This Privacy Policy is intended to inform users of our websites, mediMESH.de and mediMESH.app, about the nature, scope, and purpose of the processing of personal data carried out by us when visiting our websites.
We take data protection very seriously. The processing and use of personal data by us is always carried out confidentially and only to the extent permitted or required by law or if you have given your consent. However, we would like to point out that data transmission over the internet is generally subject to security risks. A complete protection against access by third parties is not feasible. If, for this reason, you have concerns about using our websites, we will not be able to provide our services to you.
The data controller within the meaning of the General Data Protection Regulation (GDPR) is: mediMESH GmbH, represented by the Managing Directors Dr.-Ing. Enrico Pannicke and PD Dr. med. Bennet Hensen, Otto-Hahn-Str. 2, 39106 Magdeburg, Germany. If you have any questions regarding the processing of your personal data by us or if you wish to exercise your rights as described in this Privacy Policy, please contact us either directly using one of the communication channels provided in the legal notice (Impressum) of our website or contact our Data Protection Officer at:
Email: datenschutz[at]hl-iuris.de
Phone: +49 5137 1472503
Personal data refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing refers to any operation or series of operations performed on personal data, with or without the aid of automated processes, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, comparison or linking, restriction, deletion, or destruction.
Unless otherwise stated below, we rely on Article 6(1)(1)(b) of the General Data Protection Regulation (hereinafter referred to as “GDPR”) as the legal basis for processing personal data concerning you, as data processing is necessary for the provision of the functionalities you request on this website.
When accessing our website, we collect, store, and temporarily use the following data, which are generally anonymous:
We do not use these data in any way to identify you or draw conclusions about your person. These data are stored in our server log files for a limited period. They are used solely to ensure the correct display of our website, to conduct anonymous statistical evaluations to improve our website, to identify and track technical errors if necessary, and, in the case of unauthorized access or access attempts to our server, to initiate a derivation of personal data. Our authorization for processing these data in such cases is based on Article 6(1)(f) GDPR. Once the purpose for which these data were stored has been fulfilled, they are routinely deleted or, if legal provisions or legitimate interests prevent deletion, restricted.
Personal data that you transmit to us online is processed only if necessary for establishing, executing, terminating, or invoicing a contractual relationship between you and us, or for responding to other inquiries from you. In such cases, the following data are typically processed:
We do not share your personal data with third parties as a general rule. However, exceptions apply to third parties assisting us in processing the contractual relationship with you, such as the transport company responsible for delivery, the financial institution handling payment transactions, including PayPal and Stripe if applicable, and tax consultants and tax authorities when necessary. In such cases, the scope of the transmitted data is limited to the necessary minimum.
The aforementioned personal data will be deleted once the purpose for which they were processed has been fulfilled, unless we are obligated under Article 6(1)(1)(c) GDPR to retain them for a longer period due to statutory tax and/or commercial retention and documentation obligations. Additionally, data may be retained beyond this period if you have explicitly consented to extended retention under Article 6(1)(1)(a) GDPR, or we require the data to safeguard our legitimate interests or those of a third party, provided that your fundamental rights and freedoms do not override these interests.
This website uses cookies, which are small text files stored on your device. Your browser accesses these files. Some of the cookies we use are deleted after you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser upon your next visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser data, location data, and IP address data, depending on the specific cookie. Persistent cookies are automatically deleted after a predefined period, which may vary depending on the cookie.
Cookies are generally used to recognize the user, for example, to store a user’s shopping cart for a certain period or to display behavior-based advertising on the website. The information contained in the cookie is read when the website is visited again or when a specific other website is accessed. This information may include statistical data as well as personal data, such as the user’s IP address.
If personal data is processed through the use of cookies deployed by us, the processing is carried out in accordance with Article 6(1)(1)(b) GDPR for the performance of a contract, or in accordance with Article 6(1)(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible and user-friendly functionality of our website.
Most common internet browsers provide settings that allow users to disable cookies, such as:
MS Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Apple Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
It should be noted that full access to all functions of this website cannot be guaranteed without restrictions if cookies are disabled.
This website uses Usercentrics’ consent technology to obtain your consent for storing certain cookies on your device or using specific technologies and to document this consent in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, Website: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).
When you visit our website, the following personal data is transmitted to Usercentrics:
Additionally, Usercentrics stores a cookie in your browser to associate the granted consents or their withdrawal with you. The data collected in this process is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for data storage ceases to exist. Mandatory statutory retention obligations remain unaffected.
The use of Usercentrics serves the purpose of obtaining the legally required consent for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.
We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures Usercentrics processes the personal data of our website visitors strictly in accordance with our instructions and in compliance with the GDPR. The DPA can be downloaded from the profile section of the mediMESH app.
Upon request, we will provide you with information free of charge regarding which of your personal data we have processed, for what purpose it has been processed, the categories of recipients to whom we have disclosed or intend to disclose the data, if possible, the storage duration or at least the criteria for determining this duration, and, if we did not obtain the data from you directly, the source of the data.
You have the right to request the rectification of inaccurate personal data concerning you or the completion of incomplete personal data.
Unless your request conflicts with a legal obligation to retain data, the processing of data is necessary for our right to freedom of expression and information, or we require the relevant data to assert, exercise, or defend legal claims, you have the right to have your personal data erased without undue delay.
Furthermore, you have the right to restrict processing if at least one of the following conditions is met: If you contest the accuracy of the personal data we process about you, we will restrict processing for the period necessary to verify the accuracy of the data; the processing is unlawful, but you object to the erasure of your personal data and instead request the restriction of its use; we no longer need your personal data for processing purposes, but you require it for the assertion, exercise, or defense of legal claims; or if you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether our legitimate interests override yours.
You also have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided that this does not adversely affect the rights and freedoms of others.
When exercising the aforementioned right to data portability, you also have the right to request that we directly transmit the personal data to another controller, where technically feasible.
If we process your personal data based on legitimate interests pursuant to Article 6(1)(1)(f) GDPR, you have the right to object to such processing, provided there are reasons arising from your particular situation. Additionally, you have the right to object to the processing of your data if it is used for direct marketing purposes by us.
If we process your personal data based on your consent pursuant to Article 6(1)(1)(a) GDPR or Article 9(2)(a) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of data processing carried out prior to the withdrawal.
If you believe that the processing of your personal data by us violates the GDPR, you have the right to lodge a complaint with the supervisory authority. To exercise this right, you may contact the supervisory authority responsible for your place of residence, your country, or the supervisory authority responsible for us. You can find information on the competent data protection supervisory authority for us at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
To exercise any of the aforementioned rights, please direct your request to the data controller specified under Section A.
Payment processing for the services offered on our websites is carried out via Stripe Payments Europe Ltd, 7th Floor, The Bower Warehouse, 211 Old Street, London EC1V 9NR, UK (hereinafter referred to as “Stripe”). Stripe receives from us the user’s first and last name as well as the email address stored in the user account.
The transmission of data to Stripe is based on Article 6(1)(b) GDPR, as it is necessary for the performance of the contractual relationship between us and the user.
Please note that Stripe, as a financial service provider and data controller with respect to the processing of financial transaction data, may also transfer your personal data to credit agencies, affiliated companies, and subcontractors if necessary for fulfilling contractual obligations, based on a legitimate interest, or as part of data processing on behalf of Stripe. It is also possible that Stripe may transfer personal information to affiliated companies outside the EU or EEA (e.g., in the United States).
Stripe complies with the EU-U.S. Privacy Shield Agreement and the EU Standard Contractual Clauses. For further information on data protection, please refer to Stripe’s privacy policy, available at:
https://stripe.com/de/privacy#translation.
We use the Umami analytics and tracking tool on our websites. From a data protection perspective, Umami is considered privacy-friendly, as it neither collects nor stores IP addresses, nor does it process any other personal data or use cookies. Umami processes usage data exclusively in an anonymized manner, making it impossible for us to identify visitors or users of our websites. Furthermore, we operate Umami on our own servers, ensuring that no data is transmitted to third parties. For more information, please refer to the Umami Analytics documentation at: https://umami.is.
This website uses Google Fonts to ensure a consistent display of fonts. These fonts are provided by Google and have been installed locally. As a result, no connection to Google’s servers is established. For more information about Google Fonts, please refer to:
https://developers.google.com/fonts/faq
Google’s privacy policy can be found at:
https://policies.google.com/privacy?hl=en.
This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via the website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and to ensure the secure, fast, and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR). If explicit consent has been requested, data processing is carried out solely based on Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TDDDG. Consent can be withdrawn at any time.
Our hosting provider(s) will process your data only to the extent necessary to fulfill their service obligations and in compliance with our instructions regarding this data.
We use the following hosting providers:
www.medimesh.de
TrafficPlex GmbH
Konsul-Smidt-Str. 90
28217 Bremen
Germany
www.medimesh.app
Heroku - salesforce.com Germany GmbH
Erika-Mann-Straße 31
80636 München
Deutschland
We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures the service provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.
We reserve the right to update this privacy policy as necessary to reflect changes in laws, legal requirements, or directives from courts or supervisory authorities. The updated privacy policy will take effect upon its publication on our website. Therefore, we recommend that you visit this page regularly to stay informed about any updates.
Version 1.1 as of 2025/02/12
