(Version dated 09/2019)
We appreciate your interest in our company, our products and services and our website www.iem.de. At IEM, we understand that protecting your privacy is important to you. That is why compliance with legal data protection regulations is a matter of course for us. It is also important to us that you, as a customer, know at all times when and how we collect, store and use information about you.
In the following, we inform you about the collection and other processing (e.g. storage, retrieval, modification, transfer) of personal data. Personal data is all data that is personally related to you, such as: name, address, e-mail addresses, user behavior.
If we process personal data as part of our products and services and the use of our website, or we rely on contracted service providers for individual functions, offers or services of our website with regard to data processing, or if we wish to use your data for advertising purposes, we will inform you in detail about the respective processes, in particular which data are processed here. We also name the intended storage duration or, at least, the specified criteria for storage duration as well as the relevant legal basis for the respective processing.
I. Name and address of the person responsible
The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:
Tel.: +49 2402 9500 0
II. Contact details of the data protection officer
You can reach our external data protection officer at firstname.lastname@example.org or at the postal address: datenschutz.com, Pappelallee 78/79, 10437 Berlin with the subject "IEM GmbH".
III. Collection and storage of personal data as well as type, purpose, legal basis and duration of their use
- When visiting the website
In the merely informative use of the website, ie if you do not use the contact form or the chat and otherwise provide us with information, we will only collect the personal access data in so-called server log files, which your browser transmits to our server. As part of the server log files, the following data is collected:
- IP address
- Date and time of the request
- Time Zone Difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
These data will be evaluated solely for the purpose of ensuring trouble-free operation of the site in terms of stability and security and to improve our offer and then discarded. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes for data collection.
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
- By using our products, services and features of our website
We offer various products, services and features on our website that you can use if you are interested. To do so, you may be required to provide additional personal information that we use to provide the service and for which the aforementioned data-processing principles apply. The products, services, offers and features are described below.
(a) Contact by phone, e-mail or contact form
When you contact us by telephone, e-mail or via our contact form, as a general request or requesting a quotation, the data voluntarily provided by you (such as your company, your e-mail address, your pre-and post-personal information, surname, your address and, if applicable, your telephone number) are stored by us to answer your question. The answer is usually by e-mail or if indicated and requested by phone.
The legal basis for processing is Art. 6 para. 1 lit. f) of the GDPR; the legitimate interest lies in answering your request.
(b) Chat program SnapEngage
We point out that we as the provider of the site do not receive full knowledge of the content of the transmitted data and their use by SnapEngage. For more information, visit http://en.snapengage.com/privacy-policy.
You can prevent the use of the SnapEngage cookies by setting your browser accordingly. We point out, however, that you may not be able to use our chat in full in this case. By using the chat, you consent to the data collection and - processing by SnapEngage.
(c) Apply for a job
If you apply for a job with us through the e-mail address provided on this website or other portals, the personal data you provide us with will be used solely for the purpose of filling the vacancy and examining and processing your personal data used in this context. After completing the application procedure with regard to the specific job advertised, this data will be blocked for further use and deleted after expiry of any statutory retention requirements. The legal basis for the processing is Art. 88 GDPR in connection with § 26 Abs. 1 BDSG.
(d) Use of agedio® K520
In the case of the standard use of a product of the agedio® brand, IEM processes within the App agedio® K520 your information on gender, age, height and weight. The processing serves the purpose of an evaluation of your blood pressure values and your vessel condition. In addition, IEM GmbH evaluates your data and measurement results as well as device data (model, serial number, crash information, etc.) anonymously for the purpose of improving the measuring instruments and for research purposes. An assignment of the measured data to your person is not possible, the data is considered anonymous.
1) In the case of using agedio® with the activated special feature "PROCAM", IEM additionally stores the following data: Your data on smoking and diabetes, family history, antihypertensive therapy, LDL and HDL cholesterol and triglycerides.
2) In the case of using agedio® with the activated special feature "Questionnaire", IEM also saves your submitted answers.
3) In the case of using agedio® with the activated special feature "Customer ID", which allows the entry of a customer ID, IEM additionally saves this ID, for example, in order to assign the data to a person within the framework of a clinical study. In addition, an automatically assigned measurement ID is printed on the report. If the entry of a customer ID is possible, the consent of the end customer to store the data is explicitly requested before the agedio® measurement. The consent can be revoked at any time by stating the automatically assigned measurement ID.
The operator is obliged to provide IEM with no further data that could be used to establish a relationship between transmitted measurement data and individual end users.
IV. Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only share your personal information with third parties if:
- You’re according to Art. 6 para. 1 p. 1 lit. a GDPR have given express consent to this
- The disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
- In the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR a legal obligation exists, as well
- Legally permissible and in accordance with Art. 6 (1) S.1 lit. b GDPR is required for the settlement of contractual relationships with you.
V. Cookies & Analysis Services
In order to make the visit to our website user-friendly and effective and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device and that store certain settings and data for exchange with our system via your browser. Through the cookies, the location that sets the cookie (here through us), certain information. Cookies cannot run programs or transmit viruses to your computer.
Cookies contain no personal data and can therefore not be directly assigned to a user. Please note that certain cookies are already set as soon as you enter our website. This website uses the following types of cookies:
- Necessary / Functional Cookies: These cookies are necessary to enable the operation of our website. These include, for example, cookies that allow you to log in to the customer area.
- Transient cookies: These are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies: These are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
(a) Google webfonts
To visually improve the display of various information on our website, Google Webfonts (http://www.google.com/webfonts/) are used. The webfonts are transferred when the page is called into the cache of the browser in order to use them for the presentation. If the browser does not support Google Web fonts or prohibits access, the text will be displayed in a standard font.
When you visit the site, no cookies are set for you. Data submitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. You will not be associated with any information collected or used in connection with the parallel use of authenticated Google services such as Gmail.
You can set your browser so that the fonts are not loaded by the Google servers (for example, by installing add-ons such as NoScript or Ghostery for Firefox.) If your browser does not support Google Fonts or you have access to the Stop Google servers, the text is displayed in the default font of the system.
General privacy information is available at the Google Privacy Center at: http://www.google.com/intl/en-US/privacy/
(b) Google Maps
On our website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature.
By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in § 3 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the formation of these user profiles, and you must comply with this to Google.
http://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
Third Party Information: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
VI. Social Media Plugins
We currently use the following social media plug-ins:
We use the so-called two-click solution. This means that if you visit our site ("first click"), initially no personal data will be passed on to the providers of the plug-ins. The provider of the plug-in can be recognized by the marking on the box above the first letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the highlighted field ("second click") and activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, the under III. §1 of this statement.
VII. Your rights
If personal data is processed by you, you have the following rights with respect to the personal data concerning you:
- Right to information, Art. 15 GDPR
You may ask the person responsible for confirmation of the processing of personal data concerning you.
If such processing is available, you can request information from the person responsible about the following information:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed, in particular to recipients in third countries or to international organizations; in the latter cases, you may ask for the appropriate guarantees in accordance with. Art. 46 GDPR to be informed in connection with the transfer;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
- Right to rectification, Art. 16 GDPR
You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.
- Right to cancellation, Art. 17 GDPR
a) Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent to the processing gem. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You file an objection according to Art. 21 para. 1 GDPR objection (see point X) against the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 GDPR objection to the processing.
- Your personal data has been processed unlawfully.
- The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the person in charge has made the personal data relating to you public and is in accordance with. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Person requested by them to delete all links to such personal data or to make copies or replicas of such personal data.
The right to erasure does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims.
- Right to restriction of processing, Art. 18 GDPR
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR (see point X) and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If you have restricted the processing according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
- Right to information, Art. 19 GDPR
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
- Right to data portability, Art. 20 GDPR
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
- the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and
- the processing is done by automated methods.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected.
Your right to cancellation remains unaffected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
- Right to objection, Art. 21 GDPR
- Right to revoke the data protection consent declaration
Any given consent to the processing of your personal data can be revoked at any time from the person responsible. Please note that the revocation only works for the future. The lawfulness of the processing on the basis of the consent until the revocation is not affected.
- Automated decision in individual cases including profiling, Art. 22 GDRP
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
In cases (1) and (3), the controller takes appropriate action to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his or her own position and to challenge it heard of the decision.
Moreover, decisions based solely on automated processing must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Article 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
- Right to complain to a supervisory authority, Art. 77 GDPR
You also have the right to complain to a data protection supervisory authority about the processing of your personal data. You may submit your complaint to the supervisory authority in the Member State of your whereabouts, your place of work or the place of alleged infringement. The supervisory authority to which the complaint has been submitted will inform you as complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
You can exercise your aforementioned rights by sending an informal message to our data protection officer with the subject "IEM GmbH". This message should be sent to:
- Postal: datenschutz.com, Pappelallee 78/79, 10437 Berlin, Germany
- Electronic: email@example.com
VIII. Right to object according to Art. 21 GDPR
Case-specific right of objection
You have the right for reasons arising from your particular situation at any time against the processing of personal data relating to you which, on the basis of Art. 6 para. 1 lit. e GDPR (Data Processing in the Public Interest) and Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to safeguard the legitimate interests of the person in charge or of a third party) is to file an objection; this also applies to profiling based on these provisions. If you object, we will not process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection in the above-mentioned cases can be made free of form and should be sent by post or electronically to the above under no. VII address.
IX. Data security
We endeavor to store your personal data by taking all technical and organizational possibilities so that they are not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.
X. Links to other pages