Data privacy statement

1. About us

We, medical language service GmbH, are responsible for collecting, processing and storing your data. You can find information about us on our Legal information at any time.

Handling your personal data with care is one of our top priorities. When processing data, we adhere to the legal provisions of the General Data Protection Regulation (GDPR) as well as associated national provisions.

As we would like to provide you with a comprehensive overview of the way we process personal data in our corporate group, you will find an overview of all our services for which we collect and process personal data below.

Should separate or additional conditions apply to individual services, or if we require your consent, then we will indicate this separately before you use the respective service.

In addition, we take a wide range of security measures to protect your personal data. For example, transmission between your web browser and our servers is always encrypted, and we maintain a number of technical and organizational measures to keep your data constantly protected.

2. Why we process your data

You can generally use our website without disclosing your identity. If you would like to contact us, then we will ask for your name and other personal information. It is your decision if you would like to enter this (additional) data. Data which we strictly require from you to carry out our services will be marked as such.

We collect and process your personal data for the following purposes and according to the following legal bases:

  • Contract initiation according to Art. 6 Sec. 1 Clause a) and b) GDPR
  • Contract implementation according to Art. 6 Sec. 1 Clause b) GDPR
  • Customer management according to Art. 6 Sec. 1 Clause b), c) and f) GDPR
  • Communication and data exchange according to Art. 6 Sec. 1 Clause a), b), c) and f) GDPR
  • Public image and advertising according to Art. 6 Sec. 1 Clause a) and f) GDPR
  • Implementation of consent declarations according to Art. 6 Sec. 1 Clause a) GDPR
  • Ensuring proper operation of a data processing system according to Art. 6 Sec. 1 Clause c) and f) GDPR

3. Which personal data we collect and process

We collect different categories of personal data about you. Personal data refers to all information related to an identified or identifiable natural person. A natural person who can be directly or indirectly identified, particularly using an identifying assignment such as a name, is seen as identifiable. Personal data includes, for example, information such as your name, address, telephone number and your date of birth (if indicated). Statistical information which cannot be linked to you either directly or indirectly – for example, the popularity of individual websites within our range or the number of users on a site – is not personal data. Data can be collected directly or indirectly. In both cases, data is only collected when necessary; the data is processed exclusively for the purposes listed under Clause 2. It is your decision whether or not you would like to provide us with data which will optimize your use of our services but is not strictly necessary for them. The corresponding data fields are marked as voluntary.

Data collected directly includes:
e-mail address to contact us using our contact form, data which you actively and knowingly provide in order to use our services as well as additional data which you voluntarily provide, e.g. any fields you fill out which are marked as voluntary.

In addition, data about you is collected indirectly when you use our services:
technical connection data such as which site within our web content you accessed, your IP address, the time and date of the access, the device used, and your browser configuration; data which is collected through website tracking

Underage persons:
Our website is not intended for underage persons and we do not knowingly collect personal data about underage persons.

Should a person under 16 years of age choose to send us personal data, this is only permitted if the legal guardian has provided consent themselves or agreed to the consent of the young person. According to Art. 8 Sec. 2 GDPR, we must receive the contact details of the legal guardian to verify that they have consented or agreed to the young person’s consent. This data as well as the data of the underage person is then processed in accordance with this data protection declaration.

If we determine that a minor under the age of 16 has sent us personal data without the consent of their legal guardian or the guardian’s agreement to the consent of the underage person, the data will be deleted immediately.

4. Who has access to your data and to whom do we transfer your data

a) Access
Access to your personal data which we have stored is limited to our employees and the service providers we employ who need to handle your personal data in order to carry out their tasks.

Third parties will only have access to your data if you have provided your consent or if there are legal grounds for this. We also employ service providers to carry out services and to process your data (including for services such as hosting and website tracking). If any special conditions apply to these, we have listed them for you below for each respective service. The service providers only process the data according to our instructions and are obliged to adhere to the relevant data protection regulations. All order processors were carefully selected and only receive access to your data for the relevant time period and to the extent required to carry out the requested services, or more specifically, to the extent for which you have provided consent for data processing and usage.

b) Transfer to non-member countries and legal basis
The servers of some of the service providers we employ are located in the USA and other countries outside of the European Union. Companies in these countries are subject to data protection regulations that do not protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country that does not have a recognized level of data protection as high as the European Union, we use contractual regulations or other recognized tools to ensure that your personal data is appropriately protected. We will indicate this again for the individual services accordingly.

Should we transfer any personal data to non-member countries, we will do so according to the EU Commission’s adequacy decision for the EU-U.S. Privacy Shield according to Art. 45 GDPR and the 2010 EU standard contractual clauses according to Art. 46 Sec. 2 Clause c) GDPR in conjunction with the decision of the EU Commission dated 05/02/2010 (2010/87/EU) as well as in accordance with your consent according to Art. 49 Sec. 1 Clause a) GDPR.

c) Transfer to law enforcement and criminal investigation authorities
In exceptional cases, we will transfer personal data to law enforcement and criminal investigation authorities. This will be carried out on the basis of corresponding legal obligations, for example in accordance with the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or the State Police Act.

5. Storage durations

We store personal data in accordance with legal provisions and your consent.

The following criteria determine the specific storage duration:

We store personal data until the objectives for which it was collected are fulfilled (for example, at the end of a contractual relationship, following the final activity if there is no continuing obligation, or if you revoke your consent for this specific data processing).

Storage despite these conditions is only continued if there are legal retention requirements (e.g., according to the Fiscal Code or the Commercial Code); the data is still required to assert and exercise legal claims or to defend against legal claims, for example, due to technological and forensic requirements to defend against our servers being attacked or tracked; the deletion would hinder the legitimate interests of the data subject, or another exception according to Art. 17 Sec. 3 GDPR exists.

6. Your rights

You have a number of legal rights about which we would like to inform you.

a) Right to information and data portability
You have the right to request information regarding the personal data we process related to you.

If the data processing depends on your consent or on a contract according to Art. 6 Sec. 1 b) GDPR, you can also request to receive your stored personal data in a structured, conventional, and machine-readable format according to Art. 20 Sec. 1 GDPR. At your request, we will also directly send the data to your specified recipient.

b) Right to correction, limitation and deletion
In addition, according to Art. 16 to 18 GDPR, you can request a correction, limitation (stoppage) or deletion of your personal data from us if we have processed the data incorrectly, if there are grounds for a limitation of continued data processing, if the data processing has become unlawful for a number of reasons, or if storing the data is not permitted for any other legal reasons. We would like to point out that your right to deletion may be limited by legal retention periods.

c) Right of objection
If our data processing is based solely on our legitimate interest according to Art. 6 Sec. 1 f) GDPR, you can object to this processing according to Art. 21 Sec. 1 GDPR. Then we will cease processing your data unless we can establish legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. In addition, you always have the right to object to the use of your data for the purpose of direct advertising with future effect according to Art. 21 Sec. 2 GDPR.

d) Right to revocation
If you have given us your consent to process your personal data, then you have a right to revoke this consent with future effect according to Art. 7 Sec. 3 GDPR.

e) Right to complain to a supervisory authority
You are entitled to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European data protection regulations or other national and international data protection laws.

The contact details of the supervisory authority responsible for us is:

The State Commissioner for Data Protection for Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Telephone: +49 (0)711/61 55 41 – 0
Fax: +49 (0)711/61 55 41 – 15
Email: poststelle@lfd.bwl.de

f) Contact details
You can send us an informal communication using the contact details below in order to exercise your rights. Please also use the following contact details to revoke your consent, indicating which declaration of consent you would like to revoke.

Responsible individual
medical language service GmbH
ELZUFER
Tscheulinstraße 1b
DE-79331 Teningen
Telephone: 07641/95 998 – 0
Email: schalk@medical-ls.com

Personally liable partner:
medical language service GmbH, headquartered in Gundelfingen, Germany

7. Additional information and provisions related to individual services

Contact form

Any data that you provide via our contact form is processed for communication purposes so we can respond to your specific enquiry. This data will be stored for as long as processing is required for this purpose or until the expiry of any subsequent retention periods.