Data protection information for customers (Art. 13 GDPR)

Information about the collection and processing of your personal data

The following information provides you with an overview of the collection and processing of your personal data by us and your associated rights. The data we process from you and the purpose for which this is done depends on the respective contractual relationship.

1. Who is responsible for data processing (controller)?

The controller of the personal data is:

IME-DC GmbH
Fuhrmannstraße 11
95030 Hof
Germany

2. How can I reach the data protection officer (DPO)?

You can nreach our data protection officer (DPO) at:

eyeDsec Information Security GmbH
Friedrichstraße 25
95444 Bayreuth
Germany

Phone.: +49 921/23059935
Email: datenschutz@eyedsec.de

3. Which of your personal data do we process?

We process personal data that we receive from you mainly in order to carry out our contractual relationships.

In detail, this is the following personal data:
Name, address, ordered items, payment information.

4. What purposes do we process your data for and on what legal basis?

a) For the fulfilment of a contract (Art.6 Para.1 b GDPR)

We sell our product range directly to end customers who enter into a purchasing agreement with us when ordering. The purpose of processing your personal data is to provide our products and fulfil the contract.

b) For the fulfilment of legal obligations (Art.6 Para.1 c GDPR)

Personal data processed by us may be subject to legal obligations. In particular, this includes statutory retention obligations, which primarily result from German tax and commercial law (e. g. § 257 HGB (German Commercial Code), § 147 AO (German Fiscal Code) , etc.). In the event of an external audit by the tax authorities, we are also obliged to provide the tax authorities with tax-relevant documents (§ 29c (1) AO).

c) Based on a legitimate interest (Art.6 Para.1 f GDPR)

In certain cases, we process your data to protect our legitimate interests or those of third parties.

This occus in the following cases:

The transfer and storage of personal data with IT service providers is based on the legitimate interest of ensuring a higher level of resilience and data security.
The use of contact data for the purpose of direct advertising serves the legitimate interest of informing existing customers about new products or offers.
The disclosure of personal contact data to local distribution partners, whereby the legitimate interest also arises from the long-term supply of customers in areas in which IME-DC does not have its own registered office, and in particular the supply of end customers in the respective national language.
The forwarding of personal data to debt collection service providers or to check the creditworthiness of customers, insofar as there is a corresponding necessity for this.

If we process your personal data on the basis of a legitimate interest, you have the option to object to this processing at any time on grounds relating to your particular situation. If your personal data is used for the purpose of direct advertising, you have the right to object at any time without giving reasons.

We have concluded corresponding contracts with all service providers in accordance with Art. 28 GDPR, which guarantee compliance with an appropriate level of data protection by the service provider and guarantee us the necessary instruction and control rights.

5. Who receives my data?

In order to fulfil our contractual and legal obligations, certain public or internal bodies and external service providers receive access to your personal data.

Public authorities:

We are obliged to grant certain public bodies access to personal data due to legal obligations. This includes, for example:

German tax authorities, if applicable
Law enforcement authorities

External Service Providers:

Billing service providers
Technical and medical-technical service providers
Transport service providers
Financial service providers
Debt collection service providers
Auditors, lawyers, tax consultants
Credit agencies
Distribution partners abroad
- To ensure the best possible supply, we may pass on your name and contact details to local distribution partners who take over sales and support on our behalf.

6. Will my data be transferred to countries outside the European Union?

No data is transferred to a country outside the European Union.

7. How long will my data be stored?

We store your personal data for as long as is necessary to fulfil our legal and contractual obligations or for the purposes for which the data was collected, or until you explicitly request that we delete it. In the case of tax-relevant data, the statutory retention period is

regularly 10 years, whereby the processing of your personal data in this case is limited exclusively to storage for verification purposes.

8. What rights do I have in connection with the processing of my data?

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to data portability under Art. 20 GDPR and the right to object under Art. 21 GDPR. The restrictions under Sections 34 and 35 BDSG (German Data Protection Act) also apply to the right of access and the right to erasure.

In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). The supervisory authority responsible for us is the Bayerische Landesamt für Datenschutzaufsicht (BayLDA). However, you can lodge a complaint with any supervisory authority for data protection.

If you have given us your consent for certain data processing in accordance with Art. 6 para. 1 lit. a) GDPR, you have the right to withdraw this consent from us at any time. This also applies to the revocation of declarations of consent that were given to us before the General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective

9. Do I have an obligation to provide my personal data?

To enter into a business relationship, you must provide us with the personal data that is required for the performance of the contractual relationship or that we are obliged to collect due to legal requirements. If you do not provide us with this data, it will not be possible for us to carry out and process the contractual relationship.

10. Does automated decision-making or profiling take place?

The personal data you provide will be processed exclusively for the above-mentioned purposes. Automated decision-making or profiling does not take place.

11. What right do I have in the event of data processing on the basis of a legitimate or public interest?

Pursuant to Article 21 para. 1 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 e) GDPR (data processing in the public interest) or on the basis of Art. 6 para. 1 f) GDPR (data processing for the purposes of safeguarding a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

12. What right do I have in the event of data processing for direct marketing purposes?

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 para. 2 of the GDPR. In the event of your

objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

24 h Notfall-Hotline für DANA Insulinpumpen