Nephro-Med Logo

Privacy Policy

Table of Contents

Controller

NEPHRO-MED GMBH
Königstraße 35, 70173 Stuttgart, Germany

Authorized Representatives: Mr. Andrew Schilling

Email address: info@nephro-med.com

Phone: +49 713 5305 9984

Imprint: https://nephromed-eu.com/

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • • Inventory data
  • • Payment data
  • • Location data
  • • Contact data
  • • Content data
  • • Contract data
  • • Usage data
  • • Meta, communication and procedural data
  • • Log data

Categories of Data Subjects

  • • Service recipients and clients
  • • Prospective customers
  • • Communication partners
  • • Users
  • • Business and contractual partners

Purposes of Processing

  • • Provision of contractual services and fulfillment of contractual obligations
  • • Communication
  • • Security measures
  • • Reach measurement
  • • Tracking
  • • Office and organizational procedures
  • • Conversion measurement
  • • Target group formation
  • • Organizational and administrative procedures
  • • Feedback
  • • Marketing
  • • Profiles with user-related information
  • • Provision of our online services and user-friendliness
  • • Information technology infrastructure
  • • Public relations
  • • Business processes and business management procedures

Relevant Legal Bases

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, ensuring availability and separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and responses to data threats. In addition, we take the protection of personal data into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transmission of Personal Data

As part of our processing of personal data, it may happen that this data is transmitted to or disclosed to other entities, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Rights of Data Subjects

Business Services

We process data of our contract and business partners, e.g. customers and prospective customers (collectively referred to as 'contractual partners'), within the framework of contractual and comparable legal relationships as well as associated measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies for warranty and other service disruptions. Furthermore, we use the data to protect our rights and for the purpose of administrative tasks associated with these obligations as well as corporate organization. Furthermore, we process the data based on our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, for example for marketing purposes, within the framework of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during the data collection, e.g. in online forms, through special markings (e.g. colors) or symbols (e.g. asterisks or similar), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e. basically after four years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal reasons of archiving (for example for tax purposes, usually ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and basically after the end of the order.

Provision of Online Services and Web Hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, shopping cart content in an e-shop, the accessed content or functions used in an online offer. Cookies can also be used for various purposes, such as functionality, security and convenience of online offers, as well as creating analyses of visitor flows.

We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Permission is not necessary in particular if storing and reading the information, including cookies, is absolutely necessary to provide users with a telemedia service they have expressly requested (i.e. our online service). Revocable consent is clearly communicated to them and contains information about the respective cookie use.

The data protection legal basis on which we process users' personal data with the help of cookies depends on whether we ask them for consent. If users accept, the legal basis for using their data is the declared consent. Otherwise, the data used with the help of cookies is processed on the basis of our legitimate interests (e.g. in economical operation of our online service and improvement of its usability) or, if this is done within the framework of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which we use cookies in the course of this privacy policy or as part of our consent and processing processes.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

  • Temporary cookies: Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g. when obtaining consent), they should assume that they are permanent and the storage duration can be up to two years.

Users can revoke their consent at any time and also declare an objection to processing in accordance with legal requirements, including through the privacy settings of their browser.

Contact and Inquiry Management

When contacting us (e.g. by mail, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent that this is necessary to answer the contact inquiries and any requested measures.

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as 'reach measurement') is used to evaluate visitor flows to our online service and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online service or its functions or content are used most frequently, or invite reuse. Likewise, we can understand which areas require optimization.

In addition to web analytics, we can also use test procedures to test and optimize different versions of our online service or its components.

Online Marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as 'content') based on potential interests of users, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called 'cookie') or similar procedures are used, by means of which the information relevant to the display of the aforementioned content about the user is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information about usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

Social Media Presence

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, enforcement of user rights could be more difficult.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as 'third-party providers'). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as 'content').

The integration always presupposes that the third-party providers of this content process the IP address of users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content or functions. We strive to use only such content whose respective providers use the IP address only to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. The 'pixel tags' can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time and other information about the use of our online service, but can also be linked to such information from other sources.