General information

In the following, we would like to inform you about the processing of your personal data while using our website.

1. The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection acts of the Member States of the European Union (EU) as well as respective data privacy policies is:
 
Miltenyi Imaging GmbH
Markthallenstrasse 5
D-78315 Radolfzell

Telefon: +49 7732 94030
Fax: +49 7732 9403239
infoRADnoSpam@miltenyi.com
 
2. The data protection officer of the data controller is:
Sebastian Feik
legitimis GmbH
Dellbrücker Strasse 116
D-51469 Bergisch Gladbach

 
Introduction

This data privacy policy is intended to give you, as a customer or interested party, a detailed overview of how and to what extent your data are collected, stored, processed, passed on and transmitted by us when you visit our website or use our services. In addition, we want to provide you with an overview of the data protection measures we already have in place and the options available to you when visiting our website and using our services.
To continue to ensure the protection of your data in the future, in particular in accordance with new legal requirements and technical developments, it is essential that this data privacy policy is adapted from time to time. We, therefore, recommend you to review our data processing information and notices regularly and to take note of any amendments or supplements.

1. Object of protection
The object of protection is your personal data. Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. This means all data that are (directly or indirectly) related to you, e.g. your first name, last name, addresses, email addresses, user behavior, etc. Data collected in connection with online websites or services that we do not own or control are not covered by this data privacy policy.

2. When and to what extent do we process personal data?
In the following, you will find an overview of all the processes in which your personal data are processed.

2.1. For the provision of contractual services/registration
We process inventory data and contract data in order to be able to fulfil our contractual obligations and to provide our services (Article 6 (1 b) GDPR).

2.2. Establishing contact
If you contact us by email or our contact form, the information will be processed to the extent necessary to answer your questions.

2.3. Visiting our website
If you visit our website, we or our authorized service providers may use cookies or similar technologies. In this case, automatic information is sent to our website server. This information is temporarily stored in so-called log files. The information collected in this way helps us to better adapt our services to the needs of our customers and to make these services better and faster and, above all, even more secure. This information also serves advertising purposes. Find further information under “In detail”[AS1] .

3. Legal basis for processing personal data
Where we obtain the consent of the data subject for the processing of personal data, Article 6 (1a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is party, Article 6 (1 b) GDPR serves as the legal basis. This legal basis also applies when processing is necessary for the implementation of measures prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Article 6 (1 c) GDPR serves as the legal basis.
In cases where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1d) GDPR serves as the legal basis.
If the processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Article 6 (1 f) GDPR serves as the legal basis.

4. Data erasure and retention period
The data stored with us will be erased as soon as they are no longer required for their intended purpose and erasure does not conflict with any legal or contractual obligations. If user data are not erased as they are required for other and legally permissible purposes, their processing shall be restricted. This means the data are blocked and not processed for other purposes. This applies, for example, to user data that must be stored for reasons of commercial or tax law. According to legal requirements, storage is for six years according to Section 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for ten years according to Section 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

5. How do we protect your personal data?
We implement physical, technical and administrative security measures to adequately protect your personal data from loss, misuse, unauthorized access, disclosure or alteration. These security measures include firewalls, data encryption and authorization controls for data access. Further, we select our server locations very carefully. We are committed to securing our systems and services.
However, you are solely responsible for the security and confidentiality of your passwords and your account profile or registration data. In addition, it is your responsibility to verify that the personal data we hold about you is accurate and up-to-date. We shall not be liable for the protection of personal data that we pass on to third parties on the basis of an account link authorized by you.

6. When do we share your data?
First of all, we would like to assure you that we do not sell, lend or rent out your personal data. Data will only be passed on if, for example, this is indispensable for the fulfilment of our contractual obligations, if we have a legitimate interest or if we have your consent. We select all our contractual partner conscientiously and carefully and we oblige them to protect all data in accordance with the respective legal regulations. For this reason, we also conclude a commissioned data processing agreement with the processor pursuant to Article 28 GDPR.

7. Links
Our website may contain links to websites of other providers for whose content we are not responsible and to which this data privacy policy does not extend.

8. Your rights
As soon as your personal data are processed, you are a data subject within the meaning of the GDPR. You are then entitled to the following rights against the data controller (i.e. against us):

  • Right to information,
  • Right to rectification or erasure,
  • Right to limited processing,
  • Right to object to processing,
  • Right to data portability.

You also have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us. Find further information under “In detail”.[AS2]


Website provision and log file generation

1. Scope and duration of data processing
When you visit our website, our system automatically collects data and information from the computer system of the calling end device. The following data are collected and stored for a limited period of time for our own security purposes:
The access logs of the web servers record which webpages are accessed and when. They contain the following data:

  • IP
  • Directory protection user
  • Date
  • Time
  • Accessed pages
  • Logs
  • Status code
  • Data volume
  • Referrer
  • User agent
  • Accessed host name.

The IP addresses are stored in an anonymized format. This involves deleting the last three digits, i.e 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also stored in an anonymized format. The anonymized IP addresses are stored for 60 days. Information on the directory protection user used is anonymized after one day.
Error logs that record incorrect page views are deleted after seven days. In addition to the error messages, these include the accessing IP address and, depending on the error, the website called up.
The data are erased as soon as you end the session. In the event of any further storage, the data records are anonymized and evaluated for the purpose of optimization.
The collection and storage of data are absolutely essential for the provision of our website. Consequently, an opt-out option is not offered.

2. Purpose of and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the end device of the user. For this purpose, your IP address must remain stored for the duration of the session.
The storage in so-called log files is done to ensure the functionality of the website. Moreover, these data are used to optimize the website and to ensure the security of our IT systems. These purposes also include our legitimate interest in data processing within the meaning of Article 6 (1f) GDPR.

3. Processor for log file processing
For the storage and processing of log files, we have concluded a contract for commissioned data processing with the following processor:
Abschnitt eins GmbH
Turmtrasse 30
D-78467 Konstanz

 


Cookies

1. Scope of data processing
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the hard drive of the user. These cookies contain a characteristic string of characters that allows the browser to be uniquely identified when you visit the website again. Cookies cannot run programs or transfer viruses to your computer.

1.1. Transient cookies
These are so-called “session cookies”. This type of cookie saves a “session ID”. They allow your computer to be recognized when you visit the website again. Session cookies are deleted automatically two hours after logging in.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1f) GDPR.

3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website are not available without the use of cookies. In this case, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications:

  • Login in the protected support section (session cookies)

4. Duration of storage, possibility of objection and removal
Cookies are stored on your computer and transmitted from there to our website. Therefore, you, as a user, have full control over the use of cookies. By changing the settings in your Internet browser, you can either deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. Please note that if cookies are deactivated for our website, some functions of the website may not be available to their full extent. Session cookies are deleted automatically as soon as the browser is closed.
 


Newsletter

On our website, you have the possibility to subscribe to a free newsletter. When registering for the newsletter, data from the input mask are transmitted to us. When registering for our newsletter, it is sufficient to provide your email address. In addition, the following data are collected during registration:

  • Salutation
  • First name
  • Last name
  • Company
  • Email address
  • IP address of the calling computer
  • Date and time of registration

For the processing of your data, your consent will be obtained during the registration process. This will be recorded by us. Registration to our newsletter is done through a so-called “double-opt-in process”. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation process helps to prevent someone using someone else’s email address to register. Registrations for the newsletter are recorded, thus enabling us to prove that the registration process is in line with the legal requirements set out. This includes the storage of the registration and confirmation time as well as the IP address.
The data will be erased as soon as they are no longer required for the reason they were collected. Your email address will therefore be stored for as long as your subscription to the newsletter is active.
 
1. Sendinblue GmbH
To send our newsletter, we use the services of a third-party service provider. After extensive research, we decided to use the newsletter distribution platform “Newsletter2Go” of the German service provider Sendinblue GmbH, Köpenicker Str. 126, D-10179 Berlin, to send our newsletter. The email addresses of our newsletter recipients as well as other user data described in the notices are stored on servers in Germany. Sendinblue uses this information to send and evaluate the newsletter on our behalf.

We trust in the reliability and IT and data security of Sendinblue. Further, we have concluded a data processing agreement. Find the company’s data privacy policy and further information about Sendinblue at: de.sendinblue.com/informationen-newsletter-empfaenger/


Sendinblue GmbH is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2.  Legal basis for and purpose of data processing
The legal basis for data processing after registration for the newsletter by the user is, if the user has given their consent, Article 6 (1a) GDPR. Use of a mailing service provider is based on our legitimate interest pursuant to Article 6 (1f) GDPR. Collection of the email address of the user is necessary to send the newsletter. We are interested in using a user-friendly and secure mailing system that serves our business interests and meets the expectations of the users.

3. Possibility of objection and removal
You can cancel receipt of our newsletter at any time by simply revoking your consent. The easiest way to withdraw your consent is by clicking the respective link at the end of each newsletter.
  


Support form, contact by email

1. Scope of data processing
You can contact us by email as well as via the support form. If you use the support form to contact us, the data entered in the input mask will be transmitted to us and stored. In this case, the following data are also stored:

  • Company (mandatory field)
  • First and last name (mandatory field)
  • Email address (mandatory field)
  • IP address of the calling end device (systemic survey)
  • Date and time of the request (systemic survey)
  • Phone number (optional)
  • Part number (optional)
  • Serial number (optional)
  • Product name (optional)
  • Software revision (optional)
  • Hardware revision (optional)
  • Problem description (optional)

For the processing of data, your consent will be obtained prior to sending your details and reference will be made to this data privacy policy.
Further, it is possible to contact us via our provided email address. In this case, your personal data transmitted with the email will be stored. There will be no transfer of your data to third parties. The data will be used exclusively for processing your contact request.

2. Purpose of and legal basis for data processing
Your data are used exclusively for processing your request. In the event of contact via email, this also constitutes the legitimate interest in the processing of the data. The other personal data processed when sending are used to prevent misuse of the contact form and to ensure the security of our IT systems.
The processing of the data occurs on the basis of the user’s consent pursuant to Article 6 (1a) GDPR. The legal basis for the processing of the data in the course of sending an email is Article 6 (1f) GDPR. If the email sent has the aim of concluding a contract, Article 6 (1b) GDPR forms the additional legal basis for processing.



Applications

We process the data which you have sent us together with a job application in accordance with the legal requirements and exclusively on the basis of your consent (Article 6 (1a) GDPR) in order to check your suitability for the position and to carry out the application procedure. The legal basis in this case is Article 6 (1b) GDPR (prior to entering into a contract) in conjunction with Section 26, Para. 1 of the German Federal Data Protection Act (data processing within the context of a future employment relationship).
Insofar as special categories of personal data (in particular health data, e.g. a severe disability) are transmitted, processing is carried out pursuant to Article 9 (2b) GDPR. Within the framework of the application process, the processing of data serves exclusively to fulfil our obligations pursuant to Section 164 SGB IX (German Social Welfare Code).
If, after completion of the application procedure, the data are required for legal prosecution, data may be processed on the basis of the conditions stipulated in Article 6 GDPR, in particular to safeguard legitimate interests pursuant to Article 6 (1f) GDPR. Our interest then consists of the establishment, exercise or defense of legal claims. In order to enforce these interests, we store your data for a period of six months.
In the event of a successful application, the data provided by you may be further processed by us within the context of the employment relationship. Access to your data is restricted to the people who require your personal data as part of the application process.
 
Your rights as the data subject
Below, we will inform you about your rights as a data subject.

1. Right of access by the data subject, Article 15 GDPR
You always have the right to obtain confirmation as to whether or not personal data concerning you are being processed. This information is of course free of charge, as long as it is not requested more often than average. If your personal data are being processed, you have the right of access to the following information:

  • The purposes of the processing;
  • The categories of personal data concerned;
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • Where the personal data are not collected from the data subject, any available information as to their source;
  • The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

 
2. Right to rectification, Article 16 GDPR
If the personal data concerning you that we have stored is incorrect or incomplete, you can request rectification of the inaccurate data. Rectification must be carried out without undue delay.

3. Right to restriction of processing, Article 18 GDPR
In the following conditions, you have the right to obtain from the data controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • The data controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • You object to the processing pursuant to Article 21 (1) GDPR pending the verification whether our legitimate grounds override those of you.

Where the processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing according to the aforementioned conditions, you shall be informed by us before the restriction is lifted.

4. Right to erasure
Unless there is a legitimate interest to the contrary, you can assert your right to erasure at any time.

5. Revocation of consents
Any data processing that takes place on the basis of your consent can be stopped as soon as you revoke your consent. Revocation can be made at any time and with effect for the future. As we are obliged to store the consent given due to our accountability, the revocation must be in writing, wherein a revocation by email is sufficient.
 


Data privacy notices for online social media presence 

1. Online presence
These are the data privacy notices for the online social media presence of
 
Miltenyi Imaging GmbH
Markthallenstrasse 5
D-78315 Radolfzell

Telefon: +49 7732 94030
Fax: +49 7732 9403239
infoRADnoSpam@miltenyi.com
 
2. Data protection officer
 
The appointed data protection officer for our company is:
 
Sebastian Feik, Dipl.-WJur. (FH)
legitimis GmbH
Dellbrücker Strasse 116
D-51469 Bergisch Gladbach
dataprivacy-helpdesknoSpam@legitimis.com
 
3. Purpose of data processing
We maintain a presence in various social media networks to present our company, provide information, get in touch with the respective users and to communicate with them.
 
4. Processing of personal data
When you visit our website, we do not directly process any user data. But the respective provider processes the personal data of users. It is also possible that personal data may be processed by us when users engage and contribute to our social media pages, i.e. whenever they become active and post comments, for example. This affects, in particular, the respective user name and the contents published by the user in their account.
Further, the data of users within social networks are usually processed for market research and advertising purposes. For instance, usage profiles may be created on the basis of usage behavior and the resulting interests of users. The usage profiles can, in turn, be used, for example, to place ads inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies, which store the usage behavior and interests of the users, are usually stored on the computers of the users. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged on to them).
For a detailed presentation of the respective forms of processing and the opt-out options, we refer below to the data privacy policies and information provided by the operators of the respective networks.

Please note:
When visiting our websites, you always use the respective services and functionalities on your own responsibility. In principle, we have no influence on the type and scope of the data processed by the respective service, the type of data processing, the use of data or the transfer of data to third parties.
 
5. Legal basis
The processing of personal data by us is based on our legitimate interest in the presentation of our company to third parties and in the effective exchange of information with the users of our online presence (Article 6 (1f) GDPR).
 
6. Data transfer
We would like to point out that user data may be processed outside the European Union within the context of our social media presence. This can pose risks for users because, for example, it may be more difficult to enforce user rights. Details can be found in the data privacy policy of the respective provider (see below). With regard to US providers certified under the Privacy Shield or offering comparable guarantees of a secure level of data protection, we would like to point out that they thereby commit themselves to comply with EU data protection standards.
We do not transfer data to third countries outside the EU/EEA or to an international organization unless an adequate level of protection is guaranteed. These include standard contractual clauses for data transfers between EU and non-EU countries as well as transfers on the basis of an adequacy decision by the EU Commission.
 
7. Overview of our online presence

7.1 LinkedIn
LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The data privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
LinkedIn is certified under the EU-US Privacy Shield to transmit data to the USA: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active, it cannot be excluded that data may be transferred to the USA.
An option of objection (opt-out) for the LinkedIn ad cookie can be found at: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
 
7.2. XING
XING is a service of XING AG, Gänsemarkt 43, D-20354 Hamburg
The data privacy policy and the opt-out option can be found at: https://privacy.xing.com/de/datenschutzerklaerung

8. Data erasure
If we process the personal data of users, we only store the data for as long as they are necessary to fulfil the purpose for which they were collected or unless we are required to do so by legal obligations. The data are subsequently stored until the end of the statutory retention period.

9. Your rights as a data subject

9.1 Your right to information
On request, we will send you, free of charge, information about all the personal data we have stored about you.
 
9.2  Your rights to rectification, erasure, limitation of processing (blocking), objection
Should you no longer agree with the storage of your personal data or if the data is no longer correct, we will at your request ensure the data are erased, blocked or make the necessary rectifications (as far as this is possible according to applicable law). The same applies if we are to process data in the future only in a limited manner.
 
9.3  Your right to data portability
Upon request, we will provide you with your personal data in a standard, structured and machine-readable format so that you can, if you wish, submit the data to another data controller.
 
9.4 Your right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
 
9.5 Your revocation of consent with effect for the future
Any given consent can be revoked at any time with effect for the future. However, your revocation does not affect the lawfulness of data processing until the time of revocation.
 
9.6 Limitations

Data where we are unable to identify the data subject, for example, if they have been anonymized for analysis purposes, are not covered by the aforesaid rights. Information, erasure, blocking, rectification or transfer to another company may be possible with respect to such data if you provide us with additional information that allows us to identify the data.

Miltenyi Imaging GmbH
Markthallenstrasse 5
78315 Radolfzell
Germany

Fax

+49 7732 9403239