MEDION AG Data Privacy Policy (Last Revised May 2018)
Thank you for visiting MEDION (MEDION AG, Am Zehnthof 77, 45307 Essen). We take the protection of your personal data very seriously and want you to feel secure when using our website and our products. The protection of your privacy when processing personal data is important to MEDION and its centrality is evident in all our business practices. We are concerned for the protection of your data which we collect, process and use when you visit the MEDION website. Please do not hesitate to contact us if you have any questions on the subject of data protection with reference to MEDION and we will make every effort to deal with your inquiry promptly. We also welcome your suggestions. The privacy statement may be updated from time to time. We therefore ask you to read this page regularly. The last line of this statement below indicates when it was last updated.
1. Basic principles
Your personal data are collected, processed and used in strict compliance with the statutory provisions and according to the principles of good faith. As far as possible, we conduct our business processes in such a way that the data protection requirements are already taken into account during the development of the products and services and ensure that personal data are anonymised in such a way that the data subject cannot be identified or can no longer be identified if this does not jeopardise the agreed purpose. MEDION will use your personal data for the technical administration and further development of this website, for customer management, user administration and marketing, to inform you about our services and products, and for other precisely defined purposes.
2. Sources and data
We process personal data which we have received directly from you in the context of our business relations. We also process personal data which we legitimately obtain from publicly accessible sources or which are rightfully transmitted to us by other third parties, insofar as these data are required for the provision of the relevant services and for the agreed purpose.
We save your data as required to process your purchase orders, to enable the use of our products or to provide services, such as repairs, and – if you so choose – to process payments. These are personal data, such as your address details, date of birth (for transactions requiring age verification), and data required for certain payment methods. The relevant purchase order data (item, quantity, price, etc.) are filed with your address. In most cases MEDION is already required by law to collect these data (in the case of age verification, for example, under the German Youth Protection Act (Jugendschutzgesetz - JuSchG) or under the German Fiscal Code (Abgabenordnung - AO).
3. Purpose of processing and legal basis
Your personal data will be processed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) as well as the regulations in force in the state of North Rhine-Westphalia:
For the fulfilment of contractual obligations (Art. 6 (1) b) GDPR):
Personal data are processed in connection with the trade in products and services in the field of consumer electronics. The purposes of data processing will depend primarily on the specific product (e.g. physical or digital) and its possible applications or they may also depend on the order placed with us (e.g. repair). Further details on data processing purposes can be found in the contractual documents, the operating instructions and the terms and conditions or the terms of use.
In connection with the balancing of interests (Art. 6 (1) f) GDPR):
If necessary, we will process your data beyond the actual performance of the contract to safeguard our legitimate interests or the legitimate interests of third parties. This will include the review and optimisation of procedures for the analysis of requirements for the purposes of approaching customers directly, advertising, market research and opinion polls (unless you have objected to the use of your data for these purposes), the assertion of legal claims and defence in legal disputes, the guarantee of IT security and IT operation of MEDION, the prevention and investigation of criminal offences based on official orders, and the measures put in place for the business management and further development of MEDION services and products.
On the basis of your consent (Art. 6 (1) a) GDPR):
If we have your consent to process personal data for specific purposes (e.g. forwarding of data within the group of companies, evaluation of data for marketing purposes), the legality of such processing is based on your consent. Once granted, consent may be revoked at any time. This also applies to the revocation of consent granted to us before the GDPR entered into force, i.e. before 25.05.2018. The revocation of the consent does not affect the legality of the data processed until the revocation.
For compliance with legal requirements (Art. 6 (1) c) GDPR) or in the public interest (Art. 6 (1) e) GDPR):
This might include identity and age checks, for example, or the fulfilment of inspection and reporting obligations under tax law. Unless specifically stated below, no personal data are processed during the use of this website, i.e. no personal data are saved, changed or passed on to third parties.
4. Transmission of data to third countries or international organisations
Data are transmitted to bodies in countries outside the European Union (referred to as third countries) insofar as this is necessary to process your orders or if required by law or if you have given us your consent. MEDION does not transfer any personal data to bodies in third countries or international organisations in any further respects. MEDION does, however, use service providers for certain orders who in turn use service providers who may have their company headquarters, parent company or data processing centres in a third country. Under Art. 45 GDPR, data may be transmitted if the European Commission has decided that there is an adequate level of protection in a third country. If no such decision has been taken, MEDION or the service provider may only transfer personal data to a third country or to an international organisation if appropriate safeguards are in place (e.g. standard data protection clauses adopted by the Commission or by the supervisory authority in a particular procedure) and if enforceable rights and effective legal remedies are available. MEDION has agreed contracts with these service providers for order processing, as it is called, which stipulate that fundamental data protection standards are always agreed with their contractual partners in keeping with the European level of data protection.
5. Storage periods
MEDION processes and stores your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, they are routinely deleted unless their further processing is necessary – for a limited period – for the purpose of preserving evidence under the statute of limitations. Under sections 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch - BGB), these statutory limitation periods can be up to 30 years although the regular limitation period is three years. This also includes the fulfilment of statutory retention obligations under commercial law and tax law, as set out in the German Commercial Code (Handelsgesetzbuch - HGB) or the German Fiscal Code (Abgabenordnung - AO). The mandatory data and documentation storage periods specified in the aforementioned laws range from two to 10 years.
6. Your rights as the data subject
Any person whose personal data are processed has the following rights as the data subject:
Right of access (Section 34 of the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Section 35 BDSG, Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR) and
Right to object (Art. 21 GDPR)
There are restrictions under sections 34 and 35 BDSG, however, which apply to the right of access and the right to erasure (Art. 23 GDPR). There is also a right to lodge a complaint with a supervisory authority with responsibility for data protection (Art. 77 GDPR in conjunction with Section 19 BDSG). The supervisory body for MEDION is the North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (LDI NRW) at the following address: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein Westfalen, Postfach 200444, 40212 Düsseldorf. www.ldi.nrw.de/kontakt
7. Obligation to provide data
Within the context of our business relationship, you are required to provide such personal data as are necessary to establish and conduct business relations and to fulfil the contractual obligations associated therewith or such personal data as we are legally obliged to collect. Without these data we will generally not be able to conclude or execute the contract with you, or your statutory rights (e.g. guarantees and warranties) will be at risk.
8. Automated individual decision-making and profiling
As a general principle, we do not use fully automated decision-making processes, as defined in Art. 22 GDPR, to establish and conduct business relations. Should we use these procedures in individual cases, we will specifically inform you if required to do so by law. We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling for various purposes, such as to be able to provide you with targeted information on products and services or we use evaluation tools. These enable needs-based communication and advertising, including market research and opinion polls.
9. Collection of personal data during visits to our website
If you visit the website for information purposes only, as in merely browsing, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data which your browser transmits to our server. If you view our website, we will therefore collect the following data which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 (1) section 1 f) GDPR):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Volume of data transmitted in any given case
– Website from which the request is sent
– Browser
– Operating system and its interface
– Language and version of the browser software
In addition to the aforementioned data, cookies will also be stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive and assigned to the browser you are using and through which certain information is sent to the body which places the cookie (us in this case). This is used in various ways, such as to analyse the performance of the website through cookies which help to improve our website by providing us with overall statistics on the number of visitors to a site, the sections of a site viewed most frequently, and the city or location of the users. These may be installed by external analysis service providers acting on our instructions. These cookies cannot identify you personally. Cookies cannot run programs or transmit viruses to your computer. They serve merely to make the website easier to use and more efficient overall. MEDION uses the following types of cookies: transient cookies and persistent cookies.
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies which store a session ID with which various requests sent by your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period which can vary depending on the cookie. You can delete cookies at any time in the security settings in your browser.
You can configure your browser settings as you wish and refuse the acceptance of third-party cookies or all cookies, for example. We would point out that you may not be able to use all the functions of this website in this case. Please note that most browsers offer different ways of protecting your privacy. You can allow first-party cookies, for example, but block third-party cookies or ask to be notified each time a website wants to install a cookie. Please note that disabling cookies in this way will mean that it is not possible to set new cookies but it will not prevent cookies previously set from continuing to function on your device until you have deleted all the cookies in your browser settings. You can usually find the instructions for managing cookies on your browser under the help function in the browser or in the operating instructions for your smartphone or for the stationary or mobile product with Internet access which you are using.
We also use cookies to be able to identify you on return visits if you have an account or separate individual access to our offers. Otherwise you would have to log in again on each visit. The Flash cookies used are not detected by your browser but by your Flash plug-in. We also use HTML5 storage objects which are stored on your end device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not want the Flash cookies to be processed, you need to install an add-on like the one for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting the private mode in your browser.
10. Privacy policy for social media plug-ins
Our website does not currently use social network plug-ins (Twitter, Facebook, etc.). Should this change in the future, the social plug-ins will not start transferring data until you have activated the buttons. Every time you visit a page on our website which has a plug-in of this type, the plug-in causes the browser you are using to load and display the plug-in visual from the social network server. If you are registered with the relevant social network, the social network server is told which specific page on our website you are currently visiting and is sent other data, such as your IP address in particular. We have no control over the amount of data which the social network collects by means of this plug-in. Please refer to the data privacy policy issued by the respective social network for the relevant information, e.g.:
https://de-de.facebook.com/privacy/explanation ;
https://policies.google.com/privacy?hl=de
https://twitter.com/privacy?lang=de ;
11. Information about your right to object under Art. 21 of the General Data Protection Regulation (GDPR)
You may withdraw your consent from MEDION at any time for the processing of personal data. This also applies to the withdrawal of any declarations of consent issued to us before the General Data Protection Regulation (GDPR) entered into force, i.e. before 25.05.2018. Please note that the revocation will only be effective for future processing. Any processing which took place before the revocation will not be affected by this.
Right to object in individual cases
You have the right, at any time for reasons arising from your particular situation, to object to the processing of personal data concerning you pursuant to Article 6 (1) e) GDPR (data processing in the public interest); this also applies to any profiling based on this provision as defined in Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for their processing which override your interests, rights and freedoms or if the data are processed for the establishment, exercise or defence of legal claims.
If we base the processing of your personal data on the balancing of interests, you may object to the processing. This will be the case if the processing in particular is not necessary to fulfil a contract with you which will be set out by us in each case in the following description of the functions. When any such objection is raised, we will ask you to explain the reasons why we should not process your personal data as we have done. Having received the reasons for your objection, we will investigate the situation and either stop processing the data and/or adapt our processing practices or explain the compelling legitimate reasons why we are required to continue processing the data.
Right to object to the processing of data for direct marketing purposes
In individual cases we will process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. The notice of objection need not take any official form and should preferably be addressed to MEDION AG, Datenschutz, Am Zehnthof 77, 45307 Essen.
12. Responsible body
The responsible body is MEDION AG, Am Zehnthof 77, 45307 Essen.
You can also contact the company data protection office and the company data protection officer, Peter Staab, by email: datenschutz@medion.com
Your right to object (Art. 21 GDPR):
You have the right, at any time for reasons arising from your particular situation,
to object to the processing of your personal data pursuant to Art. 6 (1) section 1 e) GDPR
or Art. 6 (1) section 1 f) GDPR; this also applies to any
profiling based on these provisions. We will then no longer process these personal data
for these purposes unless we can demonstrate compelling legitimate grounds for their
processing which override your interests, rights and freedoms, or if the data
are processed for the establishment, exercise or defence of legal claims.
If personal data are processed for direct marketing purposes, you have the
right to object at any time to the processing of these personal data for the purpose
of such marketing; this also applies to profiling insofar as it is associated with such direct
marketing. Your notice of objection can be addressed to datenschutz@medion.com.
(MEDION AG Data Privacy Policy, Last Revised 05.2018, 1)