Privacy Policy

The operators of this website take the protection of your personal data very seriously. This Privacy Policy provides users with information about the type, purpose and extent to which the data controller Hydrosun Medizintechnik GmbH, Mauchener Strasse 14, 79379 Müllheim, Germany (hereinafter referred to as ‘HYDROSUN’) collects and processes personal data. You can access, save and print this Privacy Policy in its current version at any time on our website: www.hydrosun.de.

1. General information
• We hereby provide information about how we process personal data when you visit our website. ‘Personal data’ means any information which can be used to identify you as an individual and which can be traced back to you, for example, your name, your email address, your mailing address, your telephone number and user behaviour.
• In accordance with Art. 4 (7) EU General Data Protection Regulation (GDPR), the data controller is Hydrosun Medizintechnik GmbH, Mauchener Strasse 14, 79379 Müllheim, Germany (see our Legal Notice). You can contact our data protection officer at This email address is being protected from spambots. You need JavaScript enabled to view it. or by addressing our ‘Datenschutzbeauftragte’ (data protection officer) at our mailing address.
• In general, HYDROSUN only processes personal data as far as this is necessary to provide the contractual service. Personal data shall be processed on a regular basis only after obtaining the user’s consent. An exception occurs where it is not possible to obtain prior consent for factual reasons and the processing of the data is legally permitted.
• The data subject’s personal data is deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if this is provided for in national or EU regulations, laws or other legislation to which the controller is subject, or if a retention period prescribed by the aforementioned standards expires.
• We point out that transmitting data over the Internet (e.g. when communicating via e-mail) can pose security risks. It is not possible to offer complete protection of data against access by third parties.

2. Access to the website’s public area
Every time the HYDROSUN website is accessed, the user’s Internet browser automatically transmits data for technical reasons. HYDROSUN saves this data in the form of ‘server log files’. The following data is recorded:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• Anonymised client IP address

The legal basis for the temporary collection of data is Art. 6 (1) lit. f GDPR. This anonymous data is stored separately from personal information on secure systems and do not allow any conclusions to be made in connection with an individual person. The data collected is merely used for statistical evaluations for the purpose of operating, securing, modifying and optimising the website. These interests are considered legitimate within the meaning of Art. 6 (1) lit. f GDPR. Comparison with other data or a transfer to third parties, even parts thereof, shall not occur. Data is also not analysed for marketing purposes. HYDROSUN retains the right to subsequently check the server log files, should concrete evidence point to unlawful use. Data shall be deleted as soon as it is no longer required for achieving the purpose for which it was collected. There is no possibility of objection on the part of the user.

3. Access to the non-public specialist area
Our website contains certain areas which are not accessible to the public and which may only be accessed by medical professionals. This non-public area can only be accessed via the ‘DocCheck’ identification service.

DocCheck is an identification service offered by DocCheck Medical Services GmbH, Vogelsanger Strasse 66, 50823 Cologne, Germany (‘DocCheck’). In order to log in via DocCheck, you need the appropriate authorisation to access DocCheck. To log into and use our non-public specialist area, you enter your DocCheck login details. If you do not yet have any access data, you must first register with DocCheck. A DocCheck password is used to uphold legal requirements which require access to be restricted to specific medical professionals for certain information. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

The entire login/registration process is carried out exclusively on DocCheck servers. No personal data shall be shared with us unless you have expressly given your consent for the dissemination of data (e.g. in DocCheck Personal Information). HYDROSUN does not save your access data. In this respect, as the data controller, DocCheck is also responsible for processing your access data for the purposes of the identification service. The identification service is exclusively offered and operated by DocCheck. HYDROSUN therefore has no influence over how DocCheck uses collected data (e.g. user ID, your IP address, the website IDs of the respective partner websites which you logged into and the date). Please note that HYDROSUN has no possibility to view or check your access data. Only the agreements concluded between you and DocCheck shall apply when using DocCheck. You should check the DocCheck Privacy Policy before using the corresponding DocCheck functionalities. For more information about how DocCheck collects and uses your data and about your rights in this regard, please visit http://info.doccheck.com/en/privacy/ .

4. Handling of contact data – contacting HYDROSUN
If you contact HYDROSUN via e-mail, the information (e.g. name, e-mail, message) that you provide shall be saved so that it can be used to process and answer your request. This data shall not be disclosed to third parties without your consent. Personal data provided by you in connection with this contact request shall only be used and stored for the purposes of processing and documenting your request. The processing of data for the purpose of making contact with us takes place in accordance with Art. 6 (1) lit. f GDPR on the basis of a legitimate interest. If your request concerns the conclusion of a contract, this hereby represents an additional legal basis for the processing in accordance with Art. 6 (1) lit. b GDPR. Once your request has been finally processed, the data you provided shall be deleted, as long as no other legal requirements to store this data require otherwise.

5. Use of cookies
Cookies are used to enhance the user-friendliness of the website. They are small text files which are stored on your end device and which are accessed by your browser. The use of cookies increases the user-friendliness and security of this website. Many browsers offer the setting option not to allow cookies or at least restrict their use. However, please note that if you do this, you may not be able to fully use the website. A distinction is made between session and permanent cookies. A cookie is used to store information that is related to the specific end device used. However, this does not mean that we are immediately able to obtain direct knowledge of your identity from this information. Cookies are used in order to make using our website more convenient for you. Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted after your visit to the site. Other cookies remain stored on your end device until you delete them. These cookies allow us to recognise your browser during your next visit. You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept cookies. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them in general, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website. The data processed by cookies are required for the purposes mentioned, in order to protect our legitimate interests and those of third parties pursuant to § 6 (1) (1) lit. f GDPR. The following cookies are used:

• Cookie for storing the language selection (German, English, French):
This cookie ensures that the visitor is always guaranteed the website language version he/she has selected. This setting remains active until the visitor selects a different language. The language cookie is valid for one year. Visitor activities shall neither be evaluated nor shall data be merged with other data sources.

• Cookie for saving user registration/login
This cookie is used to temporarily store whether or not a user is registered for the password-protected specialist area. It expires at the end of the session (so-called session cookies), meaning it will be deleted as soon as the user exits or closes his/her browser. Visitor activities shall neither be evaluated nor shall data be merged with other data sources.

• DocCheck of Doc Check Community GmbH
We would like to point out that DocCheck also uses so-called ‘cookies’. The information generated by these cookies shall only be transmitted to DocCheck’s servers and not be shared with the website operator or other third parties. Data is not transferred to countries outside the EU.

Cookie 1 Cookie 2
Doccheck_user_id Doccheck_scu_data
Enables single sign-on for all DocCheck logins. Serves to provide suitable content based on pseudonymised characteristics (e.g. profession, country, language).
Duration = 1 session Duration = 1 year

 

6. User rights
If your personal data is processed, you are the data subject within the meaning of GDPR and you have the right to lodge a complaint with a supervisory authority, as well as the following rights vis-a-vis the data controller:

• Right to information: You have the right to request information be provided free of charge about the nature, extent and source of your personal data that has been stored, the categories of recipients to whom your data has been disclosed, and the purpose and intended duration of the storage.
• Right to rectification: You have the right to have incorrect data rectified and/or completed provided that the personal data processed concerning you is inaccurate or incomplete. The controller must rectify the data without delay.
• Right to restriction of processing: You may request the restriction of the processing of your personal data, provided that the accuracy of the data concerning you is disputed for a period of time and you refuse to delete the personal data and instead request the restriction of the use of personal data; or the controller no longer needs the personal data for the purpose of the processing but you need it for the assertion, exercise or defence of legal claims, or if you have objected to the processing under Article 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
• Right to erasure: You may request that your personal data be erased without delay if you have objected or revoked consent to the storage of this data, and there is no other legal basis for processing; or if the knowledge of the personal data is no longer necessary to fulfil the purpose for which the data was stored or if the storage is inadmissible for other legal reasons. Among other things, the right to erasure does not exist if the processing is necessary for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal rights.
• Right to information: If you have exercised your right to have the controller rectify, erase or restrict processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves to be impossible or requires a disproportional amount of effort. You have the right to be informed about these recipients by the controller.
• Right to data portability: You have the right to receive your personal data that you have provided to the controller in a structured, common and machine-readable format or to request its transfer to another controller. Freedoms and rights of other persons must not be affected by this.
• Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data under Article 6 (1) lit. e or f GDPR, in accordance with Article 21 of GDPR; this also applies to profiling based on these provisions.
• Right to revoke the declaration of consent for data protection purposes: You have the right to revoke your declaration of consent for data protection purposes at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent prior to the revocation.

7. Data security
HYDROSUN takes technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction, misuse or access by unauthorized persons or against unauthorized disclosure. Our security measures are regularly reviewed and adapted in line with technological development. Data transmitted between our server and your end device is encrypted (HTTPS protocol). Please note, however, that no online transmission of data is ever entirely secure or error-free. Please take this into account when using HYDROSUN services.

8. Up-to-dateness and amendment of this Privacy Policy
Due to the further development of our services or due to revised legal or regulatory requirements, it may be necessary to change this Privacy Policy. The current Privacy Policy can be accessed and printed at any time via the user portal or on the website at www.HYDROSUN.de. To exercise your rights or to make suggestions and/or complaints regarding the processing of your personal data, please contact the following address.

HYDROSUN GmbH
‘Der Datenschutzbeauftragte’ (The Data Protection Officer)
Mauchener Strasse 14
79379 Müllheim
Germany
This email address is being protected from spambots. You need JavaScript enabled to view it.
Last updated: January 2019