Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by Ziehm Imaging GmbH and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.
Ziehm Imaging GmbH
Lina-Ammon-Strasse 10
90471 Nuremberg
0049 911 66067 – 0
info@ziehm.com
www.ziehm.com
We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
If you wish to assert any of these rights, please contact: Web-Datenschutz@ziehm.com. Please use the same contact details if you have any questions about data processing in our company or if you wish to revoke a consent you have previously given. You also have the right to file a complaint with a data protection supervisory authority.
When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: Web-Datenschutz@ziehm.com.
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions. We will then cease to process your
personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
We process the following personal data within the framework of the contractual relationship and for the initiation of a business relationship:
As a matter of principle, we collect your personal data directly from you within the framework of current contractual transactions and the underlying relationship or in the framework of the initiation of a business relationship. In certain constellations, your personal data may exceptionally also be collected from other sources.
In the IT-environment, Ziehm Imaging GmbH uses, inter alia, services of Microsoft Corporation. When using the IT-systems, the following categories of data might be processed:
These categories of data are being collected systemically from you as a data subject. Further information on processing of personal data regarding specific IT-systems can be provided to you on request.
Within the scope of our online-meetings via Microsoft Teams, we process the following categories of personal data:
Please be aware, that we are not responsible for any further data processing e.g. the access to the MS-Teams-Website and/or the installation of the MS-Teams-App.
Microsoft reserves the right to process customer data for its own business purposes. We have no control over these data processing activities by Microsoft. To the extent that Microsoft Teams processes personal data in connection with business purposes, Microsoft is the independent data controller for those data processing activities and as such is responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement.
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.
Your consent also constitutes a legal basis. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers.
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer.
Compliance with the data protection level is ensured by: e.g. EU standard contractual clauses/ binding corporate rules, etc..
When selecting service providers, we make the attempt to use European service providers (service providers within the European Economic Area). However, this is not always possible - for example, in the case of Microsoft. If service providers from third countries are used, we take measures to ensure that the configuration is as restrictive as possible.
For our training we use Microsoft Teams. In the case of Microsoft, for example, data processing in Europe is agreed upon. In addition, the configuration is restricted by IT experts and individual processing operations are coordinated with the data protection officer.
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website and always use the current encryption protocols. In addition, we offer our users content encryption in our contact forms and applications. We alone can decrypt this data. It is also possible to use alternative communication channels (e.g. surface mail).
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.
We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.
The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or submit a complaint.
Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when making a contact request.
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.
In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you do not contact us using the forms provided, no additional data will be collected.
We do not use any automated decision-making.