§ 1 Information on the collection of personal data

(1) Hereinafter we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

(2) The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is IMPLURA Medical GmbH, Glockenring 3, 50170 Kerpen Germany, represented by the CEO Sener, Tezcoskun, Hazer, info@implura.de (see our legal informations). You can reach our data protection officer at info@implura.de or our postal address with the addition “the data protection officer”.

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

§ 2 Your rights

(1) You have the following rights with regard to the personal data concerning you:

– Right to information,
– Right to correction or deletion,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Collection of personal data when visiting our website

(1) In the case of merely informative use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request came
– Browser type
– Operating system and its interface
– Language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

(3) Use of cookies:

(a) This website uses the following types of cookies, the scope and functionality of which are explained below:

– Transient cookies (for this purpose b)
– Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.

§ 4 Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or below in the description of the offer.

We offer payment through the following payment service providers on our website at https://www.implura.de/:

1. PayPal

The provider here is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

The payment data you enter will be transmitted to PayPal if you have selected payment via PayPal.

All PayPal transactions are subject to the PayPal privacy policy, which you can find and view at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE.

Legal bases are Art. 6 para. 1 sentence 1 lit. a and b GDPR. For the revocation of your consent to the processing of your data, § 5 paragraph 1 of this privacy policy applies in this respect.

2. Sofort bank transfer

The provider here is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”) and part of the Klarna Group since 2014.

All Sofort GmbH transactions are subject to the Sofort GmbH data protection declaration, which you can find and view at https://www.sofort.com/integrationCenter-ger-DE/integration/datenschutz.html.

Legal bases are Art. 6 para. 1 p. 1 lit. a and b GDPR. For the revocation of your consent to the processing of your data, § 5 paragraph 1 of this data protection declaration applies in this respect.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§ 5 Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation will affect the permissibility of processing your personal data after you have expressed it to us.

(2) Where we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: [see our legal informations].

§ 6 Newsletter

1. Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised digital products are named in the declaration of consent.

(2) We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

(3) Only your e-mail address is required for sending the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email, by email to info@implura.de or by sending a message to the contact details provided in the imprint.

2. Use and application of Sendgrid

We use the service Sendgrid of the company Twilio Sendgrid Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA to send our e-mails. This is a service that enables us to send e-mails to interested parties and customers. At the beginning of the communication, you will receive an e-mail and a confirmation link that you must activate in order to confirm that you are the owner of the e-mail address you have provided. You can object to or revoke the receipt of further e-mails at any time.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

In order to ensure that Twilio Sendgrid Inc. handles all data on the basis of the data protection requirements of the applicable data protection laws, we have concluded a contract on the commissioned data processing procedure to implement the requirements of Art. 28 GDPR.

Further information on this service can be found at

https://www.twilio.com/legal/tos; https://www.twilio.com/legal/frontline-terms, https://www.twilio.com/legal/bcr; https://www.twilio.com/legal/privacy/cookies.

General information on the data protection provisions of Twilio Sendgrid Inc. can be found at.

https://www.twilio.com/legal/privacy.

§ 7 Web Analytics

1. Use of Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.

(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

(6) In order to ensure that Google handles all data on the basis of the data protection requirements of the applicable data protection laws, we have concluded a contract on the commissioned data processing procedure to implement the requirements of Art. 28 GDPR.

(7) Information of the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions: https://www.google.com/analytics/terms/de.html, overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: https://www.google.de/intl/de/policies/privacy.

(8) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

§ 8 External Hosting / Content Delivery Networks (CDN)

The hosting of this website is carried out by the external service provider

Strato AG
Pascalstraße 10
10587 Berlin

The personal data collected on this website is stored on the servers of the external service providers, see the list in § 3 (1). Your data will only be processed by our external service providers if this is necessary for the fulfilment of their contractual obligations and if they comply with our instructions regarding your data.

Since the external service providers act on our behalf with regard to the collection, processing and use of personal data, we have concluded a contract for commissioned data processing with each of the service providers in order to implement the requirements of Art. 28 GDPR.

The legal basis for the use of the external service provider is Art. 6 para 1 sentence 1 lit. b and f GDPR.

The respective data protection statements of the above-mentioned external service providers can be found at:

https://www.strato.de

§ 9 Social media

(1) Use of social media plug-ins

(1) We currently use the following social media plug-ins: Twitter. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the provider of the plug-in. You can identify the provider of the plug-in by marking the box with its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have called up the corresponding website of our online offer. In addition, the data mentioned under § 3 of this declaration is transmitted. Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid an assignment to your profile with the plug-in provider.

(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

(6) Address of the plug-in provider and URL with its data protection information:

c) Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

p) Whatsapp Inc. 650 Castro Street, Suite 120-219, Mountain View, California 94041, USA. More information on terms of use and privacy:

https://www.whatsapp.com/legal.

q) TikTok Inc., represented by Zhao LIU and Tian ZHAO, 10100 Venice Blvd, Culver City, CA 90232, USA; http://www.tiktok.com/legal/privacy-policy?lang=de. For more information on the TikTok.com Cookie Policy, please visit: http://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de.

(7) We do not currently use any other social media plug-ins, but have integrated links from social networks such as Facebook, Twitter, Google reCAPTCHA, hackerone, github, concrete5 and YouTube on our online presence, which are linked with corresponding icons. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the third-party providers. You can recognise the third-party provider by marking the box with its initial letter or logo. We provide you with the option of going directly to the website of the third-party provider via the respective icon.

(8) We have neither influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the third-party provider.

(9) Further information on the purpose and scope of the data collection and its processing by the third-party provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

(10) Addresses of the respective plug-in providers and URL with their data protection notices:

a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information on data collection: https://www.facebook.com/help/186325668085084.

b) Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

c) Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de; https://policies.google.com/privacy.

d) HackerOne Inc, 548 Market Street, PMB 24734, San Francisco, CA 94104-5401, USA; https://www.hackerone.com/privacy.

e) Github Inc, 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA; https://docs.github.com/github/site-policy/github-privacy-statement.

f) concrete5, Concrete CMS, Attn: PortlandLabs, P.O. Box 14125, Portland, OR 97293, USA; https://www.concrete5.org/help/legal/concrete5_org_privacy_policy.

(11) In order to ensure that Facebook Inc, Twitter Inc, Google, HackerOne Inc, Github Inc as well as Conrete CMS handle all data on the basis of the data protection requirements of the applicable data protection laws, we have each concluded a contract on the commissioned data processing procedure to implement the requirements of Art. 28 GDPR.

2. Integration of Google Maps

(1) On this website, we use the Google Maps service. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

(3) For more information on the purpose and scope of data collection and processing by Google, please refer to the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.

4. Live chat application from Tawk.to

(1) On this website we use the service of Tawk.to, a live chat software. This allows us to provide you with a live chat with us. Chat is integrated into the source code via a so-called script. Personal data such as the chat history, the IP address and the country of origin are also stored. This data is not passed on to third parties. The stored data is expressly not used to identify you personally. After the chat has ended, the data is deleted.

(2) Further information on the purpose and scope of data collection and its processing by tawk.to inc. can be found in the provider’s privacy policy, which is provided below. There you will also receive further information on your rights in this regard and setting options for the protection of your privacy.

Tracking is currently not active for you because your browser has informed us that you do not want tracking. This is a browser setting. To reactivate tracking, you must deactivate the so-called “Do Not Track” setting in your browser settings.

(3) Address of tawk.to inc. and URL with their privacy policy:

Tawk.to Inc, 187 East Warm Springs Rd, SB298 Las Vega, NV, 89119, USA:

https://www.tawk.to/privacy-policy/.

(4) The provisions in §§ 3 and 5 of this privacy policy apply to the exercise of your rights.

(5) In order to ensure that tawk.to Inc. handles all data on the basis of the data protection requirements of the applicable data protection laws, we have concluded a contract on the procedure for commissioned data processing to implement the requirements of Art. 28 GDPR.

§ 10 Data security

All information that you transmit to us is stored on servers within the European Union. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet. However, we secure our website and other systems against loss, destruction, access, alteration or distribution of your data by unauthorised persons by means of technical and organisational measures. In particular, we transmit your personal data in encrypted form. We use the SSL (Secure Socket Layer) or TLS (Transport Layer Security) coding system.

§ 11 No passing on of personal data

We do not pass on your personal data to third parties unless you have consented to the passing on of data or we are entitled or obliged to pass on data due to statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

§ 12 Data protection and third party websites

The Website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please ensure that you are aware of the applicable data protection conditions before submitting personal data to these websites.

§ 13 Changes to this privacy policy

We reserve the right to amend these data protection provisions at any time with effect for the future. A current version is available on the website. Please check the website regularly for the latest version of this Privacy Policy.

April 2021