Privacy

Data protection

Welcome to our website. We are delighted with the interest you have shown in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal requirements on the protection of personal data, in particular the EU’s General Data Protection Regulation (GDPR) as well as the country-specific implementing laws which apply to us. The purpose of this privacy policy is to inform you in detail about the processing of your personal data by Ziehm Imaging GmbH and the rights to which you are entitled.
“Personal data” means any information which enables a natural person to be identified. This includes, in particular, a person’s name, date of birth, address, phone number, email address and also IP address.
“Anonymous data” is data which enables no link of any nature whatsoever to be made to the user.

Controller and Data Protection Officer

Ziehm Imaging GmbH
Lina-Ammon-Strasse 10
90471 Nuremberg
0049 911 66067 – 0
info@ziehm.com
www.ziehm.com

Contact details of the Data Protection Officer:

Web-Datenschutz@ziehm.com

Your rights as a data subject

We would first like to inform you of your rights as a data subject. Your rights are set out in Articles 15 - 22 GDPR. These include:
The right of access (Article 15 GDPR),
The right to erasure (Article 17 GDPR),
The right to rectification (Article 16 GDPR),
The right to data portability (Article 20 GDPR),
The right to the restriction of data processing (Article 18 GDPR),
The right to object to data processing (Article 21 GDPR).

If you wish to assert any of these rights, please contact: Web-Datenschutz@ziehm.com. Please use the same contact details if you have any questions about data processing in our company or if you wish to revoke a consent you have previously given. You also have the right to file a complaint with a data protection supervisory authority.

Rights to object

Please note the following in connection with your rights to object:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling to the extent that it is related to the direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer use your data for these purposes. The objection is free of charge and does not require any specific form. Please send your objection if at all possible to: Web-Datenschutz@ziehm.com.
In the event that we process your data for the furtherance of legitimate interests, you can object at any time to the processing for reasons arising from your specific situation; this also applies to profiling based on these provisions (Article 6(1), letters e) and f) GDPR.
We will then no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing is in support of the assertion, exercise or defense of legal claims.

Purpose and legal basis of the data processing

The provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutsgesetz) (new version) as well as all other applicable provisions of data protection law are observed when your personal data is processed. The legal basis for data processing is, in particular, Article 6 GDPR.
We use your data for the initiation of business transactions, to meet contractual and legal obligations, in the performance of contracts, to offer products and services, to strengthen our relationship with customers - something which can also include analyses for marketing purposes and direct advertising.
Your consent also constitutes the consent required under data protection law. We would now like to explain to you the purposes of data processing and your right of objection. If the consent also relates to the processing of particular categories of personal data, we will make you clearly aware of this in the consent.
Particular categories of personal data within the meaning of Article 9(1) GDPR are only processed if processing is needed as a result of legal requirements and there are no grounds for assuming that your legitimate interest overrides the prohibition of processing.

Transfers to third parties

We will only transfer your data to third parties within the bounds set by law or with your appropriate consent. Apart from the above, no data are transferred to third parties unless we are obliged to do so by mandatory provisions of law (the transfer of data to external bodies such as supervisory authorities or law enforcement agencies).

Data recipients/categories of recipients

Within our company we make sure that your data is only disclosed to persons who need this data to meet contractual or legal obligations.
In many cases service-providers support our departments in the performance of their tasks. The contract necessary under data protection law has been concluded with all service-providers.
If necessary your personal data is transferred to service providers
•    who process data in the course of services they perform (e.g. IT service providers for maintenance activities and for the administration of user identities, shipping services, transport, payment services and dealers)

•    and for the collection of data about applicants by the service provider Umantis. We have also concluded a data processing agreement with Umantis. You will find their privacy policy at: https://recruitingapp-5351.de.umantis.com/Vacancies/DataProtection?CompanyID

Transfers to third countries / purpose of transfer to third countries

Data is only transferred to third countries (i.e. countries outside the European Union and the European Economic Area) to the extent that this is necessary for the performance of a contractual obligation, is required by law or you have given us your consent for this transfer.

We transfer your personal data to a service-provider or to a Group company outside the European Economic Area, to be specific, to the USA and Switzerland.
For the purpose of contract processing we also use merchants who are responsible for the execution of orders and delivery of products. Depending on the order and the product, these are based in various countries, some of which can be third countries.

Compliance with the level of data protection is guaranteed, for example by standard EU contractual clauses / binding corporate data protection specifications.

Data retention period

We store your data for the time needed for the relevant processing purpose. Please note that there are many retention obligations which require data to be stored for a longer period. This relates in particular to retention obligations under commercial or tax law (e.g. the German Commercial Code (Handelsgesetzbuch) or the German Fiscal Code (Abgabenordnung) etc). In the absence of retention obligations to the contrary, the data is routinely deleted after the purpose of the processing has been achieved.
In addition, we can retain data if you have granted your permission for us to do so or in the event of a legal dispute and we use the evidence in the framework of legal limitation periods that can extend for up to thirty years; the standard limitation period is three years.

Secure transfer of your data

We employ the relevant technical and organizational security measures to protect data we save against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security level is continually examined in collaboration with security experts and is amended in line with new security standards.
Data exchanged from and to our website is encrypted. We use HTTPS as the transfer protocol for our website and always apply the latest encryption protocols. When using our contact forms we always offer content encryption to our users. Only we are able to decrypt this data. Alternative methods of communication are also possible (e.g. ordinary mail).

Obligation to provide data

A range of personal data is needed for the establishment, implementation and termination of the legal obligation and the performance of the associated contractual and legal obligations. The same applies to the use of our website and the various functions which this provides.
We have collected details on this matter for you in the section “Purposes and legal basis of the data processing”. In certain cases data must also be collected or provided by reason of the provisions of law. Please note that your inquiry cannot be processed or the underlying obligation performed if this data is not provided.

Categories, sources and origin of the data

The specific context determines the data we process: this depends, for example, on whether you are placing an order or submitting an inquiry via our contact form, or sending an application or a complaint to us.
Please note that we sometimes also make information for specific processing situations available at the appropriate place, for example when uploading application documents or in a contact request.

We collect and process the following data when you visit our website:

-    The name of the Internet service-provider
-    Information on the website from which you visit us
-    The web browser and operating system you use
-    The IP address allocated by your Internet service-provider
-    The files you request, the volume of data transmitted, downloads/file(s) exported
-    Information about the web-pages you visit, including the date and time
-    For reasons relating to technical security (in particular to protect our web-server against attempted attacks) this data is saved as permitted by Article 6(1), letter f) GDPR. The data is anonymized by abbreviating the IP address not later than 7 days after collection so that no link can be traced to the user.

We collect and process the following data during contact queries:

-    Subject (optional)
-    Form of address (optional)
-    Given name (optional)
-    Family name (obligatory)
-    Email (obligatory)
-    Phone (optional)
-    Country (obligatory)
-    Company (obligatory)
-    Street (optional)
-    House number (optional)
-    Post code (optional)
-    Town/city (optional)
-    Region (optional)

We collect and process the following data during on-line applications:

-    Form of address (obligatory)
-    Academic title (optional)
-    Family name, given name (obligatory)
-    Email address (obligatory)
-    Address (optional)
-    Phone /cell phone (optional)
-    Information about how we came to your attention (obligatory)
-    Expected salary (obligatory)
-    Earliest starting date (obligatory)
-    Required starting position (obligatory)
-    Required company division (obligatory)
-    Required type of employment (obligatory)
-    Covering letter (optional)
-    CV (optional)
-    Additional documents (optional)

Automated case-by-case decision-making

We do not use any purely automatic processing procedures to come to a decision.

The legal basis for data processing is Article 6(1), letters a) and b) GDPR.

Our website contains a contact form which can be used to contact us electronically. If you write to us via the contact form, we process your data in the contact form so we can contact you and respond to your questions and requests. We observe the principles of data economy and data reduction at this time as we only request the data that we absolutely need to contact you. This information is your email address, the information on your name and country plus the message field. Your IP address is also processed for reasons associated with technical necessity and legal safeguards. All other fields are voluntary and may be completed if you wish to do so, e.g. to help us answer your questions in more detail.

We adopt appropriate security measures so we can protect the security and confidentiality of your data. Your inquiry is sent to us in encrypted form.

If you email us we will only process the personal information included in the email for the purpose of dealing with your inquiry. If you do not use the forms we offer to contact us, no additional data is collected.


Cookies (Art. 6 (1) sentence 1, letter a) GDPR and § 25(1 and 2) of the TTDSG)

Our website uses what are called “cookies”. The purpose of these is to make our website more user-friendly, effective and safe. Cookies are small text files which are placed in your terminal and saved by your browser. Cookies contain only pseudonymized, anonymous data. Some cookies remain in place for the duration of a browser session (so-called “session cookies”), while others are saved for a longer period (these are called “persistent cookies”, for example consent settings). The latter are deleted automatically after the pre-set period for each one (normally 6 months). In addition to our own cookies, additional cookies are used which are controlled by third party providers. These make use of the information contained in the cookies, for example to display content on your screen or record the pages you visited.

By reason of our legitimate interest (Article 6(1), sentence 1, letter f) GDPR) we place technically necessary cookies which are essential for the operation of the website and are needed to ensure its functionality. Without your consent we also place cookies if their sole purpose is to save or access information saved in the terminal for the transmission of messages, or if these are essential for the ability to provide the service you expressly requested, § 25(2) of the German Telemedia and Telecommunication Data Protection Act.

Subject to your consent, additional cookies are used by means of which, for example, we or third parties are able to assess how our services are used. In this way we are able to configure the content to suit users’ needs. The cookies also enable us to measure the effectiveness of a particular advertisement and to position it, for instance, to correspond with the subjects that interest the user. The legal foundation for this is your express consent (Article 6(1), sentence 1, letter a) GDPR and § 25(1) TTDSG).

You can revoke your consent at any time with effect for the future by using our Consent-Manager and change the cookie settings. Please be aware that you must make the changes separately for each terminal.


If you have an account with the third party providers we use and are logged into these providers, your data can be linked with the relevant account. You can avoid this type of amalgamation by not giving your consent to the relevant cookies or by revoking your consent, or by logging out of the relevant service-providers in advance.

Most browsers accept cookies automatically. You can also manually deactivate, restrict or delete cookies on your terminal by means of your browser settings or with the aid of software. If you make it impossible for us to place cookies you will be unable to use all aspects of our web-pages or only able to use them to a limited extent.

Please also note our comments in the section of our service that places cookies.


User profiles / web-tracking processes

Pardot Marketing Automation System

We use the Pardot Marketing Automation System (“Pardot MAS”) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300, Atlanta, GA 30326, USA (“Pardot”) on our websites. Pardot is a product of the Salesforce Group for the capture and evaluation of user behavior on websites. If you have given your consent in accordance with Article 6(1), letter a) GDPR to the use of Pardot when visiting our website, Pardot captures your click path by setting cookies in your browser and uses this information to compile an individual, pseudonymized user profile. Please note that if you leave personal data in an input field on our website, this is combined by Pardot with the user profile already compiled. Pardot then compares this with our CRM system “Salesforce” and, if a data-set is found, adds the user profile or creates a new data set for interested parties. Pardot only processes personal data on our behalf that was collected and in line with our instructions within the constraints of a data processing agreement and standard contractual clauses. You can revoke your consent at any time with effect for the future by using our Consent-Manager. You can also deactivate the creation of pseudonymized user profiles at any time by configuring your Internet browser in such a way that cookies from the domain “Pardot.com” are not accepted. However, this can led to certain restrictions of the functions and user-friendliness of our website.

etracker

On this website we use the services of etracker GmbH, a company based in Hamburg, Germany (www.etracker.com) to analyze usage data. In this process cookies are set which enable the creation of a statistical analysis of the use of our website by visitors to the site. They also make it possible to display user-related content or advertisements. etracker cookies contain no information which enable a user to be identified.
etracker processes and saves the data it creates for us in this way exclusively in Germany; the data is therefore subject to the strict German and European data protection legislation and standards. etracker has been the subject of an independent audit of its data protection measures and has received the Data Protection Quality Seal as well as the ePrivacy seal.
As the privacy of our visitors is particularly important to us, etracker anonymizes the IP address at the earliest possible moment and converts log-on or device identifiers into an unambiguous code which, however, cannot be traced back to a person. etracker makes neither any other use of data, nor links it to other data, nor passes the data to third parties.
Further information on data protection at etracker can be found here.

Our use of etracker is based on the consent you have already given as required by Article 6(1), letter a) GDPR. You can revoke your consent to the data processing described above at any time. Information on the cookie settings you have selected and how to amend the settings can be found at: Consent-Manager.

Friendly Captcha

Our website uses the service “Friendly Captcha” (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a novel, data-protection friendly protective solution to make it difficult for automated programs and scripts (bots) to use our website.
We have therefore incorporated a Friendly Captcha program code into our website to enable the visitor’s terminal to contact Friendly Captcha’s servers so that the visitor’s terminal can receive an arithmetical problem from Friendly Captcha. The visitor’s terminal solves the arithmetical problem, which takes up some of the system resources, and sends the answer to our web server. The latter contacts Friendly Captcha’s server via an interface and receives the answer that the arithmetical problem was correctly solved by the terminal. Depending on the outcome, we can supply inquiries received via our website with security rules and thus continue to process or reject them.
The data is used solely for the purpose of protection against spam and bots as described above.
No cookies are placed on the visitor’s terminal by Friendly Captcha or read out. From the terminal.
IP addresses are only saved in one-way hash encryption and do not enable either ourselves or Friendly Captcha to trace individual persons.
If personal data is collected it is deleted after not more than 30 days.
The legal basis for the processing is our legitimate interest in protecting our website against improper access by bots as well as protection against spam and cyber attacks (e.g. denial of service attacks) Article 6(1), letter f) GDPR.
Further information on data protection when Friendly Captcha is used can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Geoapify

Our website uses Geoapify (Geoapify GmbH, 9 Daimlerstrasse, 86368 Gersthofen, Germany) to display interactive maps. The services of Geoapify are hosted in computer centers located in the EU. If you grant your consent to us, information (your IP address, time stamp, information about your browser and terminal) are passed to Geoapify (Article 6(1), letter a) GDPR). You can revoke your consent at any time (Article 7(3) GDPR). Information on the cookie settings you have selected and how to amend the settings can be found at: Consent-Manager.

For more information on Geoapify, please go to: https://www.geoapify.com/privacy-policy

Links to social media

This website contains links to social media services of Meta / Facebook, Twitter, LinkedIn, YouTube and Instagram. The links to social media services are marked by their logos. If you follow these links you will be redirected to the Ziehm Imaging GmbH corporate site on the relevant social media service. A connection to the servers of the social media service is established when you click on a link to a social media site. This informs the server of the social media service that you have visited our website. Further data is also transmitted to the provider of the social media service, for example:

-    the name of the website which contains the link you clicked on
-    the date and time you accessed the website and/or clicked on the link
-    information about your browser and operating system
-    IP address

If you are logged-in to your social media account when you click on the link, the provider of the social media service may identify your user name and perhaps even your real name based on the data transmitted, and may allocate such information to your personal user account with this social media service. You may block this ability to allocate information to your personal user account by logging out from your social media account before clicking on the link.
The servers of the social media services are located in the USA and other countries outside the European Union. The social media service provider can therefore process your data even in countries outside the European Union. Please note that companies located in these countries are subject to data protection regulations that do not provide the same level of protection of personal data as the laws applicable within the European Union.
Please also note that we have no influence on the extent, nature and purpose of the data processing by the social media service provider. For more information on the use of your data by the social media services embedded in our website, please refer to the privacy policy of the relevant social media service.

Information on data protection in social media

Ziehm Imaging GmbH has many different presences on social media to communicate with users of these sites and to be in a position to inform them via the social media sites about what we offer.
We wish to point out that you use these platforms along with the functions they offer on your own responsibility. This relates in particular to your specific user behavior on these platforms, and to the use of interactive functions (such as commenting, sharing, assessing).
We also draw your attention to the fact that your data can be processed outside the area of the European Union if these functions are used. Please note that when data is transferred to what are called “third countries” outside the EU (for example the USA), the level of protection afforded by the GDPR may not be available in certain circumstances. Thus it may be possible for security agencies to access your data; you have no legal redress against such action.

You will find the key information on privacy law below as it relates to our web presences. Name and address of the individuals responsible for their operation. As well as Ziehm Imaging GmbH, the following entities are responsible for the corporate websites within the meaning of the GDPR as well as other provisions of data protection law:

-    LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
-    Facebook (Meta): Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
-    Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
-    YouTube: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
-    Twitter: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

Purpose and legal basis

We maintain our own fan pages to communicate with visitors and inform them in this way about our offers.
In addition, we collect data for statistical purposes so we can develop and optimize the contents and increase the attractiveness of our website. The data required for this (such as total page views, page activities and data provided by visitors and interactions) are processed and made available to us by the social network. We have no influence on their creation or presentation.
In addition, your personal data is processed by the social media providers for the purposes of market research and promotions. Thus it is possible for a user profile to be created, for example, based on your user behavior and the interests it reveals. In this way, ad impressions and other advertising can be activated within and outside the platforms that correspond to your interests. Cookies are generally saved on your computer for this purpose. Quite separately, data not collected directly from your terminals can also be stored in your user profiles. The result can be cross-device storage and analysis especially, but not exclusively, if you are registered as a member and logged into particular platforms.
We, as provider of this information service, collect and process no further data from your use of our service.
The processing of users’ personal data is based on our legitimate interests in effective information about users and communication with users in accordance with Article 6(1), letter f) GDPR. If the various providers ask you to consent to data processing (e.g. by ticking a box or confirming via a button), the legal basis for the processing is Article 6(1), letter a) and Article 7 GDPR.

Your rights / ability to object

Please note that we cannot influence the extent, type and purpose of the data processing by the social media service network. For more detailed information on the use of your data by the social media networks linked to our website and the opportunities for objecting to such use, we refer you to the following information available via links:

-    LinkedIn
•    Privacy policy: https://www.linkedin.com/legal/privacy-policy
•    Opt-out: https://www.linkedin.com/legal/cookie-policy
-    Facebook
•    Privacy policy: https://de-de.facebook.com/policy.php
•    Opt-out: https://optout.networkadvertising.org
-    Instagram
•    Privacy policy: https://instagram.com/about/legal/privacy/
•    Opt-out: https://optout.networkadvertising.org
-    YouTube
•    Privacy policy: https://policies.google.com/privacy;
•    Opt-out: https://optout.networkadvertising.org
-    Twitter
•    Privacy policy: https://twitter.com/de/privacy
•    Opt-out: https://optout.networkadvertising.org

Overall, you have the following rights regarding the processing of your personal data:
Right to information; right to rectification; right to erasure; right to restrict processing; right to object; right to data portability; right to lodge a complaint with the relevant data protection authority regarding unlawful processing of your personal data.
However, as we do not have full access to your personal data you should address any claims directly to the social media providers as they have access to the personal data of their users and can take appropriate action and provide information.
Should you still require assistance, we will of course attempt to support you. Please contact us at Web-Datenschutz@ziehm.com.


Links to other providers

As can be clearly seen, our website also contains links to the websites of other companies. We have no influence on the content of the websites to which these links lead. We are therefore unable to accept any guarantee or liability for their content. The relevant provider or operator is always responsible for the content of these sites.

The linked sites were investigated for possible infringements of the law and identifiable breaches of rights at the time the links were created. No unlawful content was discernible at this time. However, on-going checks of the linked sites are impractical without specific indications of wrong-doing. Links of this nature are removed immediately if we become aware of any infringements of the law.