We provide information below on the collection of personal data from users of our website. Personal data is all data relatable to you personally, e.g. name, address, email addresses, user behaviour, IP address.

I. Name and address of the controller

The controller under Article 4(7) of the EU’s General Data Protection Regulation (GDPR) and other national data protection laws of member states in addition to other provisions of data protection law is: 

orangeglobal medical globalisation provider GmbH 
Frauenstraße 1
89073 Ulm, Germany

Tel.: +49 (0) 731 954 95 -0
Fax: +49 (0) 731 954 95 910
E-Mail: datenschutz@orangeglobal.de 
Web: www.orangeglobal.de


II. Name and address of the data protection officer

The controller’s data protection officer is: 

DATA-S
Mendelstrasse 13
89081 Ulm, Germany

Tel.: +49 (0) 731 8023688
E-Mail: datenschutz@data-s.de
Website: www.data-s.de


III. General information about data processing

1. Scope of the processing of personal data
We collect and use our users’ personal data only to the extent this is absolutely necessary in order for us to provide a functional website and our content and services. The collection and use of our users’ personal data is routinely done only after consent has been obtained from the user. An exception applies in cases where, for practical reasons, it is impossible to obtain consent in advance and the processing of the data is permitted by law. 

2. Legal basis for the processing of personal data
Where we obtain consent from the data subject for the processing of personal data, Article 6(1)(a) of the EU’s General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. 

Where the processing of personal data required for the fulfilment of a contract to which the data subject is a party is concerned, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing measures required to implement pre-contractual steps. Where processing of personal data is required for compliance with a legal obligation to which our company is subject, Article 6(1)(c) serves as the legal basis. 

Where processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis. 

Where processing is necessary for the protection of our company’s legitimate interest or that of a third party, and provided such interest is not overridden by the interests or fundamental rights and freedoms of the data subject, then Article 6(1)(f) GDPR serves as the legal basis for processing. 


3. Data erasure and term for which it is stored
The data subject’s personal data is erased or made unavailable as soon as the purpose of its storage ceases to apply. Storage may continue beyond this where this is envisaged by the European or national legislator in EU regulations, laws or other rules to which the controller is subject. The data is also made unavailable or erased where a storage period prescribed under said standards expires unless a need exists for further storage of the data for entry into or performance of a contract.

4. Deployment of service providers in the context of the webpage
We sometimes use external service providers to process your data on our webpage. They have been carefully selected and engaged by us. They are bound by our instructions and are monitored on a regular basis. No data transfer occurs to countries outside the EU or the EEA (so-called “third countries”). 



IV. Provision of the website and creation of logfiles

1. Description and scope of data processing
Each time our webpage is accessed, our system automatically captures data and information from the computer system of the computer accessing it. Where the website is used purely for informational purposes, we collect only the personal data that your browser sends our server. The following data is collected in the process: 

• IP address
• information about the browser type and the version used
• the user’s operating system
• date and time of access
• in each case, the volume of data transferred
• websites from which the user’s system connects to our webpage
• websites that are accessed by the user’s system via our website
• date and time of access

The data are similarly stored in our system’s logfiles. Not affected by this are the user’s IP addresses or other data that allow the data to be allocated to a single user. These data are not stored together with other personal data of the user. 

2. Legal basis for the data processing 
The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR. 

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the user’s computer. To this end, the user’s IP address has to remain stored for the duration of the session. 

Our legitimate interest in data processing under Article 6(1)(f) GDPR is also contained within these purposes. 

4. Storage term
The data is erased once it is no longer required to achieve the purpose for which it was collected. Where data is collected for the purpose of making the website available, this applies if the current session has ended. 

5. Opportunity to object/have data removed
For the provision of the website and for the storage of the data in logfiles, it is mandatory for the operation of the webpage that the data are collected. Consequently, there is no option for an objection to be made on the part of the user. 


V. Use of cookies required for technical reasons

1. Description and scope of data processing
Our webpage uses cookies. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. If a user accesses a webpage a cookie may be stored on the user’s operating system. This cookie contains a typical string of characters that means the browser can be clearly identified when the webpage is accessed again. We use functional cookies in order to make our website more user-friendly. Some of the elements of our webpage require the browser used to access the page to remain identifiable even after it has navigated to a different page.

 Third-party cookies:

__cfduid / term: 12 months / used by content network Cloudflare to identify trustworthy web traffic.

 Functionality cookies

cookieconsent_dismissed / term: 12 months / Governs the reference to the data protection policy for people visiting the website

2. The legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

3. Purpose of the data processing
The purpose of using cookies that are required for technical reasons is to make it simpler for users to use the website. Some functions of our webpage can be offered without the use of cookies. For these, the browser needs to be recognisable even after the user has navigated away from that page. The user data collected by cookies that are required for technical reasons is used to compile user profiles. Our legitimate interest in the processing of personal data under Article 6(1)(f) GDPR is also contained within these purposes. 

4. Length of the option to store, object to and remove cookies
Cookies are stored on the user’s computer and sent from there to our webpage. Hence, as user you have complete control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Cookies that are already stored can be erased at any time. This can also be done automatically. Where cookies for our website are deactivated, it is possible that not all of the website’s functions will continue to be fully available for use. 

VI. Rights of the data subject

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 and 35 of the Federal Data Protection Act apply to the right of information and to erasure. Furthermore, there is a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act).

You may at any time withdraw from us any consent given to the processing of personal data. This also applies to the withdrawal of declarations of consent made to us before the EU’s General Data Protection Regulation took effect, i.e. before 25 May 2018. Please note that the withdrawal only has future effect. Processing done before the withdrawal of consent is not affected. The withdrawal is not subject to any condition as to form and should be addressed to the data controller. 



REGISTRATION

1. Description and scope of data processing
On our webpage we offer users the option of registering and of providing personal data when they do so. The data is entered into a form and is sent to us and stored. No data is disclosed to third parties. 

As part of the registration process, the user’s consent is obtained to the processing of these data.

2. The legal basis for the data processing
The legal basis for the processing of the data is the existence of the user’s consent, Article 6(1)(a) GDPR. 

In addition, the registration serves to implement pre-contractual steps or steps resulting from the performance of a contract to which the user is a party. The data is processed on the legal basis of Article 6(1)(b) GDPR.

3. Purpose of the data processing
Registration of the user is required for the performance of a contract with the user or implementation of pre-contractual steps.

4. Storage term
The data is erased on an ongoing basis following collection or a change of registration. 

5. Opportunity to object/have data removed
As a user you have the option of cancelling your registration at any time. You can have the stored data about you amended at any time. The cancellation or amendment is not subject to any condition as to form and should be addressed to the data controller.

Where data is required for the performance of a contract or implementation of pre-contractual steps, early erasure of the data is only possible where there are no contractual or legal obligations opposing erasure.


CONTACT FORM AND EMAIL CONTACT

1. Description and scope of data processing
There is a contact form available on our webpage which you can use to contact us online. Where a user takes advantage of this option, the data entered into the form is sent to us and stored. 

Your consent to the processing of the data is obtained as part of the submission process, and reference is made to the data protection policy. 

Alternatively, we can be contacted via the email address provided. In this case, the user’s personal data sent with the email is stored. 

No data is disclosed to third parties in relation to this. The data is used solely in order to process the conversation.

2. The legal basis for the data processing 
The legal basis for the processing of the data is the existence of the user’s consent, Article 6(1)(a) GDPR. 

The legal basis for the processing of data which is sent via email is Article 6(1)(f) GDPR. Where the purpose of the email contact is entry into a contract, this is an additional legal basis for the processing, Article 6(1)(b) GDPR.

3. Purpose of the data processing
The processing of personal data from the form serves us solely for the purpose of processing the contact request. In case of an email contact request, there is also a legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent a misuse of the contact form and to ensure our IT systems are secure.

4. Storage term
The data is erased once it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form and data sent by email, this applies once the relevant conversation with the user has ended. The conversation ends once it is clear from the circumstances that the subject matter raised has been clarified conclusively. 

The personal data additionally collected during the submission process is erased no later than after a period of seven days.

5. Opportunity to object/have data removed
The user may at any time withdraw his consent to the processing of personal data. Where the user contacts us by email, he may object at any time to the storage of his personal data. In that case, the conversation cannot be continued. The withdrawal is not subject to any condition as to form and should be addressed to the data controller. 

All personal data stored in the course of making contact are erased in that case. 

NEWSLETTER

1. Description and scope of data processing
On our webpage you have the option of subscribing to a free newsletter. When someone registers for the newsletter, the data from the input form are sent to us. 

The only mandatory information we require in order to send out the newsletter is your email address. The provision of further, specially marked data is voluntary and is used to allow us to address you personally. Following confirmation from you, we store your email address in order to send you the newsletter. 

Your consent to the processing of the data is obtained as part of the registration process and reference is made to this data protection policy. For registration for our newsletter we use the “double opt-in” procedure. That means that, following registration, we send you an email to the email address you indicated, in which we ask you to confirm that you wish the newsletter to be sent to you. If you do not confirm your registration within 24 hours, your information is made unavailable and automatically erased after one month. In addition, we save the IP addresses used on each occasion and the times of your registration and confirmation. The purpose of the procedure is to be able to provide evidence of your registration and, where relevant, to be able to clarify a potential misuse of your personal data. 

No data is disclosed to third parties in connection with data processing for the sending of newsletters. The data is used solely in order to send the newsletters. 

2. The legal basis for the data processing
The newsletters are sent on the basis of the user’s registration on the website. 
The legal basis for the processing of the data following registration by the user for the newsletter is the existence of the user’s consent, Article 6(1)(a) GDPR. 

3. Purpose of the data processing
The user’s email address is collected for the purpose of delivering the newsletter. The newsletters are sent on the basis of the user’s registration on the website. The collection of other personal data as part of the registration process serves to prevent a misuse of services or of the email address used. 

4. Storage term
The data are erased once it is no longer required to achieve the purpose for which it was collected. The user’s email address is hence stored for as long as the subscription to the newsletter remains active. The other personal data collected during the registration process are generally erased after a period of seven days.

5. Opportunity to object/have data removed
The subscription to the newsletter may be terminated by the relevant user at any time. Every newsletter contains a corresponding link for that purpose. This similarly facilitates the withdrawal of consent to the storage of personal data collected during the registration process.