate Program

The operators of this website use Qualityclick Affiliate Software. The provider is NetSlave GmbH, Simon-Dach-Str. 12, 10245 Berlin, (hereinafter “Qualityclick”).
If you arrive at our website via a banner linked to Qualityclick, our website will store a cookie in your browser. Cookies are small text files stored in the internet browser on the user’s computer. These cookies lose validity after 30 days and are not used to personally identify the user.

With the aid of these cookies, the following information regarding your online purchasing behavior can be tracked:
- Your order ID
- Sales quantity of the purchases you have made
- Purchased products
- Date of purchase

Using the Order ID, we are able until the deactivation of the cookie to determine your identity using our shop backend; however, we will make no use of this ability.
Qualityclick is used for the purpose of targeted advertising campaigns. In this way, for example, we can find out what websites you use to arrive with us and thus select and evaluate our advertising partners accordingly. This represents a legitimate interest in the sense of art. 6 para. 1 f) GDPR. The interests of users of our website are not unduly affected by the use of Qualityclick, as the stored cookies only remain active for 30 days and are never used to identify users.

You can find details on the functions of the Qualityclick Affiliate Software here:

The Netslave data protection declaration is here:

Integration of the Trusted Shops Badge / other widgets

To display Trusted Shops services (e.g. quality seal, collated ratings) and to offer Trusted Shops products to buyers after an order, Trusted Shops widgets are incorporated in this website.

This serves to uphold our legitimate interest, which, in the balance of interests, prevails, in optimal marketing through the facilitation of secure purchasing, as per art. 6 para. 1.1 f) GDPR. The Trust Badge and the services promoted by it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with which we share the position of “controller” as defined in art. 26 GDPR. Within this data protection declaration, we will now inform you of the essence of this contractual relationship as per art. 26 para. 2 GDPR.

The Trust Badge is provided as part of a shared responsibility by a US-based CDN provider (Content Delivery Network). A suitable level of data protection is ensured by standard data protection clauses and further contractual measures. You can find further information on data protection by Trusted Shops GmbH in its Data protection declaration:

When the Trust Badge is selected, the web server automatically saves a so-called “server logfile” containing your IP address, the date and time of the recall, the data quantity transferred and the provider making the request (access data) and documenting the process. The IP address is anonymized directly after recording, meaning that the saved data cannot be assigned to your person. The anonymized data are used in particular for statistical purposes and error analysis.

Once the order is completed, your email address, hashed out using a one-way cryptologically process, will be sent to Trusted Shops GmbH. The legal basis for this is art. 6 para. 1 f) GDPR. This serves to check if you are already registered for services from Trusted Shops GmbH and is thus required for the fulfillment of our and Trusted Shops’ overriding legitimate interest in the provision of buyer protection connected to the concrete order and rendering of transactional assessment services as per art. 6 para. 1.1 f) GDPR. If this is the case, further processing takes place in accordance with the contractual agreement drawn up between you and Trusted Shops. If you are not yet registered for these services, you will then be given the option of registering for them. Further processing once registration is complete is also based on the contractual agreement with Trusted Shops GmbH. If you do not register, all transferred data will be automatically deleted by Trusted Shops GmbH and no personal connection will remain.

For matters under our shared responsibility with Trusted Shops GmbH, please turn in the first instance to Trusted Shops GmbH for questions relating to data protection and to exercise your rights; to do so, use the means of contact contained in the data protection information linked to above. Nevertheless, you can always on principle have recourse to the controller of your choice. Your request will then, if required, be transferred to the other controller for a response.


If you subscribe to our email newsletter, we will regularly send you information about our range. To do so, personal data must be gathered. The only obligatory information required to send you the newsletter is your email address. Further data is provided on a voluntary basis and is used to make personal address to you. These data are used by us for our own advertising purposes in the form of an email newsletter, as long as you have expressly consented to this.

To send the newsletter, we use the so-called “double opt-in” process. This means that we only send you an email newsletter if you have expressly confirmed that you consent to it. We will then send you a confirmation email asking you to click on a link and confirm that you want to receive the newsletter in the future.

On activation of the confirmation link, you give us your consent to the use of your personal data as per art. 6 para. 1 a) GDPR. On your subscription to the newsletter, we will save the IP address entered by your internet service provider (ISP) and the date and time of registration, in order to track any potential misuse of your email address at a later date.

You can unsubscribe to the newsletter at any time using the link in the newsletter or by sending a suitable email to us at You also have the option of unsubscribing in your customer account or using the form at Once you have successfully unsubscribed, your email address will be deleted promptly from our newsletter distribution list and placed in a blacklist to ensure revocation is effective.

Newsletter distribution via CleverReach

Distribution of our newsletter is carried out by the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany (“CleverReach”), to which we transfer the data you sent when subscribing to the newsletter. This data transfer takes place as per Art. 6 para. 1 f) GDPR on the basis of our legitimate interest in the use of a newsletter system that is effective for advertising, secure and user-friendly. The data you enter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland.

CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation, the email sent contains so-called “web beacons” or “tracking pixels”, consisting of a one-pixel image that is stored on our website. This lets us determine whether a newsletter has been opened and which links have been clicked.

With the aid of so-called “conversion tracking”, we can also analyze whether a previously defined action takes place after the link is clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type, operating system). The data are only ever anonymously collected and are not linked to your other personal data. Direct links to your person are impossible. These data are solely used for the statistical analysis of newsletter campaigns. The results of such analysis can be used to better adapt future newsletters to your interests.

If you wish to object to such data analysis for statistical purposes, you must unsubscribe to newsletter.

We have concluded a processing contract with CleverReach in which we oblige CleverReach to secure our customers’ data and not transfer them to third parties.

You can find further information on the data analysis by CleverReach at:

The CleverReach data protection declaration is here:

Transfer of personal data for order processing

The personal data we gather are transferred in the course of contractual processing to the transport companies we use for shipment, if this is necessary to ensure delivery. We transfer payment data during payment processing to the credit institution involved.

For PayPal payments, PayPal debit or – if offered – “purchase on account” via PayPal, we will transfer your payment data for processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal retains the right to carry out a credit check for the payment methods credit card via PayPal, debit via PayPal or – if offered – “purchase on account” via PayPal. The result of the credit check with relation to the statistical likelihood of default is used by PayPal for the purpose of deciding whether to provide the relevant payment method. The credit check can contain probabilistic values (so-called “scores”). If scores are used to form the result of the credit check, these will be based on a scientifically recognized mathematical/statistical process. In the calculation of the score values, address data are included, among other things.

You can find further data protection information, including regarding the credit agencies used, in PayPal’s data protection declaration:

For payments by credit card and SEPA direct debit, the payment is processed via the payment services provider Computop GmbH, Schwarzenbergstraße 4, 96050 Bamberg. During the order process, the information you give, alongside the order information (name, address, credit card number or IBAN, invoice amount, currency and transaction number) are transferred. The transfer of your data takes place exclusively for the purpose of payment handling in collaboration with Computop GmbH. More details on data protection at Computop GmbH can be found here:

Transfer of your data to shipping services DHL/DPD

Delivery of the goods will take place using the transport service providers DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn) and DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg). For the purpose of delivery, as per art. 6 para. 1 b) GDPR, we only give the name of the recipient and delivery address to DHL or DPD.

Changes to our data protection declaration

We retain the right to adjust our data protection information at short notice, in order to ensure it always reflects the current legal requirements or to implement changes to our services. This could reflect e.g. the introduction of new services. The new data protection declaration will then apply to your next visit.


As of: November 2021


Consultation, contact and information material. Click here!

Individual consultation

Request a callback