Mauchener Strasse 14
Tel.: +49 7631 36632-0
Data protection statement
1. General information
• We hereby provide information about how we process personal data when you visit our website. ‘Personal data’ means any information which can be used to identify you as an individual and which can be traced back to you, for example, your name, your email address, your mailing address, your telephone number and user behaviour.
• In general, HYDROSUN only processes personal data as far as this is necessary to provide the contractual service. Personal data shall be processed on a regular basis only after obtaining the user’s consent. An exception occurs where it is not possible to obtain prior consent for factual reasons and the processing of the data is legally permitted.
• The data subject’s personal data is deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if this is provided for in national or EU regulations, laws or other legislation to which the controller is subject, or if a retention period prescribed by the aforementioned standards expires.
• We point out that transmitting data over the Internet (e.g. when communicating via e-mail) can pose security risks. It is not possible to offer complete protection of data against access by third parties.
2. Access to the website’s public area
Every time the HYDROSUN website is accessed, the user’s Internet browser automatically transmits data for technical reasons. HYDROSUN saves this data in the form of ‘server log files’. The following data is recorded:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• Anonymised client IP address
The legal basis for the temporary collection of data is Art. 6 (1) lit. f GDPR. This anonymous data is stored separately from personal information on secure systems and do not allow any conclusions to be made in connection with an individual person. The data collected is merely used for statistical evaluations for the purpose of operating, securing, modifying and optimising the website. These interests are considered legitimate within the meaning of Art. 6 (1) lit. f GDPR. Comparison with other data or a transfer to third parties, even parts thereof, shall not occur. Data is also not analysed for marketing purposes. HYDROSUN retains the right to subsequently check the server log files, should concrete evidence point to unlawful use. Data shall be deleted as soon as it is no longer required for achieving the purpose for which it was collected. There is no possibility of objection on the part of the user.
3. Access to the non-public specialist area
Our website contains certain areas which are not accessible to the public and which may only be accessed by medical professionals. This non-public area can only be accessed via the ‘DocCheck’ identification service.
DocCheck is an identification service offered by DocCheck Medical Services GmbH, Vogelsanger Strasse 66, 50823 Cologne, Germany (‘DocCheck’). In order to log in via DocCheck, you need the appropriate authorisation to access DocCheck. To log into and use our non-public specialist area, you enter your DocCheck login details. If you do not yet have any access data, you must first register with DocCheck. A DocCheck password is used to uphold legal requirements which require access to be restricted to specific medical professionals for certain information. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
4. Handling of contact data – contacting HYDROSUN
If you contact HYDROSUN via e-mail, the information (e.g. name, e-mail, message) that you provide shall be saved so that it can be used to process and answer your request. This data shall not be disclosed to third parties without your consent. Personal data provided by you in connection with this contact request shall only be used and stored for the purposes of processing and documenting your request. The processing of data for the purpose of making contact with us takes place in accordance with Art. 6 (1) lit. f GDPR on the basis of a legitimate interest. If your request concerns the conclusion of a contract, this hereby represents an additional legal basis for the processing in accordance with Art. 6 (1) lit. b GDPR. Once your request has been finally processed, the data you provided shall be deleted, as long as no other legal requirements to store this data require otherwise.
• Cookie for storing the language selection (German, English, French):
This cookie ensures that the visitor is always guaranteed the website language version he/she has selected. This setting remains active until the visitor selects a different language. The language cookie is valid for one year. Visitor activities shall neither be evaluated nor shall data be merged with other data sources.
• Cookie for saving user registration/login
This cookie is used to temporarily store whether or not a user is registered for the password-protected specialist area. It expires at the end of the session (so-called session cookies), meaning it will be deleted as soon as the user exits or closes his/her browser. Visitor activities shall neither be evaluated nor shall data be merged with other data sources.
• DocCheck of Doc Check Community GmbH
We would like to point out that DocCheck also uses so-called ‘cookies’. The information generated by these cookies shall only be transmitted to DocCheck’s servers and not be shared with the website operator or other third parties. Data is not transferred to countries outside the EU.
Cookie 1 Cookie 2
Enables single sign-on for all DocCheck logins. Serves to provide suitable content based on pseudonymised characteristics (e.g. profession, country, language).
Duration = 1 session Duration = 1 year
6. User rights
If your personal data is processed, you are the data subject within the meaning of GDPR and you have the right to lodge a complaint with a supervisory authority, as well as the following rights vis-a-vis the data controller:
• Right to information: You have the right to request information be provided free of charge about the nature, extent and source of your personal data that has been stored, the categories of recipients to whom your data has been disclosed, and the purpose and intended duration of the storage.
• Right to rectification: You have the right to have incorrect data rectified and/or completed provided that the personal data processed concerning you is inaccurate or incomplete. The controller must rectify the data without delay.
• Right to restriction of processing: You may request the restriction of the processing of your personal data, provided that the accuracy of the data concerning you is disputed for a period of time and you refuse to delete the personal data and instead request the restriction of the use of personal data; or the controller no longer needs the personal data for the purpose of the processing but you need it for the assertion, exercise or defence of legal claims, or if you have objected to the processing under Article 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
• Right to erasure: You may request that your personal data be erased without delay if you have objected or revoked consent to the storage of this data, and there is no other legal basis for processing; or if the knowledge of the personal data is no longer necessary to fulfil the purpose for which the data was stored or if the storage is inadmissible for other legal reasons. Among other things, the right to erasure does not exist if the processing is necessary for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal rights.
• Right to information: If you have exercised your right to have the controller rectify, erase or restrict processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves to be impossible or requires a disproportional amount of effort. You have the right to be informed about these recipients by the controller.
• Right to data portability: You have the right to receive your personal data that you have provided to the controller in a structured, common and machine-readable format or to request its transfer to another controller. Freedoms and rights of other persons must not be affected by this.
• Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data under Article 6 (1) lit. e or f GDPR, in accordance with Article 21 of GDPR; this also applies to profiling based on these provisions.
• Right to revoke the declaration of consent for data protection purposes: You have the right to revoke your declaration of consent for data protection purposes at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent prior to the revocation.
7. Data security
HYDROSUN takes technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction, misuse or access by unauthorized persons or against unauthorized disclosure. Our security measures are regularly reviewed and adapted in line with technological development. Data transmitted between our server and your end device is encrypted (HTTPS protocol). Please note, however, that no online transmission of data is ever entirely secure or error-free. Please take this into account when using HYDROSUN services.
‘Der Datenschutzbeauftragte’ (The Data Protection Officer)
Mauchener Strasse 14
Last updated: January 2019