Data Protection Information

Name and address of the company

The responsible party as per the General Data Protection Act (hereafter „GDPR”) and other national data protection laws of the member states and other data protection regulations is:

MDI Limbach Berlin GmbH
Dr. med. Dr. med. univ. [Hungary] Knud-Peter Krause
Sonnenburger Straße 70
10437 Berlin
Tel.: +49 (0)30 / 44 33 64-200
E-mail: info @ mdi-labor.de

Geschäftsstelle
Sonnenburger Straße 70
10437 Berlin
Tel.: +49 (0)30 / 44 33 64-200
E-mail: info @ mdi-labor.de
Internet: www.mdi-labor.de

Name and address of the data protection officer

Sylvana Schreiber
Datenschutzbeauftragte – DSB-TÜV
Datenschutzauditorin – TÜV
19348 Perleberg
Hopfenstraße 25
Website: www.externedatenschutzbeauftragte.de
Contact: www.externedatenschutzbeauftragte.de/kontakt-datenschutzbeauftragter/
E-mail: dsb @ isc-computer.de

General data processing

Scope and authorisation of the processing of personal information
We only retrieve and utilise our users’ personal information if such is required to ensure the functionality of our website as well as our content and services. The user's data are processed and used regularly and only with the user's consent.

This does not apply to instances in which prior acquisition of consent is not possible for objective reasons and the processing of data is authorised by legal regulations.

The legal basis for the processing procedures for personal information with prior consent from the respective person is Art. 6 para. 1 lit. a GDPR. The legal basis for the processing of personal information required to fulfil a contract or conduct pre-contractual measures is Art. 6 para. 1 lit. b GDPR. The legal basis for the processing of personal information to fulfil a legal obligation is Art. 6 para. 1 lit. c GDPR. In the event that essential interests of the respective person or another natural person necessitate the processing of personal information, the legal basis for this is Art. 6 para. 1 lit. d GDPR. If the processing is required to protect a justified interest of our company or of a third party and if these interests outweigh the interests of the respective person with regard to the fundamental rights and freedoms of the respective person, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing of data.

Deletion of data and storage duration
The personal information of the respective person will be deleted or blocked if there is no (or no longer) reason to store it. Information may also be stored if such is authorised as per legal requirements for the processing of data. In this case, the information is blocked or deleted if the legally stipulated storage period lapses, unless there is a legal requirement to continue storing the data for the finalisation or fulfilment of a contract.

Data processing through usage of our website

Visiting our website
When visiting our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is automatically stored without any action on your part and until automatic deletion: IP address of the visiting computer, date and time of visit, name and URL of the file visited, website that redirected to the page (referrer URL), browser used, and if applicable your computer’s operating system and the name of your access provider.

We will process the specified data for the purposes of ensuring the smooth establishment of a connection with the website, comfortable usage of our website, evaluation of system security and stability, and other administrative purposes.

The legal basis for the processing of data is Art. 6 para. 1 p. 1 lit. f GDPR. Our justified interest lies in the above-stated purposes of data retrieval. In no instance will we use the retrieved data to identify you as an individual.

Usage of our contact form
There is a contact form on our webpage that can be used to get in touch with us electronically. If a user utilises this option, the data entered into the contact form as well as the IP address, date and time will be sent to us and stored. Your consent for the processing of your data will be obtained during the sending process and you will be referred to this privacy policy. The legal basis for the processing of data in this case is Art. 6 para. 1 lit. a GDPR.

Contact can also be made via the e-mail address provided. In this case the personal information of the user sent with the e-mail will be stored. There is no forwarding of the information to third parties in this case. The legal basis for the processing of these data is Art. 6 para. 1 lit. f GDPR. If the e-mail contact seeks to conclude a contract, an additional legal basis for this processing is Art. 6 para. 1 lit. b GDPR.

The processing of data for the purpose of making contact with us takes place in accordance with Art. 6 para. 1 p. 1 lit. a GDPR, and requires your voluntary consent. The personal data retrieved by us for the usage of the contact form will be automatically deleted once the request you have sent has been settled.

Forwarding of data
There is no forwarding of your personal information to third parties for purposes other than those listed below. We only forward your personal information to third parties if you have granted your explicit consent as per Art. 6 para. 1 p. 1 lit. a GDPR, forwarding as per Art. 6 para. 1 p. 1 lit. f GDPR for purposes of asserting or defending legal claims is required and there is no reason to assume that you have considerable, defendable interest in the non-forwarding of your data, in the event that there is a legal obligation to forward your data as per Art. 6 para. 1 p. 1 lit. c GDPR, or if such is legally permissible as per Art. 6 para. 1 p. 1 lit. b GDPR for the execution of contractual relationships with you.

Usage of cookies
We use cookies in the operation of our website in order to make it more user-friendly. Some elements of our website require identification of the visiting browser even after switching to a different page.

Cookies are small files that allow specific, device-related information to be stored on the user's access device (PC, smartphone, etc.). They assist in the user-friendliness of websites and thus the users (e.g. saving log-in data), and serve to gather statistical data of website usage and help analyse them in order to improve the service. The users may influence the usage of cookies. Most browsers offer an option to limit or completely prevent the saving of cookies. However, we wish to point out that usage, and especially user convenience, will be limited without cookies.

The user data retrieved in this manner are pseudonymised by technical means. This prevents allocation of the data to the visiting user. The data are not saved alongside other personal data of the users.

The legal basis for the processing of personal information via cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal information via technically required cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal information via cookies for the purposes of analysis, with respective consent from the user, is Art. 6 para. 1 lit. a GDPR.

The purpose of the usage of technically required cookies is to simplify the usage of websites for the users. Some functions of our website cannot be offered without the usage of cookies. For these, the browser needs to be recognised even after changing to a different page.

The usage of analysis cookies serves to improve the quality of our website and its content. Through analysis cookies we learn how the website is used and are thus always able to optimise our service accordingly.

These purposes also include our justified interest in the processing of personal information as per Art. 6 para. 1 lit. f GDPR.

Third-party services

The party responsible for processing has integrated content and services of other providers into the website. These include maps provided by Google Maps, videos from YouTube, and graphics and images from other websites. Transmission of the IP address is absolutely necessary for these data to be pulled up and presented in the user’s browser. The providers (hereafter referred to as „third-party providers”) are thus able to view the respective user’s IP address.

Even though we strive to solely utilise third-party providers who only need the IP address to be able to deliver content, we have no influence over whether the IP address may be saved. In this case, this process serves statistical purposes, among other things. If we learn that the IP address is stored, we will inform our users.

Application and usage of Matomo
We use the open-source software Matomo to analyse and statistically evaluate usage of the website. Cookies are used for this purpose (see item 4). The information on website usage created by the cookie is forwarded to our servers and consolidated in pseudonymous user profiles. The information is used to evaluate usage of the website and to facilitate a need-based arrangement of our website. There is no forwarding of information to third parties. The IP address will never come into contact with other data about the user. The IP addresses are anonymised, meaning that allocation is not possible (IP masking). Your visit to this website is currently recorded by the Matomo web analysis. Click here (https://matomo.org/docs/privacy/) to ensure that your visit is no longer documented.

Here you can decide if a unique web analysis cookie is to be installed in your browser that will allow the administrator of the website to record and analyse various statistical data. If you would like to opt out of this, click the following link to install the Matomo deactivation cookie in your browser.

Your visit to this website is currently recorded by the Matomo web analysis. Click here to ensure that your visit is no longer documented.

Data protection for applications and during the application process

We retrieve and process the personal information of applicants for the purpose of completing the application process. This processing may also be carried out electronically. This is especially likely if an applicant submits the corresponding application paperwork to us electronically, such as via e-mail or the application form provided on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored in order to conclude the employment relationship with adherence to the legal regulations. If we do not conclude an employment contract with the applicant, the application paperwork will automatically be deleted two months after disclosure of the notice of rejection, provided we do not have any other justified interests that would prevent this deletion. Other justified interests in this regard include, for example, the obligation of verification in a process as per the German General Act on Equal Treatment (AGG).

Rights of the affected person

You have the right:
(1) as per Art. 15 GDPR to request information about your personal information that we have processed. In particular you may request information concerning the processing purposes, the category of the personal information, the categories of recipients to whom your information has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, limitation of processing or objection, the existence of a right to complaint, the origin of your information if it was not us who gathered it, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information regarding its characteristics;
(2) as per Art. 16 GDPR to request the completion or immediate correction of incorrect personal information stored by us;
(3) as per Art. 17 GDPR to request the deletion of your personal information stored by us, provided the processing thereof is not required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
(4) as per Art. 18 GDPR to request the restriction of the processing of your personal information, provided you contest the accuracy of the information, the processing is unlawful, you object to its deletion and we no longer need the information but you need it to assert, exercise or defend legal claims, or you have filed an appeal against the processing thereof as per Art. 21 GDPR;
(5) as per Art. 20 GDPR to request to receive your personal information that you have provided to us in a structured, common, machine-readable format or to have it forwarded to another responsible party;
(6) as per Art. 7 para. 3 GDPR to revoke your one-time consent to us at any time. This will result is us no longer being able to continue the data processing based on this consent in future; and
(7) as per Art. 77 GDPR to file a complaint with a supervisory authority. You can usually refer to the supervisory authority of your primary place of residence or place of employment, or the location of our office.

Right to objection

You always have the right to object to the processing of your own personal information as per Art. 6 para. 1 lit. e or f GDPR for reasons pertaining to your special situation; this also applies to profiling based on these terms.

The responsible party shall cease processing of your personal information, unless they are able to verify compulsory, defendable reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, execution or defence of legal claims.

If your personal information is processed in order to carry out direct advertising, you have the right to object to the processing of your personal information for such advertising purposes at any time; this also applies to profiling, provided it is in conjunction with such direct advertising.

If you object to the processing for purposes of direct advertising, your personal information will no longer be used for these purposes.

Regardless of Directive 2002/58/EU, you have the option to exercise your right to objection via automated processes, in connection with the usage of information society services, for which technical specifications are used.

Case-by-case automated decision-making including profiling
You have the right not to be subjected to a decision exclusively based on automated processing, including profiling, that has a legal impact on you or significantly negatively affects you in a similar manner. This does not apply if the decision

(1) is required to conclude or fulfil a contract between you and the responsible party,
(2) is permissible based on legal regulations of the Union or the member states to which the responsible party is subject, and these legal regulations include appropriate measures for protecting your rights and freedoms as well as your justified interests, or
(3) has received your explicit consent.
However, these decisions may not apply to special categories of personal information as per Art. 6 para. 1 GDPR, provided Art. 9 para. 2 lit. a or g does not apply and reasonable measures have been taken to protect your rights, freedoms and justified interests.

In the event of (1) and (3), the responsible party shall take appropriate measures to ensure your rights, freedoms and justified interests, whereby at least the right to intervene remains with a person affiliated with the responsible party, with disclosure of said person's own perspective and upon challenge of the decision.

As a company aware of our responsibility, we abstain from making decisions automatically or profiling.

Data security

When you visit the website we use the expanded SSL (secure socket layer) procedure in conjunction with the highest encryption level currently supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we utilise 128-bit v3 technology instead. You can tell if a specific page of our website is encrypted if you see a key or lock symbol in the bottom status bar of your browser.

Aside from this, we take appropriate technical and organisational measures to protect your data against random or deliberate manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in accordance with technological development.

Currentness and change to this privacy policy

This privacy policy is currently valid and was updated in May 2018.

Continued development of our website and services or changes to legal or official requirements may necessitate changes to this privacy policy. The respectively current privacy policy can always be found on this page and printed.

To top