Data Protection Policy

Name and address of the responsible

The responsible person in terms of the Data Protection Basic Regulation and other national data protection laws of the member states as well as other data protection regulations is:

eZono AG
Spitzweidenweg 32
07743 Jena, Germany
Telephone: +49 3641 876 1740
Facs: +49 3641 876 1759
Email: info@ezono.com

Name and address of the data protection officer

The data protection officer of the responsible person is:

Deutsche Datenschutz Consult GmbH
Christoph Heinrich
www.deutsche-datenschutz-consult.de
Stresemannstraße 29
22769 Hamburg, Germany
Telephone: +49 40 228 60 70 402
Email: datenschutz@ezono.com

Server statistics

When you visit our website, we log the following data transmitted by your browser:

  • IP address
  • Date and time of the request
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Website that is visited afterwards
  • Used Browser
  • Language and version of the browser software
  • Operating system and its interface

The data is also stored in the log files of our system.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The logging is used for the internal evaluation of our offer, to optimize the display of our website and to identify and prevent misuse. The stored data will not be merged with other data sources or used for marketing purposes.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 letter F DSGVO.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

For the storage of data in log files, this is the case after seven days at the latest. A storage beyond that is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.

Note on data security

We use the SSL (Secure Socket Layer) procedure on our website in connection with the highest encryption level supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Our Services

We process the data of our customers and prospective customers and other clients or contractual partners (uniformly referred to as “customers”) in accordance with Art. 6 para. 1 lit. b) DSGVO in order to provide them with our contractual or pre-contractual services. The data processed in this context, the nature, scope and purpose of such processing and the necessity of its processing shall be determined by the underlying contractual relationship. The processed data basically includes both inventory and master data of the customers (e.g. name, address, etc.) as well as contact data (e.g., email address, telephone, etc.), contract data (e.g., goods ordered or purchased, services used, names of contact persons, etc.) and payment data (e.g., bank details, payment history, etc.). If necessary or legally required for the fulfillment of the contract, we disclose or transfer the customer’s data within the scope of communication with other specialists and third parties involved in the fulfillment of the contract, such as billing offices or comparable service providers, if this is necessary or typically required for the provision of our services in accordance with the terms of the contract. Art. 6 para. 1 lit. b DSGVO, is legally required under Art. 6 para. 1 lit. c DSGVO, serves our interests or those of the customers in an efficient and cost-effective provision of services as a legitimate interest under Art. 6 para. 1 lit. f DSGVO, or within the framework of a consent under Art. 6 para. 1 lit. a DSGVO. The data will be deleted when the data is no longer required to fulfil contractual or statutory duties of care and to process any warranty or comparable duties, whereby the necessity of keeping the data will be reviewed every three years; in all other respects the statutory duties of safekeeping shall apply.

Contact form

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. This data is in addition to the formulated request of the user:

  • first and last name
  • Title
  • Associated clinic or company and position
  • Department
  • Address of the clinic or company
  • email address
  • Phone number

At the time the message is sent, the following data is also stored:

  • IP address
  • Date and time of entry

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

If a contact is established via the contact form, the legal basis is the given consent according to art. 6 para. 1 lit. a DSGVO. Otherwise, the contact can, for example, be continued via another person associated with the company or the contact can be established via e-mail. In these cases, the processing is carried out within the scope of our legitimate interests, Art. 6 para. 1 lit. f DSGVO – these consist in providing an uncomplicated opportunity for possible interested parties in our services or for other visitors to our website and for optimal communication channels. Our legitimate interests may also lie, for example, in the internal forwarding of the inquiry to enable another employee to answer it or in similar organisational measures to simplify work. This does not include unexpected or excessive processing that is detrimental to the sender.

The collection of data from the input mask is solely for the purpose of processing your inquiry and providing information about our services. Your data will not be passed on or used for other purposes.

The other personal data processed during the sending process are processed in our legitimate interest to prevent misuse of the contact form and to ensure the security of our information technology systems, Art. 6 para. 1 lit. f DSGVO.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. For this purpose, an informal email to our data protection officer (address see above) stating the data required for the assignment of the contact is sufficient. In such a case the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case. Noteworthy exception to the deletion is the case that the contact made remains necessary for verification purposes under tax and commercial law or other reasons of legal prosecution, Art. 6 para. 1 lit. c DSGVO.

RMA form

On our website there is a contact form, which explicitly serves to allow contact in case of a damaged device. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is in addition to the formulated request of the user:

  • first and last name
  • email address
  • Phone number

Otherwise we ask for further information about the article sent in and the reason for the repair. At the time of sending the message the following data will also be saved:

  • IP address
  • Date and time of entry

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection policy.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the claim.

The processing of the data is based on the consent of the person concerned, which he/she gives when filling out the form, Art. 6 para. 1 lit. a DSGVO. This only includes the person who contacts us. Should it become necessary to contact further persons on the part of the data subject or his company or to facilitate cooperation, the possible processing of contact data will take place within the scope of our legitimate interest in enabling optimal cooperation with our customers, Art. 6 para. 1 lit. f DSGVO.

In exceptional cases, data of the customer’s patients may also be processed, if they are still on the device and the device is sent in. These patient data will not be accessed and will be deleted during the repair process as part of a standardized procedure. The legal basis for the processing of this data is the order by our customer for this purpose, Art. 28 ff. DSGVO.

The other personal data processed during the sending process are processed in our legitimate interest to prevent misuse of the contact form and to ensure the security of our information technology systems, Art. 6 para. 1 lit. f DSGVO.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his or her consent to the processing of personal data at any time. For this purpose, it is sufficient to send an informal email to our data protection officer (address see above), stating the data required for the assignment of the contact. In such a case, the contact data of the person concerned may still be used to send back an existing device before the contact is terminated and the processed data is deleted. A notable exception to the deletion is the case where the contact remains necessary for verification purposes under tax and commercial law or for other reasons of legal prosecution, Art. 6 para. 1 lit. c DSGVO.

Job Applications

During the application process, we only collect the data that you provide us with.

When you send us your application documents, this is done via an encrypted application form, which allows you to upload your data and send it to us without having to take the risk of unencrypted e-mail traffic for your application. For this purpose we use the service provider HRworks GmbH, Konrad-Goldmann-Str. 5b, 79100 Freiburg, Germany, who will act as a processor for us on the basis of our legitimate interest in a comfortable and secure application process, Art. 6 para. 1 lit. f DSGVO.

After receipt of your application, we use the information you provide to check your suitability for the position and to carry out the application process. If necessary, suitable applications will be forwarded internally to the departmental managers in the company for the respective open position. The further procedure will then be coordinated. Within the company, only those persons who need access to your data for the proper processing of our application procedure have access to your data.

Your data will be processed exclusively in data centers in the Federal Republic of Germany.

The processing of the data that you provide us with in connection with an application is based on § 26 BDSG, in particular paragraph 1, according to which the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be required for legal prosecution after the application procedure has been completed, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests in accordance with Art. 6 Para. 1 letter f) DSGVO. Our interest then consists in the assertion or defence of claims.

If you have been awarded a job during the application procedure, the data from the applicant data system will be transferred to our personnel information system.

You have the opportunity to request information about which data we have stored about you at any time and to request that its deletion.

Online presence in social media

We maintain online presences on the Facebook and LinkedIn platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them about our services. When visiting the respective platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us via these platforms, e.g. write articles on our online presences or send us messages. This is done on the basis of our legitimate interest in being able to offer an appealing opportunity for interaction for our customers and interested parties, Art. 6 para. 1 lit. f DSGVO.

Furthermore, the data of visitors to our online presences is evaluated by the platform operators and the anonymized data is made available to us. The provision of our online presences on the platforms for which we are responsible and the receipt of statistical evaluations of our visitors on these online presences is in our legitimate interest in being able to evaluate our offer and to evaluate our market reach, Art. 6 para. 1 lit. f DSGVO.

The actual statistical evaluation is the responsibility of the platform operators. For more detailed information, you can contact the responsible platform operators at any time, or you can take this information from their data protection declarations.

Name: Facebook Ireland Ltd.

address: 4 Grand Canal Square,Grand Canal Harbour, D2 Dublin, Ireland

Privacy Policy: https://de-de.facebook.com/policy.php

Joint responsibility: https://www.facebook.com/legal/terms/page_controller_addendum

Name: LinkedIn Ireland Unlimited Company

Address: Wilton Place, D2 Dublin, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Third party services

Google Analytics

We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), on the basis of your consent in accordance with Art. 6 para. 1 lit. a DSGVO. Google uses cookies. The information generated by the cookie about the use of the online offer by the user can also be transferred to a server of Google or its sister company, Google LLC, in the USA and stored there. Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law. Please see here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data.

Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

Further information on the use of data by Google, setting and objection options, you can find in the privacy policy of Google (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). The users’ personal data will be deleted or anonymized after 14 days.

You give your consent to this processing with confirmation of the cookie banner that is called up when you visit this website. You can revoke your consent to the processing at any time with effect for the future. You do this by clicking on the small notice box that appears at the bottom of the screen after confirming the cookie banner.

Jquery

This website uses Ajax and jQuery or jQueryUI technologies, which optimizes loading speed. In this respect, program libraries are called from Google servers. The CDN (Content delivery network) of Google is used. If you have used jQuery on another page of the Google CDN before, your browser will fall back to the cached copy. If this is not the case, this requires a download, whereby data from your browser is sent to Google!Inc. (“Google”) from your browser. This data is transferred to the USA. You can find out more details at:

https://developers.google.com/speed/libraries/#jquery

as well as under the privacy policy of google.de:

http://www.google.de/intl/de/privacy/privacy-policy.html.

Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts.

If you have previously used the Web Fonts on another site and downloaded them from Google CDN, your browser will fall back to the cached copy. If this is not the case, your browser will download the Web Fonts itself. Through this, Google will gain knowledge that our website was accessed via your IP address.

The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support Web Fonts, a standard font from your computer will be used.

Further information about Google Web Fonts can be found here:

https://developers.google.com/fonts/faq

and in the privacy policy of Google:

https://www.google.com/policies/privacy/

No automated decision making

We would like to point out that in the context of using our services and the utilization of our services, you will not be subjected to a decision based exclusively on automated processing – including profiling – which has legal effect on you or which significantly affects you in a similar manner.

Your rights

You have the right to request correction, restriction of processing, transferability and/or deletion of your personal data. You may also request information on processing operations concerning your personal data and you have the right to inform the recipients of your data if you have exercised your right to cancellation, restriction of processing or rectification.

You may also complain to the competent supervisory authority about processing operations and object to the processing of your personal data.

Amendments to this Data Protection Notice

This notice is amended occasionally to ensure that it complies with current legal requirements and covers all of our online services.

Your legal rights to information, correction, blocking, deletion, and objection are not affected by these changes.

© eZono AG – Last modified: September 2020