MedVision AG has been operating as an internationally active system house for medical data processing for over 30 years, standing for quality and innovation in the development of efficient and economical solutions in the field of standard application software for the medical sector.
Data protection has a particularly high priority for MedVision AG. In the following privacy policy, we inform you about how we handle your personal data when using our website. Personal data refers to all data that can be used to personally identify you.
1 Data Controller according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR)
MedVision AG
Heinrich-Hertz-Str. 9
D-59423 Unna
Tel.: +49 2303 25202-910
E-Mail: info@medvision.de
2 Data Protection Officer of the Controller
The Data Protection Officer can be reached at: datenschutz@medvision.de
3 Rights of the Data Subject (Chapter 3 GDPR)
Below we inform you about your data subject rights. You can exercise these rights at any time and contact us directly. If you assert these rights against us, we will thoroughly examine them taking into account the related legal requirements and obligations. We may request additional information from you for this purpose. We will explain in detail the results of our examination and our procedure for fulfilling your request. It is possible that we cannot fully comply with your wishes in the manner you desire. This should not prevent you from asserting your rights against us or from inquiring about them. We will be happy to answer your data protection inquiries.
a) Right to Information (Art. 15 GDPR)
You have the right to request information from us at any time about whether and which data relating to your person is processed by us. This also includes information about the purposes of processing, any recipients to whom we have disclosed data about you, the planned storage period and, if applicable, information about the origin of this data if we did not collect it directly from you. Furthermore, you have the right to a one-time free copy of your personal data stored with us.
b) Right to Rectification (Art. 16 GDPR)
You have the right to request from us the correction of inaccurate data that we have stored about your person. This also includes the right to completion of incomplete personal data.
c) Right to Erasure (Art. 17 GDPR)
You have the right to request from us the deletion of data that we have stored about your person. If we have published data about you, this also includes our obligation under the "right to be forgotten" according to Art. 17 Para. 2 GDPR, taking into account available technology and implementation costs, to forward your deletion request regarding all links to this data as well as copies or replications of this data to other controllers responsible for processing this published personal data.
d) Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request from us the restriction of processing of data that we have stored about your person. After that, processing of this data is only possible with your consent or for a few legally defined purposes.
e) Right to Object to Processing (Art. 21 GDPR)
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case when the processing is not necessary in particular for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling legitimate reasons due to which we continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection via the contact channels listed above.
f) Right to Withdraw Data Protection Consent (Art. 7 GDPR)
If you have given consent to the processing of your data, you can withdraw it at any time according to Art. 7 Para. 3 GDPR. Such withdrawal affects the permissibility of processing your personal data after you have expressed it to us.
g) Right to Data Portability (Art. 20 GDPR)
You have the right to receive data about your person that you have provided to us from us in a structured, common and machine-readable format for the purpose of transfer to another controller. This also includes, upon your request and taking into account the existing technical possibilities, the direct transfer from us to the other controller.
h) Right to Complain to a Supervisory Authority (Art. 13 GDPR)
You have the right to complain at any time to a data protection supervisory authority about our processing of data relating to your person. The competent supervisory authority can be reached at:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf
i) Automated Decision-Making Including Profiling (Art. 22 GDPR)
You have the right to obtain information about the existence of automated decision-making including profiling according to Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
4 Legal Basis for Processing Personal Data (Art. 6 GDPR)
(1) Insofar as we obtain consent from the data subject for processing operations of personal data, this is done on the legal basis of Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR).
(2) When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
(3) Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.
(4) In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.
(5) If processing is necessary to protect a legitimate interest of us or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for processing.
5 Information About the Collection of Personal Data
(1) Below we inform you about the collection of personal data when using our website. Personal data is all data that can be personally related to you, e.g. name, address, email addresses, user behavior.
(2) When you contact us by email or via a contact form, the data you provide (your email address, possibly your name and your telephone number) will be stored by us to answer your questions. We delete the data arising in this context after storage is no longer necessary, or restrict processing if legal retention obligations exist.
(3) If we use commissioned service providers for individual functions of our offer or want to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also name the defined criteria for the storage period.
(a) Collection of Personal Data When Visiting Our Website
When simply using the website for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data that is technically necessary for us to display our website to you and to ensure stability and security (the legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- Hostname
- Date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes (referrer)
- The specific pages of our website that you accessed
- Browser: type, version and set language
- Operating system: type and version
- With JavaScript enabled also:
- Screen resolution
- Color depth
- Size of browser window
- Installed browser plugins
Processing of Location Data for Regional Adaptation of Our Website
We use the IP address of our website visitors to automatically provide regionally adapted content. This processing is based on our legitimate interest according to Art. 6 Para. 1 lit. f GDPR to show you the most relevant information for your location.
Data Processing and Legal Basis
Collection and Use of Your IP Address
Every time you visit our website, your IP address is automatically transmitted to our server. In order to show you the version of our website optimized for your region, we use the service ipgeolocation.io to derive your approximate geographical location from your IP address. The processing is limited to the moment of page loading and serves exclusively for immediate forwarding to the appropriate regional version of our website.
Legal Basis: Legitimate Interest
The legal basis for this data processing is our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. We have carefully weighed whether our interests or those of a third party outweigh your interests, fundamental rights and freedoms that require the protection of personal data. Our legitimate interest consists in:
- Providing you with the most relevant content for your location without additional manual selection
- Ensuring a better user experience through linguistic and cultural adaptations
- Avoiding unnecessary navigation and thus increasing user-friendliness
Balancing of Interests Performed
When balancing our interests with your fundamental rights, we considered the following factors:
- Processing only occurs temporarily at the time of page loading
- No detailed movement profiles are created
- Geolocation only occurs at country or regional level
- Processing corresponds to the reasonable expectations of website visitors
- Processing is necessary to achieve the purpose and we only use the data necessary for this
Cooperation with External Service Providers
Use of ipgeolocation.io
For geolocation, we use the service ipgeolocation.io. This service is GDPR-compliant and works as our data processor according to Art. 28 GDPR. The IP address is transmitted to ipgeolocation.io, but no IP addresses are permanently stored.
The service ipgeolocation.io declares in its own privacy policy that it acts as a data processor for its customers and meets the requirements of the GDPR.
Your Rights as Data Subject
Right to Object
You have the right to object to the processing of your data based on legitimate interest at any time. In this case, you can continue to use our website, but may need to manually select your preferred regional version.
You can opt out using the following button, then a cookie will be stored that prevents geolocation via IP address. In this case, only your browser settings will be evaluated.
loading status...
6 Data Deletion and Storage Period
(1) The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply.
(2) Storage may also occur if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.
(3) Blocking or deletion of data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for concluding or fulfilling a contract.
7 Use of Cookies
Cookies are small files that are stored on your hard drive assigned to the browser you use and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet offering more user-friendly and effective overall.
The storage of technically non-necessary cookies or the use of comparable technical functions is based on the legal basis of consent according to Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TTDSG.
The storage of technically necessary cookies is based on the legal basis of Art. 6 Para. 1 lit. f GDPR in conjunction with § 25 Para. 2 TTDSG.
| Cookie | Source | Storage Duration | Content | Purpose |
| PHPSESSID | .medvision.eu | until end of browser session | random character string | User session management |
| Contao CSRF Token | .medvision.eu | until end of browser session | random character string | Protection against CSRF attacks |
| Contao HTTPS CSRF Token | .medvision.eu | until end of browser session | random character string | Protection against CSRF attacks |
| region_popup_shown | .medvision.eu | 24 hours | 1 | Info whether user has selected region |
| user_region_preference | .medvision.eu | 30 days | de,at,ch,uk,eu,en | Info which region |
| geo_optout | .medvision.eu | 1 year | 1 | prevents geolocation via IP |
8 Additional Functions of Our Corporate Website
(1) In addition to the purely informational use of our website, we offer various services that you can use if interested. For this, you usually need to provide additional personal data, which we use to provide the respective service and for which the aforementioned principles for data processing apply.
(2) When you contact MedVision by email, your email address and, if you provide it, your name, your telephone number and [...] are stored to answer your questions.
(3) We partly use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(4) Insofar as our service providers or partners are based in a state outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.
9 Use of the Protected Area
(1) If you want to use our protected customer area (hereinafter customer area) and download the files we provide, you must log in by providing your login identifier (pseudonym) and a password. You receive this information from us upon conclusion of a contractual relationship.
(2) When you use our customer area, we store your data required for contract fulfillment, including the IP address, the time of download, and its completeness, until the contractual relationship is terminated. The legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR.
(3) To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.
10 Terminology According to GDPR
a) Personal Data
All information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
c) Restriction of Processing
The marking of stored personal data with the aim of limiting their future processing.
d) Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
e) Pseudonymisation
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
h) Third Party
A natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
i) Consent
Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.