Search:
HOME Service Data privacy policy

Service

contact us


________________________________________________


DJM Medical Instrument GmbH –

DATA PRIVACY POLICY


________________________________________________



This policy provides you with information about which data we collect for what purpose when you visit our website at www.djmiot.com and use our services. The policy also tells you how we use such data. The protection of your personal data and your privacy is very important to us. We comply with the provisions of German data protection law.


1.         Controller body and contact information

The responsible authority within the meaning of the General Data Protection Regulation (GDPR) is:

DJM Medical Instrument GmbH

Halskestr. 21,47877 Willich

Tel.: +49 (0) 2151 8864488

Email: info@djmiot.com

Data Protection Officer:      [Contact data]

If you have questions about data protection or if you wish to exercise your rights or to file a claim concerning your personal data, you are welcome to contact us via the contact details provided above.


2.         Encryption

Our website uses TLS encryption for security reasons and to protect the data that you transmit to us as a site operator. The code “https://” in the address bar and the lock icon show you that the connection for using our website is encrypted.

If TLS encryption is enabled, then the data that you transmit to us cannot be read by third parties.


3.        Personal data

“Personal data” in terms of the GDPR means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


4.        Data collection, processing, and use of personal data on our website

a)    Automatically collected data

When you visit our website http://www.djmiot.com, the web server automatically records anonymised information about your visit that cannot be attributed to any specific person in log files in accordance with Art. 6 (1), point (f) GDPR. This data includes

  • the browser type and version
  • the operating system that is used
  • the Referrer URL (previously visited site)
  • the IP address of the requesting computer,
  • access date and time of the server request, and
  • the file request of the client (file name and URL).


These data are only collected for statistical purposes and for security reasons (e.g., in order to investigate misuse and fraudulent acts), and they are stored for a period of seven days and erased thereafter. Data that need to be stored as evidence for a longer period is excluded from erasure until the respective incident has been clarified.


b)    Order

It is in principle possible to visit our website without having to provide personal data yourself.


If you register or place an order, we will collect, process, and use the personal data that you provide in accordance with Art. 6 (1), point (b) GDPR in order to fulfil our contractual obligations and to provide you with our services. The information that we need to collect in order to provide you with these services is marked as mandatory in form fields. All other information may be provided on a voluntary basis.


In order to conclude and process contracts and orders, depending on the individual case we require contact information such as name, delivery address, billing address, and e-mail address as well as information about the type of payment method that you have chosen. In addition, we use your data to maintain our customer database so that only relevant data is stored there. In order to avoid typos and to ensure that your ordered items arrive at your location, we will check the completeness and correctness of your address when you enter it.


c)    Use of contact form/product inquiries

By using our contact form, we will collect your name, email address, company name, and phone number based on Art. 6 (1), point (b) in order to carry out (pre)contractual obligations or to fulfil other measures. These personal data provided by you when you make a customer request are used only for the purpose of replying to your question or for contacting you and for the associated technical administration work. Such data is not forwarded to third parties.


If you have given us your consent to store the personal data concerning you, you have the right to withdraw such consent for future processing at any time. In this case, the personal data concerning you will be erased without delay.


We will also erase the personal data concerning you without you withdrawing your consent when we have dealt with your request or if you withdraw the consent to storage given in this context. The same applies if storage is inadmissible for other legal reasons.


5.         Cookies

In order to make the use of our websites generally more user-friendly and effective, we store cookies on the hard disks of customers either ourselves or through the use of third-party services that we have hired on the basis of our legitimate interests in accordance with Art. 6 (1), point (f) GDPR.


A cookieis a small text file that is used to record information on how a website is used among other things. Such cookies can neither run programs nor infect your computer with viruses. They do not contain any personal data, cannot be attributed to identified persons and are automatically deleted after one year at the latest, unless otherwise stated. Data thus collected is not combined with other data sources.


Our website can also be used without cookies. You can deactivate cookies in your browser settings, limit them to certain websites or request your browser to inform you whenever a cookie is transmitted. You can also delete cookies from your computer hard disk at any time.


6.        Data storage at the time of use

a)    We also collect and store information provided to us by third parties based on your consent in accordance with Art. 6 (1), point (a) GDPR. This provision also concerns data that are collected during the use of medical equipment that is operated by a doctor and is sold by us. This includes:


  • A photograph of your skin, where your entire face is visible
  • Your gender
  • Your age

It is not required to provide additional information. The data are collected by the medical device and when it is used to create photographs.


b)    We use the indicated data in accordance with Item 6. a) for the preparation of analyses and to check and improve our service and the functionality of our devices.


7.        Disclosure of personal data to third parties and processors

a)    Your personal data is otherwise transmitted in accordance with Art. 6 (1), point (b) GDPR whenever it is required in order to perform and fulfil contractual obligations, e.g., to parcel delivery companies such as DHL, Hermes, dpd or to payment service providers such as PayPal, Klarna or Master Card. In these cases, we strictly comply with the requirements of data protection laws. The scope of the data that is transmitted is kept to the minimum necessary (for example, name and delivery address for delivery service providers). Our contractual partners may only use the data transmitted in this way for purposes of fulfilling the contract.


b)    In addition, we will only transmit data on the basis of your express consent (Art. 6 (1), point (a) GDPR), if such transfer of data is allowed under a legal obligation (Art. 6 (1), point (c) GDPR) or on the basis of our legitimate interests (Art. 6 (1), point (f) GDPR, e.g., when contracting with agents, web hosting providers, etc.).


Hosting services can be used to provide infrastructure and platform services,    computing capacity,   disk space,    database services, and security and technical maintenance services. We, or rather our hosting provider, process personal data, contact information, content data, contract data, usage data, the metadata and communication data of customers, prospects and visitors to this online offering on the basis of our legitimate interests to efficiently and securely maintain this online offering in accordance with Art. 6 (1), point (f) GDPR. A third party may process data within the scope of an approved data processing relationship on the basis of Art. 28 GDPR.


c)    Data transfer with credit check

When we conduct credit checks, we exchange address and credit data with credit service companies (e.g., in the case of direct debit transfers) in accordance with Art. 6 (1), point (f) GDPR in justified cases. Service providers will only have access to such personal information when it is required to perform the respective activity.


d)    If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if we process or disclose data as part of a relationship with third party services, or if we disclose or transmit data to third parties, then this will only be done in order to fulfil our (pre)contractual obligations (Art. 6 (1), point (b) GDPR), on the basis of your consent (Art. 6 (1), point (a) GDPR), due to a legal obligation (Art. 6 (1), point (c) GDPR) or on the basis of our legitimate interests (Art. 6 (1), point (f) GDPR). Subject to legal or contractual approval, we process or allow data to be processed in a third country only if the special conditions specified under Art. 44 et seq. GDPR are satisfied. In other words, data processing is conducted on the basis of specific guarantees, such as ensuring an officially recognized level of data protection (e.g., processing data in the U.S. under the Privacy Shield Framework) or complying with officially recognized special contractual obligations (so-called ‘standard contractual clauses’).


8.        Your rights

Please do not hesitate to contact us using the contact details in item 1 at any time if you have questions regarding your rights and other topics surrounding personal data.


You have the following rights:

a)    Right of access

You have the right to request, free of charge at any time, information regarding the personal data concerning you that are stored by us, the origin and recipients of such data, the purpose of data processing, the planned duration of data storage and a copy of the personal data that are being processed (Art. 15 GDPR).


b)    Right to rectification

You further have the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed (Art. 16 GDPR).


c)    Right to withdraw consent

You have the right to withdraw, without stating reasons, your consent to data processing at any time with effect to future processing (Art. 7 (3) GDPR.


d)    Right to erasure

You have the right to obtain erasure of personal data concerning you without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if you withdraw your consent to lawful processing and there are no other legal grounds for the processing. If you object to data processing and there are no overriding legitimate grounds for the processing, your data will also be erased. The data will in any case be erased if the processing is unacceptable for other legal reasons (Art. 17 GDPR).


e)    Right to restriction of processing

You have the right to obtain restriction of processing if you contest the accuracy of the personal data for a period of time that enables us to review the accuracy.


Data processing is also restricted if processing is unlawful but you refuse erasure of the personal data concerning you and instead of requesting erasure, you request restriction of processing, or if we no longer need the personal data for the corresponding purposes, but we need them for the establishment, exercise or defence of legal claims, or if you had previously objected against processing but it has not yet been established whether DJM Medical Instrument GmbH has legitimate grounds to store the personal data that override your interests (Art. 18 DSGVO).


f)    Right to data portability

You have the right to receive the personal data concerning you that you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller where the processing is based on consent and the data is processed by automated means (Art. 20 GDPR).


g)    Right to object

You have the right to object at any time to the compilation of user profiles and to the processing of corresponding personal data concerning you where processing is based on consent in accordance with Art. 6 (1), point (e) or (f) GDPR. The personal data concerning you will no longer be processed provided that no compelling legitimate grounds override your interests, rights and freedoms. Where the personal data concerning you is processed for direct marketing purposes, you likewise have the right to object to such processing at any time (Art. 21 GDPR).


h)    Right to lodge a complaint

You further have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).


9.        Data deletion

We erase your personal data concerning you without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if you withdraw your consent to lawful processing and there are no other legal grounds for the processing.


If the data are not erased because they are needed for other and legally admissible purposes, the processing of such data is restricted, meaning that the data are made unavailable to users and are not processed for other purposes. This applies, for instance, to data that are subject to preservation periods under commercial law or tax law.



info@djmiot.com
Skype
+00 49 2154 8864488
LINK: LINK LINK LINK LINK LINK