Privacy policy

Privacy Policy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

WHO IS RESPONSIBLE FOR DATA COLLECTION ON THIS WEBSITE?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the “Information on the Responsible Party” section of this privacy policy.

HOW DO WE COLLECT YOUR DATA?

Your data is collected in part when you provide it to us. This may, for example, be data you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.

WHAT DO WE USE YOUR DATA FOR?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given your consent to data processing, you may revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this and any other questions regarding data protection.

Analysis Tools and Third-Party Tools

When you visit this website, your surfing behavior may be statistically analyzed. This happens mainly using so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

We use the following host(s):

dogado GmbH
Antonio-Segni-Straße 11
D-44263 Dortmund

General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

medical bees GmbH
Friedrich-Wöhler-Straße 13
78576 Emmingen
Germany

Phone: +49 (74 65) 929 83 10
Email: info@medical-bees.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

Data Protection Officer

You can reach our Data Protection Officer as follows:

Michael Weinmann

Phone: +49 7158 12 84 43 4

Email: michael.weinmann@dsb-office.de

You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

Storage Duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special data categories according to Art. 9 para. 1 GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your terminal device (e.g., via device fingerprinting), the data processing is additionally based on § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest under Art. 6 para. 1 lit. f GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this privacy policy.

Notice Regarding Data Transfer to Non-Secure Third Countries and Transfer to US Companies Not Certified under the DPF

We use tools from companies based in non-secure third countries under data protection law as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data can be transferred to these states and processed there. We point out that in non-secure third countries, no level of data protection comparable to that in the EU can be guaranteed.

We point out that the USA is considered a secure third country in principle. Data transfer to the USA is therefore permissible if the recipient has certification under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of Personal Data

In the course of our business activities, we work with various external parties. In some cases, it is also necessary to transfer personal data to these external parties. We only pass on personal data to external parties if this is necessary in the context of contract fulfillment, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR in the transfer, or if another legal basis permits the data transfer. When using processors, we only pass on our customers’ personal data on the basis of a valid processing contract. In the case of joint processing, a contract for joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims (objection under Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection under Art. 21 para. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Information, Correction, and Deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to correction or deletion of this data. For this purpose and for further questions on the subject of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored with us, we usually need time to check this. For the duration of the check, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
If you have lodged an objection under Art. 21 para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies necessary for carrying out the electronic communication process, providing certain functions you have requested (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie consent technology to obtain your consent for storing certain cookies in your browser or for the use of certain technologies in a data protection-compliant manner. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to Borlabs Cookie’s provider.

The collected data will be stored until you request us to delete it, you delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Borlabs Cookie’s data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of the Borlabs Cookie consent technology is carried out to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website — for this, the server log files must be recorded.

5. Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass this data on without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.

Request by E-mail, Phone, or Fax

If you contact us by e-mail, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions — in particular statutory retention periods — remain unaffected.

Analysis Tools

Plausible Analytics

We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

With Plausible Analytics, we can analyze the behavior of our website visitors. For this purpose, mainly the following data is collected: page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. HTTP request and IP address are stored in a hash for 24 hours; within this period, a user can be recognized if they visit the website again. Personal identification is not possible.

Where consent (consent) has been obtained, the above service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in a meaningful analysis of user behavior on its website.

Further information on technical implementation can be found here: https://plausible.io/privacy-focused-web-analytics.

Further information on data protection at Plausible can be found at https://plausible.io/data-policy.

DATA PROCESSING AGREEMENT

We have concluded a data processing agreement (DPA) for the use of the above service. This is a contract required under data protection law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Plugins and Tools

YouTube

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.

If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. More information can be obtained from the provider at: https://www.dataprivacyframework.gov/

YouTube Videos in Extended Privacy Mode (YouTube-NoCookies)

Some subpages of our website contain links or connections to the YouTube offering. In general, we are not responsible for the content of linked websites. If you follow a link to YouTube, please note that YouTube stores its users’ data (e.g., personal information, IP address) according to its own data usage policies and uses it for business purposes.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We also embed videos stored on YouTube directly on some subpages of our website. In this embedding, content from the YouTube website is displayed in parts of a browser window. When you access a subpage of our website that includes embedded YouTube videos, a connection to YouTube’s servers is established and the content is displayed on the website by notifying your browser.

The embedding of YouTube content is done only in “extended privacy mode.” YouTube provides this itself and ensures that YouTube does not initially store any cookies on your device. When you access the relevant pages, however, your IP address and possibly other data are transmitted, informing which of our pages you have visited. This information cannot be attributed to you unless you are logged in to YouTube or another Google service before accessing the page or are permanently logged in. As soon as you start playing an embedded video by clicking it, YouTube only stores cookies on your device that do not contain personally identifiable data, unless you are currently logged into a Google service. These cookies can be prevented through appropriate browser settings and extensions.

Requesting the video also constitutes your consent for the placement of the corresponding cookie (Art. 6 para. 1 sentence 1 lit. a GDPR).

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR therefore exists, allowing the transfer of personal data without further guarantees or additional measures.

YouTube’s privacy policy can be found at: https://www.google.de/intl/en/policies/privacy/.

Google Fonts (Local Hosting)

This site uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. The Google Fonts are installed locally. There is no connection to Google’s servers.

More information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With reCAPTCHA, it is checked whether data entry on this website (e.g., in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, how long the visitor stays on the website, or user mouse movements). The data collected during the analysis is forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not advised that an analysis is taking place.

The storage and analysis of the data are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and SPAM. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in the Google privacy policy and the Google terms of use at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

The company is certified under the EU-US Data Privacy Framework (DPF). An adequacy decision under Art. 45 GDPR therefore exists, allowing the transfer of personal data without further guarantees or additional measures.

OpenStreetMap

We have integrated map sections of the online mapping tool “OpenStreetMap” on our website. This is an open-source mapping that we can access via an API (interface). This function is offered by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this service, for example, our location can be displayed and a possible journey made easier.

When you access the subpages that contain OpenStreetMap, information about your use of our website (such as your IP address, browser data, device type, operating system) is transmitted to and stored by OpenStreetMap.

OpenStreetMap uses the content delivery network (CDN) of Fastly, Inc., PO Box 78266, San Francisco, CA 94107, USA (fastly) to speed up the service. A CDN is a service that helps deliver the content of our online offer, especially large media files such as graphics or scripts, faster using regionally distributed, Internet-connected servers. Your data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of the CDN.

Fastly, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR therefore exists, allowing the transfer of personal data without further guarantees or additional measures.

Fastly transmits personal data from log files (e.g., IP addresses) to the USA for each data processing operation, as certain servers for processing log files are located only in the USA. Fastly has therefore committed to complying with the standards and regulations of European data protection law. Fastly’s current privacy policy can be found at: https://www.fastly.com/de/privacy/.

If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR.

Detailed information about OpenStreetMap can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Own Services

Handling Applicant Data

We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will comply with applicable data protection law and all other legal provisions, and that your data will be treated with strict confidentiality.

SCOPE AND PURPOSE OF DATA COLLECTION

If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) as far as necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

STORAGE PERIOD OF THE DATA

If we are unable to offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period (e.g., due to a pending or imminent legal dispute), it will only be deleted once the purpose for further storage no longer applies.

Longer storage may also take place if you have given consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

INCLUSION IN THE APPLICANT POOL

If we do not offer you a job, there may be an option to include you in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if suitable vacancies arise.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and unrelated to the ongoing application process. The applicant may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no statutory reasons for retention.

Data from the applicant pool will be irrevocably deleted at the latest two years after consent has been given.

Processing of Customer and Supplier Data

Type and Purpose of Processing:

To process customer orders and procurement processes, we process personal data of our customers and suppliers as well as the individual contacts at our customers/suppliers. We store the data in our ERP system and use it in all processes for service fulfillment and procurement. We also use the data to actively address customers and maintain supplier relations including internal supplier evaluations.

Legal Basis:

To fulfill contractual obligations (Art. 6 para. 1 lit. b GDPR): Data processing is carried out to execute our contract. Due to legal requirements (Art. 6 para. 1 lit. c GDPR): We are subject to various legal obligations that require data processing. These include, for example:

Tax laws and statutory accounting
Responding to requests from supervisory or law enforcement authorities
Fulfilling tax control and reporting obligations

Furthermore, the disclosure of personal data may be required within official/judicial measures for evidence collection, criminal prosecution, or the enforcement of civil law claims. As part of balancing interests (Art. 6 para. 1 lit. f GDPR): Where necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Examples include:

Processing in the CRM system for active customer contact
Supplier evaluation
Assertion of legal claims and defense in legal disputes

Recipients:

Employees for contact with you and the contractual cooperation (including the fulfillment of pre-contractual measures). Your data may be passed on to service providers who work for us as processors, e.g., support or maintenance of IT or applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially. Data will only be passed on to recipients outside our company if this is permitted under applicable data protection laws. Recipients of personal data may include:

Public bodies and institutions (e.g., tax or law enforcement authorities) if there is a legal or official obligation
Credit and financial service providers (payment processing)
Tax advisors or auditors (statutory audit obligation)

Storage Period:

We process and store your personal data as long as necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted. Exceptions arise,

if legal retention obligations exist, e.g., Commercial Code (HGB) and Tax Code (AO). The retention and documentation periods specified there are generally six to ten years;
to preserve evidence within the statutory limitation periods. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

If data processing is based on our or a third party’s legitimate interest, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned apply here.

Third Country Transfer:

Your data will only be processed within the European Union and countries within the European Economic Area (EEA).

Revocation of Consent:

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Article 6 para. 1 lit. f GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision in accordance with Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

Provision Mandatory or Required:

In the context of the contractual relationship, you must provide the personal data that is necessary for the establishment, implementation, and termination of the contractual relationship and for the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

Microsoft Teams

We use the “Microsoft Teams” (“MS Teams”) tool to conduct our communication, both in writing (chat) and in the form of conference calls, online meetings, and video conferences. The operator of the service is Microsoft Ireland Operations Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations Ltd. is part of the Microsoft Corporation, headquartered at One Microsoft Way, Redmond, Washington, USA.

When using MS Teams, the following personal data is processed:

Meetings, chats, voicemails, shared files, recordings, and transcriptions.
Data shared about you. Examples include your email address, profile picture, and phone number.
A detailed history of the calls you make.
Call quality data.
Support/feedback data: Information related to troubleshooting tickets or feedback sent to Microsoft.
Diagnostic and service data: Diagnostic data related to service usage.

To enable video display and audio playback, the data from your device’s microphone and any video camera is processed for the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time via the MS Teams applications.

Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. In the context of an employment relationship, such processing is based on Section 26 BDSG. The legal basis for using MS Teams in contractual relationships is Art. 6 para. 1 lit. b GDPR. In all other cases, the legal basis for processing your personal data is Art. 6 para. 1 lit. f GDPR. Our interest here is in the effective conduct of online meetings.

If we record online meetings, we will inform you in advance and, if necessary, ask for your consent to the recording. If you do not wish to be recorded, you can leave the online meeting.

As a cloud-based service, MS Teams processes the mentioned data as part of providing the service. To the extent that MS Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for that use and is responsible for complying with applicable laws and obligations of a data controller. If you access the MS Teams website, Microsoft is responsible for the data processing. Accessing the website is required to download the MS Teams software.

If you do not want or cannot download the software, the service can be provided via your browser and thus also via Microsoft’s website.

Detailed information on data protection at Microsoft, in connection with MS Teams, can be found at: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.

Our Activities in Social Networks

In order to communicate with you in social networks and inform you about our services, we are present there with our own pages. When you visit one of our social media pages, we and the provider of the respective social media platform are jointly responsible for the data processing triggered by this visit within the meaning of Art. 26 GDPR.

We are not the original provider of these pages but use them within the framework of the options offered to us by the respective providers. We therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you because the enforcement of your rights (e.g., to information, deletion, objection, etc.) could be more difficult and processing in social networks often takes place directly for advertising purposes or for analyzing user behavior by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned directly to your own member profile in the social networks.

The described processing of personal data takes place in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to communicate with you in a contemporary manner or to inform you about our services. If you have to give consent to data processing as a user to the respective providers, the legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the providers’ data stocks, we point out that you should assert your rights (e.g., to information, correction, deletion, etc.) directly with the respective provider. For further information on the processing of your data in social networks and your right to object, we refer you to the respective provider’s privacy policy:

Facebook

(Joint) Controller for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Instagram

(Joint) Controller for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

LinkedIn

(Joint) Controller for data processing in Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

YouTube

(Joint) Controller for data processing in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Currency and Change of This Privacy Policy

This privacy policy is currently valid and has the status: June 2025.

Due to the further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.medical-bees.de/en/privacy-policy/.

Zurück zur Startseite