Data Protection

Information on the data processing carried out for this website as per art. 13 EU General Data Protection Regulation (GDPR) on the collection of personal data from data subjects.

FormMed HealthCare AG is the controller of this website. As the provider of a teleservice, at the beginning of your visit, it has to inform you of the type, extent and purpose of the collection and use of personal data in a transparent, comprehensible and easily accessible form, using clear, simple language. This content must always be available to you.

We give great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the current European and national legislation.

With the below data protection regulation, we want to show you how we handle your personal data and how you can get in touch with us:

FormMed HealthCare AG
Schönberger Weg 13
60488 Frankfurt am Main
Germany
Commercial registry No.: HRB 89952
Board: Dr. med. Martin Lemperle, Jan Moch
Telephone: +49 (0)69 / 76805698-22
E-Mail: info@formmed.de

Our data protection officer:
Alissa Lenz / Sven Lenz
Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten   
Germany

For data protection questions or additional data protection requests, you can send an email to the following address: datenschutz@formmed.de

A. General

This data protection declaration has been written, as far as possible, using gender-neutral language. For definitions of the terms “personal data” and “processing”, see art. 4 GDPR.

The personal data processed by this website include
- Basic data (e.g. customer names and addresses),
- Contractual data (e.g. services used, payment information),
- User data (e.g. pages visited on our website) and
- Content data (e.g. entries in online forms).

B. Specific

Data protection information

We guarantee that we will only process the data you provide in connection with handling your queries, for internal purposes or to render or provide the services and content you have requested.

Legal basis of data processing

We only process your personal data in compliance with the relevant data protection provisions. The legal reasons are:
- To render our contractual services
- Processing is a legal requirement
- You have given consent electronically (e.g. by subscribing to the newsletter)
- To exercise our legitimate interest

We will be happy to show you where the above legal principles are set out.

Processing in order to render our services and implement contractual measures:
Art. 6 para. 1 b) GDPR

Processing to fulfill our legal obligations:
Art. 6 para. 1 c) GDPR

Consent:
Art. 6 para. 1 a) and art. 7 GDPR

Processing to exercise our legitimate interest:
Art. 6 para. 1 f) GDPR

Data transfer to third parties

We are obliged to make it known that data transfer to third parties does take place.

Transfer of your data to third parties only takes place within the framework of the legal regulations in force. We only transfer your data if this is necessary for contractual purposes or on the basis of legitimate interests in the economic and effective continuation of our business operations.

If we use subcontractors to provide our services, we take suitable legal precautions and implement technical and organizational measures to ensure the protection of personal data in accordance with the legal regulations.

Data transfer to third countries or international organizations

Third countries are those where the GDPR is not directly applicable. This fundamentally covers all countries outside the EU and European Economic Area.

No data transfer takes place to third countries or international organizations without a legal reason being given.

Duration of storage of your personal data

We stand by the principles of data avoidance and data minimization. This means we only store your data for the length of time necessary to achieve the purposes described here or in accordance with the retention limits set out by the legislature. If the purpose is no longer valid, your data will be restricted or deleted in accordance with the legal provisions.

To this end, we have created an internal concept to make sure this happens.

Means of contact

If you get in touch with us via the website, you consent to electronic communication.  During electronic contact with us, your personal data will be processed. The information you give will only be used in order to process your request and stored only for potential subsequent queries.

We are happy to inform you of the legal basis for this:
- processing in order to render our services and implement contractual measures as per art. 6 para. 1 b) GDPR

We draw attention to the fact that emails in transit can be read or altered by unauthorized persons. We would also like to draw your attention to the fact that we use software to filter out undesired emails (spam filter). The spam filter may mean emails are rejected if incorrectly identified as spam.

What are your rights?

a) Right of access
You have the right to information about the data stored relating to you. On request, we will tell you in writing which of your personal data we have stored. This will also include the origin and recipients of your data and the purpose of the data processing.

b) Right to rectification
You have the right to correct any incorrect data we hold about you. Here, you can also demand restriction of processing, say, if you challenge the correctness of your personal data.

c) Right to restriction of processing
You can also have your data restricted. So the data restriction is respected, the data must be held in a locked file for control purposes.

d) Right to erasure
You can request the erasure of your personal data if there is no legal reason for it to be retained. If such an obligation exists, we will restrict your data on request. If suitable legal conditions are in place, we will delete your data without your requesting it.

e) Right to data portability
You are entitled to request us to send you the personal data you have provided to us in a format that allows its transfer to a different location.

f) Right to complain to a regulatory authority
You have the option to send a complaint to a responsible data protection authority.

The Data Protection and Freedom of Information Officer for the State of Hessen is:
Postfach 3163
65021 Wiesbaden
Germany
Telephone: +49 (0)611 / 1408-0
Fax: +49 (0)611 / 1408-900

You can open the complaints form at the following link: datenschutz.hessen.de/service/beschwerde  

Note: a complaint can be sent to any data protection authority within the EU.

g) Right to object
You have the right at any time to object to the processing of your data as per art. 6 para. 1 (e, f) GDPR for reasons relating to your personal situation; this also applies to profiling based on these provisions.

FormMed HealthCare AG will then not process your personal data any further, unless it can demonstrate compelling legally protected reasons for this processing that override your own, or if processing serves the establishment, exercise or defense of legal claims.

If your personal data are processed for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for such purposes; this also goes for profiling, inasmuch as it is connected to direct marketing. In the case of such an objection, we will no longer use your personal data for the purpose of direct advertising. Here, it is enough to send us an email in this regard.

h) Right to revocation
You have right at any time to withdraw consent you have given to the processing of your data with future effect and without giving reasons. By revocation, you incur no disadvantage. Here, it is enough to send us an email in this regard.

Such revocation does not affect the legality of any processing that took place on the basis of art. 6 para. 1 a) GDPR before it was issued.

To exercise your rights as a data subject, send an email to the following address: datenschutz@formmed.de

Protection of your personal data

We take the most up-to-date contractual, technical and organizational safety measures to ensure that data protection laws are complied with and thus to protect data against accidental or intentional tampering, loss, destruction or unauthorized access.

Our security measures include, in particular, the encrypted transfer of data between your browser and our server. To this end we use 256-bit SSL (AES 256) encryption.

In this, your personal data are protected in the following aspects (excerpt):

a) Guaranteeing the confidentiality of your personal data
To guarantee the confidentiality of your personal data which we store, we have taken numerous access control measures.

b) Guaranteeing the integrity of your personal data
To guarantee the integrity of your personal data which we store, we have taken numerous transfer and input control measures.

c) Guaranteeing the availability of your personal data
To guarantee the availability of your personal data which we store, we have taken numerous order and availability control measures.

The security measures we use are constantly being improved to match technological developments. Despite these precautionary measures, because of the insecure nature of the internet, we cannot guarantee the security of the data you transfer to our website. Because of this, any data transfer to our website by you takes place at your own risk.

Data collection, third-party modules and analysis tools

Server log files

The provider of the pages collects and automatically stores information in so-called “server log files”, transmitted automatically to us by your browser. These include:

- browser type and version
- operating system used
- referrer URL
- host name of the computer making access
- time of server request
- IP address

No collation of these data with other sources is carried out.

The basis for this data processing is our legitimate interest as per art. 6 para. 1 f) GDPR.

Cookies

Cookies are small text files stored locally in the temporary storage of your internet browser. These cookies allow, say, your browser to be recognized again. The files are used to help the browser navigate through the website and make use of all functions to the fullest extent.
Cookies required for the execution of electronic communications processes or to provide certain functions desired by you (e.g. basket function) are stored on the basis of art. 6 para. 1 f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically flawless and optimized provision of services. If other cookies (e.g. cookies to analyze your surfing behavior) are stored, these will be specially treated in this data protection declaration.

Accordingly, we can store cookies on your device if these are absolutely necessary for the operation of our website. For all other cookie types, we require your consent.
Our website uses various types of cookies. Some cookies are placed by third parties who provide content to our sites.

You can alter or revoke your consent at any time on our website.
Please enter your consent ID and the date if you wish to contact us regarding your consent.

Your consent applies to the following domains: www.formmed.de

Your current status: [placeholder_cookiebot_status]

Your consent ID: [placeholder_cookiebot_consentID]

Consent date: [placeholder_cookiebot_consentDate]

Change your consent  |  Revoke your consent

The cookie declaration was last updated on [placeholder_cookiebot_consentDate] by Cookiebot.

Cookiebot

We use Cookiebot to display cookie banners. Cookiebot is a product of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereinafter Cybot.
Cookiebot informs you about the use of cookies on the website and allows you to make a decision about their use.

If you agree to the use of cookies, the following data will be automatically recorded by Cybot:
- your anonymized IP address
- the date and time of your consent
- the user agent of your browser
- the provider's URL
- an anonymous, random, and encrypted key
- your cookie status which serves as proof of consent

The encrypted key and cookie status are stored by means of a cookie on your device to enable the corresponding cookie status to be restored when you return to our site. This cookie automatically deletes after 12 months.

The legal basis for this processing of data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is in the user-friendliness of the website and the fulfillment of the statutory requirements of GDPR.

You can prevent cookies from being installed and/or delete this cookie by adjusting the settings on your internet browser.

Go to this link to read the Cybot privacy policy:
https://www.cookiebot.com/de/privacy-policy/

Matomo Analytics 

Our website uses Matomo, open-source software used to statistically evaluate visitor access and user behavior.
The provider of the Matomo software is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.
Matomo is deactivated when you first visit our website. Only if you actively consent will your usage behavior be anonymously recorded.

Matomo uses cookies, which are stored on your computer and allow the anonymized analysis of your use of the website.
These data cannot be traced back to a particular person, as your IP address is immediately anonymized after processing and before storage.
Thus, you as a user remain anonymous. The information created by the cookie regarding your usage behavior is not transferred to third parties.

You have the option to prevent the storing of cookies by changing your browser settings.
We would like to draw your attention to the fact that certain settings may mean that you are no longer able to use all functions of this website.

You can find more information on the private sphere settings of Matomo software at: https://matomo.org/docs/privacy/.

Data erasure takes place as soon as the data are no longer necessary for our purposes. For us, this takes place automatically after 6 months.

The legal basis for the processing of personal data using cookies is art. 6 para. 1 (f) GDPR.

You can object in three different ways to the processing of data by Matomo: firstly, you can prevent the storage of cookies on your browser in toto. This will lead to your no longer being able to use certain functions of our website which require identification.

Secondly, you can activate the setting “do-not-track” in your browser to communicate to the website that you do not wish your user activity to be tracked. Matomo accepts and respects this setting.

Thirdly, you can object at any time to the storage and evaluation of data by Matomo. Simply click on Cookie settings and push the control button for the cookie category “statistics” to the left. Then click the button “accept selection”.

DocCheck 

DocCheck uses so-called “cookies” – small text files stored in users’ browsers to make use of the services easier. The information generated by these cookies is only transferred to DocCheck servers and is shared neither with the website operator nor with other third parties. Data transfer to countries outside the European Union does not take place. You can find more information in the data protection declaration at http://www.doccheck.ag/en/privacy/. 

Log data
When you use DocCheck’s password protection, DocCheck will collect so-called log data (IP address, access date, access time, referrer URL, information about hardware and software used, e.g. browser features or device information, such as resolution) of the user based on the website of the information provider which uses “embedded” or iFrame login.
This data is not used to draw conclusions about the user’s personal identification, but serves to ensure the correct display of the page or iFrame contents and/or the security of DocCheck services.

Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our range. To do so, personal data must be gathered. The only obligatory information required to send you the newsletter is your email address. Further data is provided on a voluntary basis and is used to make personal address to you. These data are used by us for our own advertising purposes in the form of an email newsletter, as long as you have expressly consented to this.

To send the newsletter, we use the so-called “double opt-in” process. This means that we only send you an email newsletter if you have expressly confirmed that you consent to it. We will then send you a confirmation email asking you to click on a link and confirm that you want to receive the newsletter in the future.

On activation of the confirmation link, you give us your consent to the use of your personal data as per art. 6(1)(a) GDPR. On your subscription to the newsletter, we will save the IP address entered by your internet service provider (ISP) and the date and time of registration, in order to track any potential misuse of your email address at a later date.

You can unsubscribe to the newsletter at any time using the link in the newsletter or by sending a suitable email to us at info@formmed.de. You also have the option of unsubscribing in your customer account or using the form at https://www.formmed-shop.de/newsletter. Once you have successfully unsubscribed, your email address will be deleted promptly from our newsletter distribution list and placed in a blacklist to ensure revocation is effective.

Newsletter distribution via CleverReach

Distribution of our newsletter is carried out by the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany (“CleverReach”), to which we transfer the data you sent when subscribing to the newsletter. This data transfer takes place as per Art. 6 para. 1 f) GDPR on the basis of our legitimate interest in the use of a newsletter system that is effective for advertising, secure and user-friendly. The data you enter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland.

CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation, the email sent contains so-called “web beacons” or “tracking pixels”, consisting of a one-pixel image that is stored on our website. This lets us determine whether a newsletter has been opened and which links have been clicked.

With the aid of so-called “conversion tracking”, we can also analyze whether a previously defined action takes place after the link is clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type, operating system). The data are only ever anonymously collected and are not linked to your other personal data. Direct links to your person are impossible. These data are solely used for the statistical analysis of newsletter campaigns. The results of such analysis can be used to better adapt future newsletters to your interests.

If you wish to object to such data analysis for statistical purposes, you must unsubscribe to newsletter.

We have concluded a processing contract with CleverReach in which we oblige CleverReach to secure our customers’ data and not transfer them to third parties.

You can find further information on the data analysis by CleverReach at: https://www.cleverreach.com/en/features/reporting-tracking/.

The CleverReach data protection declaration is here: https://www.cleverreach.com/en/privacy-policy/.

Instagram

Data Protection Information about the Collection of Personal Data and the Contact Details of the Controller

This will inform you about how we treat your personal data in relation to FormMed HealthCare AG’s Instagram page. Personal data means any data that can be used to identify you personally.
Because we use the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, for the information service offered by “formmedhealthcare” on Instagram, we are “joint controllers” within the meaning of Article 26 of the GDPR with Instagram Inc. (“Instagram”) for the processing of your personal data on this Internet presence.

Instagram is a subsidiary of Facebook Inc. and shares its infrastructure, systems, technology and, if applicable, personal data (e.g., private data, IP addresses, etc.) with Facebook and other Facebook subsidiaries.
On our Instagram page, personal data is processed by us (see 1) and by Facebook, the operator of the Instagram platform (see 2).

Please be careful about which personal data you share with us on Instagram. If you visit our Instagram page while you are logged in to your Instagram account, Instagram can assign your visit to your Facebook profile. Please note that Instagram transfers this data to Facebook and to Facebook’s subsidiaries. Facebook stores and uses data of its users (e.g., personal information, IP address, etc.) for commercial purposes.
For more information about data processing by Instagram and Facebook, please see https://www.instagram.com/legal/privacy/ and https://www.facebook.com/policy.php.

Personal Data Processing by FormMed HealthCare AG
The data processing controller within the meaning of the EU General Data Protection Regulation (GDPR) is FormMed HealthCare AG, Schönberger Weg 13, 60488 Frankfurt, Germany, Tel.: +49 (0) 69 768 056 98-22, E-Mail: info@formmed.de, where data you provide to us via Facebook is processed by us.

Contact details of FormMed HealthCare AG’s Data Protection Officer
Alissa Lenz / Sven Lenz
Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten    
Germany
E-Mail: datenschutz@formmed.de

When you contact us (e.g., via a contact form or by liking or commenting on our posts or following us), we will collect personal data. Which data we collect when you contact us via a contact form is stated on the contact form. We only use and store this data to reply to your inquiry or to contact you, and for technical administration purposes. The legal basis for processing this data is our legitimate interest under Article 6(1)(f) of the GDPR in responding to your inquiry.

If you contact us to enter into a contract with us, Article 6(1)(b) of the GDPR will serve as an additional legal basis for processing your data. Your data will be erased after your inquiry is processed, unless further legal storage obligations apply. Your inquiry will be assumed to have been fully pro-cessed when the circumstances make it evident that the matter has been settled.
If necessary for processing your payment, your payment data will be transferred to the commissioned credit institution as part of the payment process. The legal basis for transferring this data is Article 6(1)(b) of the GDPR.

The data you enter on Instagram, especially your username and content published on your ac-count, will be processed by us when we link or reply to your posts or create posts that refer to your account. The data that is published freely by you on Instagram and processed is thereby included in our offer and made available to our followers.
The recipients of the data you enter or disclose on your Instagram page are also Instagram and Facebook by whom your data may be used for own purposes or transferred to third parties. The recipient of personal data that is published, e.g., as part of a post, also includes the public, i.e., potentially anyone.

How long personal data is stored depends on the respective legal basis, processing purposes and — if applicable — the storage period required by law (e.g., under commercial or tax law). Personal data that is processed on the basis of explicit consent under Article 6(1)(a) of the GDPR will be stored until this consent is withdrawn by the data subject. If data that is processed as part of contractual or quasi-contractual obligations under Article 6(1)(b) of the GDPR is subject to legal storage obligations, this data will be erased when these storage periods expire if it is no longer necessary for the performance of or entering into a contract, and/or we have no legitimate interest in further processing.

Personal data processed on the basis of Article 6(1)(f) of the GDPR will be stored until the data subject exercises the right to object under Article 21(1) of the GDPR, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defense of defense of legal claims.

Personal data processed on the basis of Article 6(1)(f) of the GDPR will be stored until the data subject exercises the right to object under Article 21(1) of the GDPR, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defense of defense of legal claims.

Personal data processed on the basis of Article 6(1)(f) of the GDPR for direct marketing purposes will be stored until the data subject exercises the right to object under Article 21(1) of the GDPR. Unless required otherwise herein for particular processing situations, stored personal data will be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Personal Data Processing by Instagram and Facebook
Where data you transmit to us is also or exclusively processed by Facebook (Page Insights), Face-book Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, will serve as another controller within the meaning of the General Data Protection Regulation (GDPR) in addition to us. Such data is processed on the basis of a joint controller agreement under Article 26 of the GDPR which you may view here: https://www.facebook.com/legal/terms/page_controller_addendum.

Facebook’s Data Protection Officer
May be contacted via the online contact form provided by Facebook at https://www.facebook.com/help/contact/540977946302970.

FormMed HealthCare AG’s Instagram page is part of the Facebook-operated online platform, https://www.instagram.com/. For the processing purposes (especially displaying ads on and operating the platform), the legal bases and legitimate interests of Instagram, please see Instagram’s Data Policy at https://help.instagram.com/519522125107875.

We have no influence over data collection or further processing by Instagram. Nor do we learn the scope or location of or period for which data on access to our Instagram page is stored by Instagram and Facebook, the extent to which Facebook complies with erasure obligations, how this data is assessed or linked by Instagram or Facebook, or to whom this data is transferred.

Which personal data and information on users of the platform is received and how this data and information is used by Instagram and Facebook is outlined in Instagram’s Data Policy at https://help.instagram.com/519522125107875.

When you use Instagram, your personal data will be transmitted to and collected, stored, disclosed, and used by Instagram and, irrespective of your habitual residence, transferred to and stored, and used in the United States, Ireland, and every other country in which Facebook Inc. is active.

Instagram and Facebook will process your freely-entered data, such as your name, username, email address and telephone number.

Instagram and Facebook also analyze your shared content to determine what interests you and store and process confidential messages you send directly to other users and may use GPS data, wireless network information or your IP address to determine your location to send you ads and other content.

Facebook also learns, e.g., which content you view even if you do not have an account. Such so-called “log files” may include your IP address, browser type, operating system, last-viewed website, accessed pages, location, mobile service provider, device (including your device ID and application ID), search terms, and cookie information.

Furthermore, use of certain Facebook products, e.g., the so-called “Facebook Business Tools” and the resulting data processing are subject to an additional agreement between us and Facebook Ireland Ltd. as joint controllers within the meaning of Article 26 of the GDPR and which may be viewed at https://www.facebook.com/legal/controller_addendum.

Data Processing for Statistical and Marketing Purposes
Instagram provides so-called Page Insights for our Instagram page. Page Insights consist of summary data that informs us how persons interact with our page and may be based on personal data that is collected when persons visit or interact on or with our page and its content. This data is collected for the purposes of our legitimate interests under Article 6(1)(f) of the GDPR in the optimal display of our offer and effective communication with customers. You may object to the processing of your data for the above-stated purposes at any time by adjusting the ad display settings of your Instagram account at https://www.facebook.com/settings?tab=ads.

Data Subject Rights
Under the General Data Protection Regulation (GDPR), you have the following data subject rights (rights to information and intervention) against us for the processing of your personal data:

- Right of access under Article 15 of the GDPR
- Right to rectification under Article 16 of the GDPR
- Right to erasure under Article 17 of the GDPR
- Right to restriction of processing under Article 18 of the GDPR
- Right to notification under Article 19 of the GDPR
- Right to data portability under Article 20 of the GDPR
- Right to withdraw consent under Article 7(3) of the GDPR
- Right to lodge a complaint under Article 77 of the GDPR

General Right to Object
Where we process your personal data based on our overriding legitimate interests, you have the right to object to us, on grounds related to your particular situation, to the processing of personal data concerning you at any time. If you exercise this right to object, we will no longer process your data. Nonetheless, further processing remains reserved if we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establish-ment, exercise or defense of legal claims.

Changes to our data protection declaration

We retain the right to adjust our data protection information at short notice, in order to ensure it always reflects the current legal requirements or to implement changes to our services. This could reflect e.g. the introduction of new services. The new data protection declaration will then apply to your next visit.

As of: May 2022