Privacy Notice

Information on data processing for this website in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data from the data subject.

FormMed HealthCare GmbH is responsible for this website and, as a provider of a telemedia service, is obligated to inform you at the beginning of your visit about the type, scope, and purposes of the collection and use of personal data in a precise, transparent, comprehensible, and easily accessible manner using clear and simple language. This information must be available to you at all times.

We place great importance on the security of your data and compliance with data protection regulations. The processing of personal data is governed by the provisions of the current European and national laws.

We would like to provide you with the following privacy notice to explain how we handle your personal data and how you can contact us:

FormMed HealthCare GmbH
Schönberger Weg 13
60488 Frankfurt am Main
Germany
Commercial register no.: HRB 128692
Managing directors: Jan Herweijer, Steven Jongeneel, Dr. Roland Schmidt
Phone: +49 69 76805698-22
Email: info@formmed.de

Contact for Data Protection at FormMed HealthCare GmbH:
Sven Lenz
Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Germany

For any questions regarding data protection or other related inquiries, please feel free to send an email to the following address: datenschutz@formmed.de

A. General

To enhance readability, we avoid gender-specific differentiation. Corresponding terms apply equally to all genders. The definitions of terms such as "personal data" or its "processing" can be found in Article 4 of the GDPR. 

Personal data processed in connection with this website include: 

- Inventory data (e.g., customer names and addresses) 
- Contract data (e.g., services provided, payment information) 
- Usage data (e.g., pages visited on our website) 
- Content data (e.g., entries made in online forms) 

B. Specific

Privacy Notice

We guarantee that we only process your data in connection with handling your requests, for internal purposes, and to provide services or content requested by you. 

Legal Basis for Data Processing

We process your personal data only in compliance with the relevant data protection regulations. 

Legal bases include: 

- Provision of our contractual services 
- Processing required by law 
- Your electronic consent (e.g., subscription to the newsletter) 
- Pursuit of our legitimate interests

We are happy to explain where the above legal bases are regulated.

Processing for the fulfillment of our services and contractual measures:

Article 6(1)(b) GDPR

Processing to fulfill our legal obligations:

Article 6(1)(c) GDPR

Consent:

Article 6(1)(a) and Article 7 GDPR

Processing to safeguard our legitimate interests:

Article 6(1)(f) GDPR

 

Transfer of Data to Third Parties

We inform you that your data may be transferred to third parties.

Your data will only be shared with third parties within the scope of legal requirements. We will only pass on your data if, for example, it is necessary for contractual purposes or based on legitimate interests in the economic and efficient operation of our business.  

If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations. 

Data Transfer to a Third Country or an International Organization

A third country refers to countries where the GDPR does not have direct legal application. This generally includes all countries outside the EU or the European Economic Area.

There is no data transfer to a third country or an international organization without a legal basis. 

Storage Duration of Your Personal Data

We adhere to the principles of data minimization and data avoidance. This means that we only store your data for as long as is necessary to fulfill the purposes mentioned above or as stipulated by the legislator's various storage periods. Once the respective purpose ceases or after the corresponding periods expire, your data will be routinely and legally blocked or deleted.

We have established an internal company concept to ensure this procedure.

Contact

By contacting us via the website, you agree to electronic communication. Personal data will be processed during electronic contact with us. The information you provide will be stored solely for the purpose of processing the request and for any follow-up questions.

We would like to inform you of the legal basis for this:

- Processing for the fulfillment of our services and contractual measures in accordance with Article 6(1)(b) GDPR  

Please note that emails can be read or altered by unauthorized persons during transmission without notice. We also inform you that we use software to filter unwanted emails (spam filters). Emails can be rejected if they are mistakenly identified as spam by certain characteristics. 

Your Rights

a) Right to Information

You have the right to request information about your stored data free of charge. Upon request, we will inform you in writing about the personal data we have stored about you. This also includes the origin and recipients of your data as well as the purpose of data processing.

b) Right to Rectification

You have the right to correct inaccurate data stored by us. You can request a restriction of processing, for example, if you dispute the accuracy of your personal data.

c) Right to Blocking 

Furthermore, you can have your data blocked. To ensure that your data can be considered for blocking at any time, this data must be kept in a lock file for control purposes.

d) Right to Deletion

You can request the deletion of your personal data as long as there are no statutory retention obligations. If such an obligation exists, we will block your data upon request. If the legal requirements are met, we will delete your personal data even without your request.

e) Right to Data Portability

You have the right to request that the personal data you have provided to us be made available in a format that allows it to be transmitted to another entity.

f) Right to File a Complaint with a Supervisory Authority

You have the option to file a complaint with one of the data protection supervisory authorities.

The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163, 65021 Wiesbaden Germany
Phone: +49 611 1408-0
Fax: +49 611 1408-900

You can open the complaint form via the following link: https://datenschutz.hessen.de/service/beschwerde  

Note: A complaint can also be directed to any data protection supervisory authority within the EU.

g) Right to Object

You may object to the processing of your data at any time on grounds arising from your particular situation, in accordance with Article 6(1)(e) and (f) GDPR; this also applies to profiling based on these provisions.

FormMed HealthCare GmbH will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. It is sufficient to send us an email to this effect.

h) Right to Withdraw Consent

You have the right to withdraw the consent you have given for the processing of your data at any time with effect for the future without stating any reasons. You will not incur any disadvantages from such a withdrawal. It is sufficient to send us an email to this effect.

However, such a withdrawal does not affect the lawfulness of the processing carried out based on your consent before the withdrawal in accordance with Article 6(1)(a) GDPR.

To exercise your data subject rights, send us an email to the following address: datenschutz@formmed.de

Protection of Your Personal Data

We take contractual, technical, and organizational security measures in accordance with the state of the art to ensure that data protection laws are complied with and to protect the processed data from accidental or intentional manipulation, loss, destruction, or unauthorized access.

This includes the encrypted transmission of data between your browser and our server. A 256-bit SSL (AES 256) encryption technique is used for this purpose.

Your personal data is protected as part of the following points (excerpt):

a) Ensuring the Confidentiality of Your Personal Data  
We have implemented various measures to control access, entry, and availability to ensure the confidentiality of the data stored with us.

b) Ensuring the Integrity of Your Personal Data
We have implemented various measures to control the disclosure and input of data to maintain the integrity of the data stored with us.

c) Ensuring the Availability of Your Personal Data

We have implemented various measures to control availability and tasks to ensure the availability of your personal data.

The security measures in place are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the inherently insecure nature of the internet. Therefore, any data transmission by you is at your own risk.

Data Collection, Third-Party Modules, and Analytics Tools

Server log files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

This includes:  

- Browser type and version  
- Operating system used  
- Referrer URL  
- Host name of the accessing computer  
- Time of Server Request
- IP address

This data will not be merged with other data sources.

The legal basis for data processing is our legitimate interest in accordance with Art. 6(1)(f) GDPR. 

Cookies

Cookies are small text files that are stored locally in your internet browser's cache. Cookies, for example, allow the recognition of your internet browser. These files are used to help the browser navigate through the website and utilize all of its functionalities.

Cookies necessary for carrying out electronic communication processes or providing certain functions requested by you (e.g., shopping cart functionality) are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimal provision of its services. Other cookies (e.g., cookies for analyzing your browsing behavior) are treated separately in this privacy notice.

We may store cookies on your device if they are strictly necessary for the operation of our website. For all other types of cookies, we require your permission.

Our website uses different types of cookies. Some cookies are placed by third-party services that appear on our pages.

You can change or withdraw your consent at any time on our website. Please provide your consent ID and the date when contacting us regarding your consent.

Your consent applies to the following domains: www.formmed-shop.de
Your current consent status:  
Your consent ID:  
Consent date:  

Modify your consent | Withdraw your consent

The cookie declaration was last updated on   by Cookiebot.

Cookiebot

We use Cookiebot as a consent manager with a cookie banner. Cookiebot is a product of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereafter referred to as "Cybot."

By using Cookiebot, we inform users about the use of cookies on our website and allow them to make an informed decision regarding their use.

If the user consents to the use of cookies, the following data is automatically logged by Cybot:

• The anonymized IP number of the user
• Date and time of consent
• The user agent of the end user's browser
• The URL of the provider
• An anonymous, random, and encrypted key
• The user's approved cookies (cookie status), which serves as proof of consent

The encrypted key and cookie status are stored in a cookie on the user's device to maintain the corresponding cookie status for future site visits. This cookie automatically deletes itself after 12 months.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is in the user-friendliness of our website and compliance with legal requirements under GDPR.

Users can prevent or terminate the installation of the cookie, its storage, and thus their cookie consent, at any time by adjusting the settings in their browser.

Further information on data protection is provided by Cybot at the following links:
https://www.cookiebot.com/en/privacy-policy/

Google Analytics 4

We use Google Analytics 4 on our website, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This enables us to analyze user behavior on our website.

Google Analytics 4 typically uses "cookies." These are text files that are stored on your device, allowing for an analysis of your website usage. Information collected through cookies about your use of the website (including your device’s shortened IP address) is generally transmitted to and stored on Google servers. Information may also be transmitted to Google LLC servers in the USA for further processing for their purposes. For the transfer of your data to the USA, we obtain separate consent under Art. 49(1)(a) GDPR.

When using Google Analytics 4, the IP address transmitted by your device is automatically shortened and processed in this form.

On our behalf, Google uses this and other information to evaluate your use of the website, generate reports on website activity, and provide other services related to website and internet usage. Data collected via Google Analytics 4 is retained for 14 months and then deleted.

Data is further processed for the purposes of market research and optimizing our website. Google processes this data on our behalf to evaluate usage and provide us with reports on website activity. Processing is based on your consent. The legal basis is Art. 6(1)(a) GDPR and Art. 49(1)(a) GDPR.

Google Analytics 4 also offers the "demographic characteristics" function, which allows us to compile statistics regarding users' age, gender, and interests. This helps us define target audiences for marketing purposes. The data collected via this feature is not personally identifiable and is stored for 14 months before being deleted.

Additionally, we use Google Signals as an extension to Google Analytics 4. Google Signals allows us to create cross-device reports. If you have enabled personalized ads in your Google account and linked your internet-enabled devices to your Google account, Google can analyze user behavior across multiple devices and generate models based on this data. Data shows, for example, which device was used for the first click on an ad and which device was used for the resulting conversion. We receive only reports created by Google Signals. Data collected via Google Analytics 4 is retained for 14 months and then deleted.

You can deactivate personalized ads in your Google account settings, which will stop the cross-device analysis in connection with Google Signals. Follow the instructions here: https://support.google.com/ads/answer/2662922. Further information about Google Signals can be found at: https://support.google.com/analytics/answer/7532985?hl=en 

We also use the "UserID" feature in Google Analytics 4. By assigning individual UserIDs, we can create cross-device reports. If you set up a personal account on this website and log in with your credentials across different devices, your user behavior will be analyzed across devices. The data shows, for instance, which device was used for the first click on an ad and which device was used for the related conversion.

All of the processes described above, including the setting of Google Analytics cookies, occur only with your explicit consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25(1) of the TTDSG. Without your consent, Google Analytics 4 will not be used during your website visit.

Data is transferred to a third country (USA) or an international organization. Since July 2023, an EU Commission adequacy decision (Data Privacy Framework) has determined that the USA provides a data protection level comparable to that of the EU. This decision now serves as the legal basis for data transfers to certified organizations in the USA. According to the U.S. Department of Commerce’s list of certified companies, Google LLC is listed as a certified company.

To ensure compliance with European data protection standards, even when transferring data from the EU or EEA to the USA, Google relies on the European Commission's standard contractual clauses, which we have contractually agreed upon with Google.

The data is shared within the corporate group. The following recipients may receive your data:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor according to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Further legal information on Google Analytics 4, including a copy of the standard contractual clauses, can be found here: https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites

You can object to Google Analytics 4’s data storage and evaluation at any time. Simply go to Cookie Settings and toggle the "Statistics" category to the left. Then click the "Accept selection" button. 

Google Ads Conversion Tracking

We use the online advertising program "Google Ads" on this website, including its conversion tracking feature provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). By using Google Ads, we can promote our offerings on external websites through ads and measure the success of these campaigns. This allows us to display personalized ads.

When a user clicks on an ad placed by Google, a conversion tracking cookie (a small text file) is placed on their device. These cookies usually expire after 30 days and do not allow for personal identification. With the help of this cookie, Google can track that a user arrived at our website via the ad.

Cookies cannot be tracked across Google Ads customer websites. The information collected from these cookies is used to generate conversion statistics, which inform us of the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can personally identify users.

We use Google Ads only if you have given us your consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG. When using Google Ads, your data may also be transferred to Google LLC servers in the USA. Since July 2023, an EU Commission adequacy decision (Data Privacy Framework) has confirmed that the USA offers a level of data protection comparable to the EU. This decision now serves as a basis for transferring data to certified organizations in the USA. According to the U.S. Department of Commerce, Google LLC is a certified company. 

You may withdraw your consent at any time with future effect. To do so, disable this service in the "Cookie-Consent-Tool" provided on the website or follow the described steps for objection.

You can object to the storage and evaluation of data by Google Ads at any time. Simply go to "Cookie Settings" and slide the "Marketing" category in the cookie banner to the left. Then click the "Accept selection" button.

You can also block this usage by disabling the Google Conversion Tracking cookie in your browser’s "User settings." In this case, you will not be included in the conversion tracking statistics.

For more information about Google's privacy policies, visit: https://www.google.de/policies/privacy

You can permanently opt out of Google Ads Conversion Tracking by downloading and installing the browser plugin available at: https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of our website may not be available or may be limited if you disable cookies. 

Google Remarketing or "Similar Audiences" Component by Google

We use the Remarketing or "Similar Audiences" feature on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

We use this feature to display interest-based, personalized advertising on third-party websites that are also part of Google’s advertising network.

If you have given consent for this processing, the legal basis is Art. 6(1)(a) GDPR. The legal basis may also be Art. 6(1)(f) GDPR, with our legitimate interest being the analysis, optimization, and economic operation of our website.

To enable this advertising service, Google stores a cookie containing a numerical identifier on your device via your internet browser during your visit to our website. This cookie anonymously tracks your visit and usage of our website. No personal data is shared. If you subsequently visit a third-party website that also uses Google’s advertising network, you may see advertisements related to our website or our offerings.

To permanently disable this feature, Google offers a browser plugin for the most common internet browsers at https://www.google.com/settings/ads/plugin.

Additionally, you can opt out of cookie usage from specific providers at http://www.youronlinechoices.com/uk/your-ad-choices or http://www.networkadvertising.org/choices/

Through cross-device marketing, Google may track your usage behavior across multiple devices, allowing interest-based, personalized ads to be displayed even when you switch devices. However, this requires you to consent to linking your browsing history with your existing Google account.

You can opt out of the storage and evaluation of data by Google Ads at any time. Simply click on "Cookie Settings" and slide the toggle for the "Marketing" cookie category to the left in the cookie banner. Then, click the "Accept selection" button. 

Google Tag Manager

We use the service called Google Tag Manager, provided by Google. "Google" refers to a group of companies, including Google Ireland Ltd. (the service provider), Gordon House, Barrow Street, Dublin 4, Ireland, as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other affiliated companies of Google LLC.

Google Tag Manager is a tool that facilitates the loading of other components, which may, in turn, collect data. However, Google Tag Manager does not access this data itself.

Where legally required, we have obtained your consent for the above-mentioned processing of your data in accordance with Art. 6(1)(a) GDPR.

There may be a transfer of data to a third country (in this case, the USA) or an international organization. As of July 2023, a decision on adequacy by the European Commission (Data Privacy Framework) recognizes the USA as a third country with a data protection level comparable to that of the EU. This adequacy decision now serves as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the U.S. Department of Commerce, Google LLC is listed as a certified entity.

For more information on Google Tag Manager, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en

Google Translate

Our website uses the translation service Google Translate via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For privacy reasons, Google Translate is disabled by default. It will only be activated once you select a language. To use the functions of Google Translate, your IP address must be stored. In addition to your IP address, the URL of the visited page will be transmitted to Google. The translation will then appear directly on the Google Translate page.

We have no control over the data collected or the data processing activities. Furthermore, we are not aware of the extent of the data collection, the purposes, or the retention periods.

The use of Google Translate is in the interest of providing easy accessibility and usability of our website for international visitors, which constitutes a legitimate interest under Art. 6(1)(f) GDPR.

For more information on how user data is handled, please refer to Google’s privacy policy: https://www.google.com/policies/privacy/.

Meta Pixel for Creating Custom Audiences with Advanced Matching

Within our online offering, we use the "Meta Pixel" of the social network Facebook in advanced matching mode, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

When a user clicks on an ad displayed on Facebook, the URL of our linked page is appended with an additional parameter through the Meta Pixel. This URL parameter is then enhanced in the user's browser by setting a cookie from our website upon redirection. Additionally, this cookie captures specific customer data, such as the email address, that we collect on our website in connection with Facebook ads during processes like purchases, account sign-ups, or registrations (advanced matching). The Meta Pixel reads the cookie and enables the transmission of this data, including specific customer information, to Meta.

With the help of the Meta Pixel and advanced matching, Meta can accurately identify visitors to our online offering as a target audience for displaying ads (so-called "Facebook Ads"). This allows us to show the Facebook ads we run only to Facebook users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products based on visited websites) that we transmit to Meta ("Custom Audiences").

Additionally, we aim to ensure that our Facebook ads align with users' potential interests and are not perceived as intrusive. We can also analyze the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad ("conversion"). This helps us better measure the effectiveness of our ad campaigns by capturing more attributable conversions.

All transmitted data is stored and processed by Meta, enabling a connection to the individual user profile, and Meta may use the data for its own advertising purposes, as outlined in Facebook's Data Usage Policy (https://www.facebook.com/about/privacy/). This data may allow Meta and its partners to display ads on and off Facebook. To this end, we have entered into a joint controllership agreement with Meta in accordance with Art. 26 GDPR.

These processing activities occur only with your explicit consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG.

The information generated by the Meta Pixel is usually transmitted to a Meta server and stored there. This may also involve transmission to Meta's servers in the USA. As of July 2023, the European Commission has adopted an adequacy decision (Data Privacy Framework) recognizing the USA as a third country with a data protection level comparable to that of the EU. This adequacy decision now serves as a suitable safeguard under Art. 45 GDPR for data transfers to certified organizations in the USA. According to the list of certified companies published by the U.S. Department of Commerce, Meta Inc. is listed as a certified company.

You can object to the storage and evaluation of data by Meta at any time. Simply click on "Cookie Settings" and slide the toggle for the "Marketing" cookie category to the left in the cookie banner. Then, click the "Accept selection" button.

DocCheck

DocCheck uses so-called "cookies" – text files stored in the user's browser to facilitate the use of services. The information generated by these cookies is transmitted solely to DocCheck's servers and is not shared with the website operator or any third parties. No data transfer to countries outside the EU takes place. For more information, please refer to the privacy policy at http://www.doccheck.ag/en/privacy-statement/.

Log data

As part of the use of the DocCheck password protection, DocCheck collects so-called log data (IP address, access date, access time, referrer URL, information about hardware and software used, such as browser characteristics, device information like resolution) from users who access the information provider's website where the login is embedded via "embed" or iFrame. This data is not used to draw conclusions about the person, but rather to ensure the proper display of page or iFrame content and/or to maintain the security of DocCheck services.

Qualityclick Affiliate Program

The operators of this website use the Qualityclick affiliate software. The provider is NetSlave GmbH, Simon-Dach-Str. 12, 10245 Berlin, www.netslave.de (hereinafter "Qualityclick").

If you arrive at our website via a banner connected to Qualityclick, our website will store a cookie in your browser. Cookies are small text files that the internet browser saves on the user's computer. These cookies expire after 30 days and are not used to personally identify users.

This cookie allows us to track the following information about your online shopping behavior:

• Your order ID
• The total value of your purchases
• The products you purchased
• The date of the purchase

Using the order ID, we are able to identify your identity via our shop backend until the cookie is deactivated; however, we will not make use of this option.

The use of Qualityclick is aimed at conducting targeted advertising campaigns. For instance, it allows us to track which websites referred you to our website, enabling us to select and compensate our advertising partners accordingly. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. The interests of the users of our website are not unduly affected by the use of Qualityclick, as the cookies are only active for 30 days and are generally not used for identifying the user.

Details on the functions of the Qualityclick affiliate software can be found here: https://www.netslave.de/funktionen.html.

NetSlave's privacy notice can be accessed here: https://www.netslave.de/datenschutz-2019.html.

Integration of Trusted Shops Trustbadge / Other Widgets

Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g., the seal of approval, collected reviews) and offer Trusted Shops products to buyers after an order.

This serves to protect our overriding legitimate interests in optimal marketing by enabling secure purchasing in accordance with Art. 6(1)(f) GDPR. The Trustbadge and its associated services are provided by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, with whom we share joint data controllership as defined by Art. 26 GDPR. Below, we inform you about the essential contract contents under Art. 26(2) GDPR.

The Trustbadge is provided as part of a joint controllership by a U.S. content delivery network (CDN) provider. An adequate level of data protection is ensured through standard contractual clauses and additional contractual measures. Further information on the data protection of Trusted Shops AG can be found in their privacy policy.

When the Trustbadge is accessed, the web server automatically stores a so-called server logfile, which contains your IP address, date, and time of access, transmitted data volume, and the requesting provider (access data), documenting the access. The IP address is anonymized immediately after it is collected, so the stored data cannot be traced back to you. The anonymized data is used primarily for statistical purposes and error analysis.

After completing an order, your email address is hashed using a cryptological one-way function and transmitted to Trusted Shops AG. The legal basis for this is Art. 6(1)(f) GDPR. This is used to verify whether you are already registered with Trusted Shops AG and is necessary for fulfilling our and Trusted Shops' legitimate interests in providing the buyer protection linked to the specific order and transactional review services in accordance with Art. 6(1)(f) GDPR. If you are already registered, further processing will take place based on the contractual agreement between you and Trusted Shops. If you are not yet registered, you will have the opportunity to do so after the order is completed. Further processing after registration will also follow the contractual agreement with Trusted Shops AG. If you do not register, all transmitted data will be automatically deleted by Trusted Shops AG, and no personal reference will be possible.

In the context of the joint responsibility between us and Trusted Shops AG, please contact Trusted Shops AG for any questions regarding data protection or to assert your rights, using the contact details provided in the privacy information linked above. Alternatively, you can always contact the data controller of your choice. Your request will then, if necessary, be forwarded to the other responsible party for a response.

Newsletter

When you subscribe to our email newsletter, we regularly send you information about our offers. To do so, personal data is collected. The only required information for sending the newsletter is your email address. Providing additional data is voluntary and helps us address you personally. We use this data for our own promotional purposes in the form of email newsletters, provided you have explicitly consented to this.

We use the double opt-in process for newsletter subscription. This means that we will only send you an email newsletter after you have explicitly confirmed that you agree to receive the newsletter. We will then send you a confirmation email, asking you to confirm, by clicking on the appropriate link, that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you sign up for the newsletter, we store your IP address, as entered by the internet service provider (ISP), as well as the date and time of registration to track any possible misuse of your email address at a later date.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to us at info@formmed.de. Additionally, you can opt-out from receiving the newsletter in your customer account or via the form at https://www.formmed-shop.de/newsletter. After unsubscribing, your email address will be immediately removed from our newsletter distribution list and added to a suppression list to ensure the revocation is respected.

Newsletter Delivery via CleverReach

Our newsletter is sent using the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany ("CleverReach"), to whom we pass on the data you provided when subscribing to the newsletter. This transfer occurs in accordance with Art. 6(1)(f) GDPR and is based on our legitimate interest in using an effective, secure, and user-friendly newsletter system. The data you enter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.

CleverReach uses this information to send the newsletter and to statistically analyze the newsletters on our behalf. The emails contain web beacons or tracking pixels, which are one-pixel image files stored on our website. This enables us to determine if a newsletter has been opened and which links, if any, have been clicked.

Through conversion tracking, it is also possible to analyze whether a predefined action has been performed after clicking a link in the newsletter. Additionally, technical information is collected (e.g., time of access, IP address, browser type, and operating system). The data is collected exclusively in a pseudonymized form and is not linked to your other personal data. Direct identification of a person is excluded. This data is used solely for statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you object to this statistical analysis of your data, you must unsubscribe from the newsletter.

We have entered into a data processing agreement with CleverReach, in which we obligate CleverReach to protect our customers' data and not to pass it on to third parties.

Further information about CleverReach’s data analysis can be found here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

You can view CleverReach’s privacy policy here: https://www.cleverreach.com/de/datenschutz/.

 

Postal Advertising to Existing Customers

We use the personal data you provide (e.g., first and last name, address) to send you postal advertisements. This includes offers for similar goods or services from our range that are comparable to those you have already purchased. The mailing of such advertisements is based on our legitimate interest in personalized direct advertising in accordance with Art. 6(1)(f) GDPR.

You may object to the use of your data for postal advertising at any time with future effect without providing any reason.

For sending these advertisements, your data is transferred to the shipping service provider for delivery purposes.

Information under Art. 13 GDPR for New Contacts

Data Controller
FormMed HealthCare GmbH
Schönberger Weg 13
60488 Frankfurt am Main
Germany

Purpose of Data Processing
We process your personal data only in compliance with the applicable data protection regulations. Your data is processed only under the following legal grounds:

• For the fulfillment of our contractual obligations
• When the processing is required by law
• Based on our legitimate interests

We use your data to respond to inquiries or for communication related to your specific request. This includes the data you provide through contact forms or during your inquiry (e.g., name, contact details, email address, nature of the request, phone number, etc.).

Your data is stored and processed in our CRM/internal management programs, office programs, and email systems.

Access to your data is governed by a role-based access system and is only granted to the necessary individuals for the respective purposes.

Legal Basis for Processing

The primary legal basis for processing your personal data is Art. 6(1)(b) GDPR. The processing is necessary for the performance of a contract or for pre-contractual measures.

We may also rely on Art. 6(1)(f) GDPR, based on our legitimate interest. We assume that, for example, communication is also in the interest of the data subject.

Retention Period
We store your data only as long as necessary to fulfill the purposes mentioned above or as required by law. Retention periods may derive from § 257 of the German Commercial Code (HGB) or § 147 of the German Fiscal Code (AO). For example, commercial letters, including relevant emails, must be retained for 6 years, and accounting records for 10 years. The retention period begins at the end of the calendar year in which the last entry was made.

Once the purpose no longer applies or after the retention periods have expired, your data will be routinely blocked or deleted in accordance with legal requirements.

Transfer of Data to Third Parties
We only share your personal data with third parties when it is legally permitted or if you have given your consent.

Data Transfer to a Third Country or International Organization

A third country refers to countries where the GDPR does not directly apply. This includes all countries outside the EU/EEA.

There is no transfer of data to a third country or international organization without a legal basis.

However, by using Microsoft 365, we cannot rule out the possibility of data being transferred to a third country, despite servers being set up in Germany.

Withdrawal of Consent
If processing is based on consent, you may withdraw your consent at any time with future effect by sending an email to datenschutz@formmed.de. Alternatively, you can send a letter to FormMed HealthCare GmbH, Schönberger Weg 13, 60488 Frankfurt am Main, or call us at +49 (0)69 / 768 05 698-22.

Data Subject Rights
You have the right to access your personal data, request correction of incorrect data, and, under certain circumstances, request the deletion of data, restrict data processing, or request data portability.

Contact details of the data protection officer
Sven Lenz
Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Phone: +49 (0)831 / 930653-0 0
E-mail: datenschutz@formmed.de

Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the relevant data protection authority if you believe that the processing of your personal data is not lawful.

The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone.: +49 (0)611 / 1408-0
Fax: +49 (0)611 / 1408-611

Sharing Personal Data for Order Processing

The personal data we collect will be passed on to the shipping company tasked with delivering the goods as part of the contract processing, to the extent necessary for the delivery of the goods. Payment data will also be shared with the financial institution processing the payment.

PayPal

In our webshop, we offer the option to pay via the service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When you choose a payment method involving prepayment (e.g., credit card payment), the payment data you provide during the order process (e.g., name, address, bank and card details, currency, and transaction number) is shared with PayPal for payment processing in accordance with Art. 6(1)(b) GDPR.

When choosing a payment method involving post-payment (e.g., invoice, installment, or direct debit), you may be required to provide additional personal data.

PayPal may carry out a credit check to assess the risk of non-payment, based on Art. 6(1)(f) GDPR.

More information on PayPal’s data privacy practices is available at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. 

Payment Processing via Computop GmbH

For credit card or SEPA direct debit payments, the payment is processed through Computop GmbH. During the order process, the information you provide, along with order details (name, address, credit card number or IBAN, amount, currency, and transaction number), will be transferred to Computop GmbH solely for payment processing purposes.

More details on Computop's privacy policy can be found here: https://computop.com/de/datenschutz.

Transfer of Data to Shipping Providers DHL/DPD

For the purpose of delivery, the recipient’s name and address will be shared with the shipping providers DHL or DPD as necessary for delivery in accordance with Art. 6(1)(b) GDPR.

 

Changes to Our Privacy Policy

We reserve the right to adjust our privacy policy to reflect the current legal requirements or to implement changes to our services, such as introducing new services. The updated privacy policy will apply to future visits. 

Version: April 2024