Principles of data processing at MT.DERM
You came to this page via a link because you want to inform yourself about our handling of (your) personal data. To fulfil our duty to provide information in accordance with Article 12 ff. of the General Data Protection Regulation (GDPR), we are pleased to provide you with the following information on data protection:
1 Data processor
The data processor within the meaning of data protection law is
Also represented under its brands (AMIEA, AMIEA MED, Cheyenne).
You will find more information about our company, details of the authorised representatives and other contact details in our website’s site notice: https://www.mtderm.de/impressum.
2 Processing purpose and categories
We will only process the data we have received from you for the purposes for which we have received or collected it.
As part of our cooperation with business partners, we process personal data for the following purposes:
- Communication with business partners on products, services and projects (e.g. product development);
- Planning, execution and administration of the (contractual) business relationship between MT.DERM and the business partner, e.g. for processing orders for products and services, collection of payments, for accounting, billing and debt collection purposes and for carrying out deliveries, maintenance activities or complaints or repairs;
- Conducting customer surveys (e.g. as part of post market surveillance in accordance with ISO 13485), marketing campaigns, market analyses, competitions, prize draws or similar events;
- Maintenance and protection the security of our products, services and websites, prevention and detection of security risks, fraud or other criminal or malicious activities;
- Compliance with
- legal requirements (e.g. tax and commercial law storage obligations);
- existing obligations to conduct compliance or sanctions list screenings (to prevent white-collar crime or money laundering); and
- Settlement legal disputes, enforcement of existing contracts and for the establishment, exercise and defence of legal claims;
- Conduct of product
We may process the following categories of personal data for the above-mentioned purposes:
- Contact information (forenames and surname, business address, business phone number, business mobile number, business fax number and business email address;
- Payment information (information required to process payment transactions or prevent fraud, including credit card information and card verification numbers);
- Other information required for the processing of a project, the execution of a contractual relationship with MT.DERM or any other cooperation, or voluntarily provided by our contact persons, such as orders placed, requests made or project details;
- Information collected from publicly available sources, information databases or credit agencies; and
- If necessary in the context of the above-mentioned screening procedures: Information on relevant legal proceedings and other legal disputes involving business
3 Legal basis of the processing
The processing of personal data is necessary to achieve the above-mentioned purposes. Unless expressly stated otherwise, the legal basis for data processing is Article 6 GDPR.
In this connection, the following possibilities come into consideration in particular:
- Consent (Article 6(1)(a) GDPR);
- Data processing for the performance of contracts (Article 6(1)(b) GDPR);
- Data processing on the basis of a balance of interests (Article 6(1)(f) GDPR);
- Data processing for compliance with a legal obligation (Article 6(1)(c) GDPR);
If personal data is processed on the basis of your consent, you have the right to withdraw
your consent at any time prospectively.
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, under the provisions of Article 21 GDPR.
If the above personal data cannot be collected, it may not be possible to achieve the individual purposes described.
4 Storage Periods
If no specific storage period is specified during the data’s collection, the personal data will be deleted once the purpose of the collection no longer exists.
Exceptions to this are statutory retention obligations (e.g. commercial and tax retention obligations). In this case, the storage period for certain data can be up to 10 years or longer.
In principle, we will undertake a data review towards the end of a calendar year with respect to the requirement for further processing. On the basis of the amount of data, this review shall be undertaken with respect to specific types of data or processing purposes.
5 Data Recipients
Your personal data will only be transferred to third parties if this is necessary for the performance of the contract with you, the transfer is permitted on the basis of a balance of interests within the meaning of Article 6(1)(f) GDPR, we are legally obliged to undertake the transfer or you have given your consent in this respect.
We will not sell your data to third parties or transfer it for purposes other than those mentioned above without your consent.
In some cases we use external service providers (so-called contract processors) such as marketing or employment agencies to process your data. We have carefully selected and commissioned these service providers and they are bound by our instructions and are contractually obliged to comply with the applicable data protection requirements. They are also monitored regularly.
6 Data transfers to third countries.
The recipients may be located in countries outside the European Economic Area (so-called third countries) in which the applicable law does not guarantee the same data protection level as in your home country. Data is currently not being transferred to third countries.
7 Rights to information, rectification, correction and erasure of data
You have the following rights with respect to the processing of personal data:
- Information about the personal data concerning you that we are processing. In the event of a request for information not made in writing, please understand that we may then require proof from you that you are the person you claim to
- The right to rectification or erasure or to restriction of processing, if you are legally entitled to
- Right to object to processing within the framework of statutory provisions
Upon request, we will provide you with a copy of your personal data in a structured, commonly-used and machine-readable format.
In particular, you have a right to object under Articles 21(1) and (2) GDPR to the processing of your data in connection with direct marketing, if this is based on a balance of interests.
8 Processing location
The data is mainly processed on IT-systems in our server rooms. For the time being, only administrators have access to these IT systems.
We have carried out prior evaluations of external service providers who process data for us with respect to the security of processing.
9 Data Protection Officer’s contact details
For information about your personal data, to have incorrect data rectified, blocked or erased, to exercise your right to object and in the event of additional questions about the use of your personal data, please contact us at:
Data Protection Officer Rheinstr. 10b
14513 Teltow firstname.lastname@example.org
10 Lodging complaints with the supervisory authority
Under Article 77 GDPR, data subjects have the right to lodge complaints with the competent supervisory authority if they believe that the processing of their personal data is unlawful. The competent data protection supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information.
You can find a list of other national and international data protection authorities with which you can also lodge complaints here.
11 Changes to the data protection principles