Data protection notice

Our handling of your data and your rights.

Our handling of your data and your rights.Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR).

With this data protection information, we inform you about the processing of your personal data by us and about the rights to which you are entitled.

These notes will be updated as necessary and published under this PDF. On our website at you will find our privacy policy for visitors to our homepage.

Name and contact details of the data controller

GRAMM medical healthcare GmbH
Werkstraße 13
D-71384 Weinstadt

Telefon: +49 (0) 7151 / 27 20 18 – 0

Contact details of the data protection officer

No appointment of a data protection officer is required.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG) and our duty of confidentiality:
To fulfil contractual obligations and to carry out pre-contractual measures according to Art. 6 para. 1 b) DS-GVO.

Name, delivery address, invoice address, company e-mail address, your e-mail address, goods, prices as well as the other data voluntarily provided by you will be processed in the event of an order/inquiry for the purpose of processing the contract.

Data is also processed for the purpose of establishing, implementing and terminating an employment relationship with our employees.

In the case of applicants, data is processed for the purpose of deciding on the establishment of an employment relationship.

Based on your consent Art. 6 para. 1 a) DS-GVO
As far as you have given us consent to process personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. The revocation of consent does not affect the lawfulness of the data processed until the revocation.

Within the framework of the balancing of interests Art. 6 para. 1 f) DS-GVO
Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or our customers.

Ensuring our IT security (e.g. in the event of a virus alarm),
Measures for building and facility security (e.g. access controls),
Measures to ensure domiciliary rights
For the fulfilment of legal obligations Art. 6 para. 1 c) DS-GVO or in the public interest Art. 6 para. 1 e) DS-GVO

Data is also processed to fulfil legal obligations towards authorities and/or third parties (social insurance institutions, financial authorities, insurance companies, third-party debtor declarations within the meaning of § 840 ZPO, retention periods under labour law (e.g. § 16 para. 2 ArbZG, § 17 MiLoG), statistical reporting obligations.

What sources do we use?

We process personal data that we receive from you or our customers within the scope of our contractual relationship. In addition, we process – insofar as necessary for the provision of our contractual services – personal data that we obtain from publicly accessible sources (e.g. trade and association registers, press, Internet) or that are transmitted to us by other third parties (e.g. public authorities).

Who receives my data?

Your data will only be passed on if a legal basis permits or requires this.

Only those employees and professionals who need your data to fulfil our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us, in particular commissioned data processors, may also receive data for these purposes. These are, for example, companies in the IT services and telecommunications categories.

Is data transferred to a third country or to an international organisation?

EData is transferred to countries outside the European Union (so-called third countries) if:

it is necessary for the fulfilment of our contractual obligations,
it is required by law or we have your consent.

How long will my data be stored?

As far as necessary, we process your personal data for the duration of our contractual relationship, which also includes the initiation and execution of a contract.

If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – further processing is necessary for the following purposes:

To fulfil commercial, tax, professional and labour law retention obligations: These include the German Commercial Code (HGB), the German Fiscal Code (AO), the German Working Hours Act (ArbZG) and the German Minimum Wage Act (MiLoG). The periods specified there for storage or documentation are two to ten years.

For the preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

Storage period of applicant data: The complete data will be stored for a maximum period of 6 months after the conclusion of the procedure and then deleted.

What other data protection rights do I have?

Under the respective legal conditions, you have the right to

  •     Information (Art. 15 DS-GVO, § 34 BDSG nF)
  •     Correction (Art. 16 DS-GVO)
  •     Cancellation (Art. 17 DS-GVO, § 35 BDSG nF),
  •     Restriction of processing (Art. 18 DS-GVO)
  •     Data portability (Art. 20 DS-GVO)
  •     Complaint to a data protection supervisory authority (Art. 77 DS-GVO, § 19 BDSG)


Is there an obligation to provide data?

Within the scope of our contractual relationship, you only have to provide the personal data that is necessary for the establishment, implementation and termination of the contractual relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse the conclusion of a contract or the performance of the contract, or we will no longer be able to perform an existing contract and may have to terminate it.

To what extent is there automated decision making / profiling?

We do not use fully automated decision-making pursuant to Art. 22 DS-GVO for the establishment and implementation of the contractual relationship.

Up-to-dateness and amendment of this data protection notice

This data protection declaration is currently valid and was updated in August 2018.

Due to the further development of our offers or due to changed legal or official requirements, it may become necessary to change this data protection notice. You can access and print out the current data protection information at any time on the website under LINK.

Right of objection
Information about your right to object according to Art. 21 DS-GVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DS-GVO (data processing in the public interest) and Article 6(1)(f) DS-GVO (data processing on the basis of a balance of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.

The objection can be made without formalities and should be addressed to:

GRAMM medical healthcare GmbH
Werkstraße 13
D-71384 Weinstadt

Telefon: +49 (0) 7151 / 27 20 18 – 0

Status August 2018