Data protection information for customers, contractual partners and interested parties

in accordance with Articles 13, 14 and 21 of the GDPR

Dear customer, dear interested party, dear contractual partner,

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we wish to inform you about the processing of your personal data and your rights in this respect under data protection law. What data is processed in detail and how it is used depends largely on the goods or services requested or agreed. In order to ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, please note the following information.

1. DATA CONTROLLER WITHIN THE MEANING OF DATA PROTECTION LAW

OHST Medizintechnik AG
Grünauer Fenn 3
14712 Rathenow
Tel.: +49 (0) 3385 5420 0
Email: info@ohst.de

2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER:

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or fulfilment of a contract or for the implementation of pre-contractual measures. If personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful in accordance with Art. 6 Para. 1 lit. b GDPR.

If you give us express consent to process personal data for specific purposes (e.g. forwarding to third parties, evaluation for marketing purposes or addressing you by email for advertising purposes), this processing is lawful on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future (see No. 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfilment of legal obligations in accordance with Art. 6 Para. 1 lit. c GDPR. In addition, processing may be carried out to protect our legitimate interests or those of third parties, and to defend and assert legal claims in accordance with Art. 6 Para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

4. CATEGORIES OF PERSONAL DATA

We only process data that is related to the establishment of the contract or the pre-contractual measures. This may be general data about you or persons in your company (name, address, contact details, etc.) as well as, if applicable, other data that you provide to us in the context of establishing the contract.

5. SOURCES OF THE DATA

We process personal data that we receive from you in the context of contacting you or establishing a contractual relationship or in the context of pre-contractual measures.

6. DATA RECIPIENTS

We only pass on your personal data within our company to those departments and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interests.

Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are Internet service providers and providers of customer management systems and software.

Otherwise, data is only passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus fulfilling the contract or, at your request,

for carrying out pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data can, for example, be:

• External tax consultants
• Public authorities and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax department) in the event of a legal or official obligation,
• Recipients to whom the disclosure is directly necessary for the purpose of establishing or fulfilling a contract, e.g.:
  – Mailingwork (email marketing software for sending information)
  – Service providers for sending advertising material.

7. TRANSMISSION TO A THIRD COUNTRY

Transmission to a third country is not intended.

Any transmission of personal data to countries outside the EEA (European Economic Area) or to an international organisation will only take place insofar as this is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if the transmission is required by law or if you have given us your consent. In these cases, the recipients may include local agencies, airlines and hotels in the context of organising events.

8. DURATION OF DATA STORAGE

As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes, among other things, the initiation and execution of a contract.

In addition, we are subject to a variety of storage and documentation obligations which arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage and documentation are two to ten years.

Finally, the storage period is also based on the applicable statutory periods of limitation which are, for example, in accordance with §§ 195 et seq. of the German Civil Code (BGB). For example, according to §§ 195 et seq. of the German Civil Code (BGB), the storage period is usually three years, but in certain cases it can be up to thirty years.

9. YOUR RIGHTS

Every data subject has the right of access under Art. 15 GDPR, the right of rectification under Art. 16 GDPR, the right of deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right of notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.

In addition, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you are of the opinion that the processing of your personal data is not carried out lawfully. The right of appeal is without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Please also note that we may need to retain certain data for a certain period of time in order to comply with legal requirements (see No. 8 of this data protection information).

Right of objection
If the processing of your personal data is carried out for the protection of legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR, in accordance with Art. 21 GDPR you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

In individual cases, we process your personal data to carry out direct advertising. You have the right to object to processing for the purpose of such advertising at any time. This also applies to profiling insofar as it is related to such direct advertising. If you object to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.

To exercise your rights, you can contact us using the contact details provided in No. 1.

10. NECESSITY OF THE PROVISION OF PERSONAL DATA

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision on contractual measures if you provide the personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.