Information for customers and suppliers
The following information for our customers and suppliers is a translation of our information leaflet for customers and suppliers from our German website.
In case of contradictions between the information in German language and the English translation, the German information applies in case of doubt. The English translation is for informational purposes only.
Information on the use or handling of your data and your rights under the EU general data protection regulation (GDPR).
With these notes we inform you about the processing of your personal data and the rights to which you are entitled according to data protection. Which data is processed in detail and in which way is used depends decisively on the services provided and agreed
Responsible for the data processing and who you can get in contact with:
Responsible for data processing:
Inpac Medizintechnik GmbH
You can reach our data protection officer Stefan Hess at: email@example.com
What do we process your data for (purposes of processing) and on what legal basis do we do this?
We process personal data in compliance with the EU General Data Protection Regulation (GDPR) and all other relevant laws:
- For the fulfilment of contractual obligations (Art. 6 para. 1b) GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) is carried out to process orders, to prepare quotations and the corresponding pre-contractual measures, to provide services, to issue invoices and to deliver goods, to process reservations.
The purposes of the processing shall primarily depend on the service to be rendered by us.
- As part of the balancing of interests (Art. 6 para. 1f GDPR)
If necessary, we also process your data in order to protect legitimate interests of ourselves or third parties. This can be the case, for example, with:
- ensuring IT security and IT operations, including testing
- on the prevention and investigation of criminal offences
- for statistical purposes
- for credit assessments with credit agencies
- Based on your consent (Art. 6 para 1a) GDPR, Art. 9 para 2a) in conjunction with Art. 7 GDPR)
Insofar as we have your consent to the processing of personal data for certain purposes by you (e.g. advertising), the legality of this processing is given on the basis of your consent. Once consent has been given, it can be revoked at any time. It should be noted that the revocation is effective for the future. Processing that was carried out before this revocation is unaffected by this.
- Processing based on legal requirements (Art. 6 para. 1c) GDPR)
It may happen that we process your personal data to fulfil legal obligations. This includes, for example, commercial and tax retention periods and, if necessary, information to authorities.
To whom the data is passed on (categories of recipients):
Data processing within the company:
We have bundled certain data processing operations in our company. These are managed centrally by specialized divisions. Your data can be processed for example for customer service by telephone, invoice processing or mail processing.
External contractors and service providers (contract processors):
For the fulfilment of our tasks and the fulfilment of the contract we partly use external contractors and service providers. These can include, for example, document shredders, print service providers, logistics and IT service providers.
In addition, data may be passed on to recipients to whom we are obliged by law to disclose such data (e.g. criminal prosecution authorities and courts).
Duration of data storage:
If necessary, we process and store your personal data for the duration of our business relationship. This also includes the initiation and execution of a contract/order. In addition, we are subject to various storage obligations, including those arising from the German Commercial Code and Medical Device Directive. Finally, the storage period also results after the statutory limitation periods, which as a rule can be 3 years but also up to 30 years.
Transfer of data to third countries:
Data shall only be transferred to third countries (states outside the EU and the European Economic Area (EEA)) insofar as this is necessary for the execution of a contract/order/business relationship including initiation and only in compliance with the data protection requirements prescribed for this purpose.
You can use the contact data provided above to request information about the personal data stored about you. (Art. 15 GDPR). Under certain circumstances, you may also request that your data be corrected or deleted (Art. 16 and 17 GDPR). You have the right to request the restriction of the processing of your personal data (Art. 18 GDPR). In addition, you have the right to have the data provided by you published in a structured, common machine-readable format (Art. 20 GDPR).
Is there an obligation to provide data?
As part of a business relationship with us, you will generally only need to provide the information we need to establish, conduct or terminate that relationship. Without providing the necessary information, we may have to refuse to establish a business relationship or may not be able to do so, or may even have to terminate a business relationship.
Right of appeal:
You have the option of lodging a complaint with the data protection officer mentioned above or with a data protection supervisory authority.
Right of objection direct advertising:
You have the right to object to the processing of your personal data for direct marketing purposes.
If we process your data to safeguard legitimate interests, you may object to this processing if your particular situation gives rise to reasons that speak against data processing.