privacy policy

We take the protection of personal data very seriously.

 

Therefore, we strictly adhere to the rules of the data protection laws of the Federal Republic of Germany (BDSG) and the European Data Protection Regulation (GDPR). 

Data Controller 

Responsible Data Controller for the collection, processing and use of your personal data in the context of the GDPR is: PXG Health Tech GmbH, Friedrichsplatz 17, 68165 Mannheim, Germany. You can reach our Data Protection Officer at dataprotection@pxg-health-tech.eu or our postal address with the addition "Data Protection Officer”. 

Data processing for the provision of contractual services 

You can contact us via our website and our contact data to request contractual services. If you provide us with personal data this way or in another way with this purpose, we process your data for the answer of your requests, for the performance of the order/contract as well as for invoicing. We need your (company) name, your address data as well as your e-mail address.

 

These data are necessary to enter into a contract with us. In addition, we collect further data you provide within the contractual initiation or performance of the contract, which are not absolutely necessary for the performance of the contract, but which support the purpose and are useful for it, in particular to be able to provide better consulting services. For example, we may collect information about contact persons in your company (name, telephone number, e-mail address, department, position in the company) and information about your company (business sector, planned measures and budget plans, if you provide them). Depending on the order/contract, we may require additional data; we will inform you on a case-by-case basis. 

 

In the case of suppliers/service providers, we process the provided personal data to order and claim services and to pay for the services provided. For this we need the name, the name of your company (if different) the address data as well as the bank account data. We also use further data you provide in this way or another way for this purpose, but those data are not necessary to enter into a contract. Depending on the order/contract, we may require additional data; we will inform you on a case-by-case basis. The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. 

 

Data processing for communication with you 

In addition to the contract data, we process your communication data (names of contact persons, address, telephone number, fax number, e-mail address) in order to be able to contact you and communicate with you. Personal data that you provide to us by e-mail, by post or telephone will only be processed for correspondence with you or only for the purpose for which you have made the data available to us. The basis for this data processing is also Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Data processing for job applications 

You can send us applications for jobs and apprenticeships in our company via our website and the contact details provided there. For information on data processing for applications, please see our privacy policy for job applicants. 

Log files 

Every time our website is accessed, usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files. The data records stored in this way contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (originating URL from which you accessed the website), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or made anonymous after the end of use. No evaluation or analysis of the data, except for statistical purposes and then only in anonymous form, take place. No personal "surf profiles" or similar are created or processed. 

 

The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in ensuring data security on our website and in optimizing our website. 

Cookies 

We use so-called cookies. Cookies are small text files that are stored on a visitor's computer and contain data about the respective user in order to give him access to various functions. Both session cookies and permanent cookies are used on our website. A session cookie is temporarily stored on the computer you are using while navigating through the website. A session cookie is deleted as soon as you close your Internet browser or as soon as your session expires after a certain time. A permanent cookie remains on your computer until it is deleted. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences each time you visit our website. This saves you time and makes the use of our website more comfortable for you. The cookie serves only the purpose of improving usability. 

 

You can delete permanently installed cookies using your browser settings. Most browsers accept cookies automatically - so if you want to suppress the use of cookies, you may have to actively delete or block cookies or prevent the storage of cookies by setting your browser software. Please note, however, that if you refuse the use of cookies, you may still be able to visit our website, but some functions may be affected in their operation. 

 

The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in improving the design and usability of our website. 

Data processing for the purposes of legitimate interests 

We also process your data if it is necessary for purposes of legitimate interests of us or third parties. This may be the case in particular to guarantee IT security and IT operation, especially for support requests, to be able to understand and prove facts in case of legal disputes, for market and opinion surveys, to analyze the use of our website and/or to advertise other products from us or our cooperation partners. The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed afore. 

Data processing for the fulfilment of legal obligations 

In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). For this reason we collect e.g. your VAT number for contracts, as well as the VAT ID for international contracts. The basis for data processing is Art. 6 para. 1 s.1 lit. c GDPR, which permits processing for the fulfilment of a legal obligation. 

Categories of recipients of the personal data 

Your contract and communication data will be forwarded to the responsible office and the responsible employees within our company for answering your inquiries, for communication, for the execution of the order or for the fulfilment of contractual obligations.  If necessary for the purpose of contract processing or for the dispatch and delivery of products or for the provision of our services, data is passed on to partner companies that have been commissioned to support the contract processing.

 

Our partners commit themselves to comply with and observe the data protection regulations. Our partners are not permitted to use the data for any other purpose than the execution of the contract. The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. 

 

In the case of job applications, the applicant’s data will be forwarded to the responsible office and the responsible employees within our company. The basis for data processing is Art 88 GDPR, § 26 para. 1 BDSG which permits the processing of data for deciding on the grounds for the establishment, the establishment and the performance of employment relationships. 

 

In other cases your personal data will only be passed on or otherwise transferred to third parties outside our company if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent or if there is a legal basis or obligation for the transfer. Insofar as we make use of the services of third parties to carry out our services, we process personal data according to the provisions of the GDPR. Service providers who support us in providing our services to you are hosting providers, e-mail service providers, IT service providers, software-as-a-service providers, application management providers. 

Duration of data storage 

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep data for the period during which claims can be asserted against our company (statutory limitation period of three years until the end of the year). 

Data integrity 

Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our website and other systems using technical and organizational measures against unauthorized access, modification, distribution, destruction or loss of your data. Our security measures are constantly revised an improved in accordance with technical developments. However, we expressly point out that data transmission on the Internet has security gaps and cannot be completely protected against access by third parties, which applies in particular and above all to communication by e-mail. 

Links to third-party sites 

You will find links to third-party sites on our site. The respective site operators are responsible for the data processing there. Data processing begins as soon as you click on the respective link or follow the URL it contains. 

 

Our site contains links to the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The link is recognizable by the LinkedIn logo (white „in“ in a black circle). The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as the relevant rights can be found in LinkedIn's privacy policy:  

https://www.linkedin.com/legal/privacy-policy. 

 

Our site further contains links to the social network XING, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The link can be recognized by the logo (stylized "X"). The purpose and scope of the data collection and the further processing and use of the data by XING as well as the relevant rights and privacy settings for users can be found in XING's privacy policy: https://privacy.xing.com/en/privacy-policy 

 

Finally our site contains a link to the Instagram platform offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA The link is recognizable by the Instagram logo. The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as the related rights and privacy settings for users, can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/ 

Rights of the data subject 

You have the right to request information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. You may also have the right to restrict the processing of your data and to have the data you provided received back and also transmitted in a structured, common and machine-readable format. 

 

If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You also have the right to contact a data protection supervisory authority and lodge a complaint.  

 

Last review and update: August 2019