1. Data protection at a glance

General information
The following information gives a simple overview over what is happening with your personal data when you visit our website. Personal data are all data with which you can be personally identified.

Data collection on our website

Who is responsible for data collection on this website?
The data processing on this website is carried out by CIM med GmbH. You can find the contact data from the legal info of this website.

How do we collect your data?
Your data is collected primarily when you send it to us – such as by sending an e-mail. Other data are automatically gathered by our IT systems during a visit to our website. This is principally technical data (for example, the Internet browser, operating system or time of the site visit). Collection of this data takes place automatically as soon as you enter our website.

What do we use your data for?
A part of the data is used to ensure that the website is made available without problems. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right at any time to obtain, without cost, information about the derivation, recipients and purpose of your stored personal data. You also are entitled to ask for the rectification, blocking or erasure of this data. You are also able to contact us at any time, using the address provided in the legal info, to ask about the above and any other questions on the topic of data protection. Furthermore, you have the right of appeal to the responsible supervisory authority.

2. General information and information about obligations

Data protection
CIM med GmbH takes the protection of your personal data very seriously. We treat your personal data in confidence und in line with the legal data protection regulations as well as with this data protection declaration.

When you use this website, various items of personal data are gathered. Personal data are data with which you can be personally identified. The present data protection declaration explains which data we collect and what we use it for. It also explains how and to what purpose that happens.

We draw your attention to the fact that data transmission over the Internet (such as in communications by e-mail) may involve gaps in security. It is not possible to protect such data completely against access by third parties.

Information about the responsible authority
The responsible authority for data processing on this website is:

CIM med GmbH
Margot-Kalinke-Str. 9
Euro-Industriepark
D-80939 München
Germany
Phone: +49 89. 978 94 08-00
E-mail: info@cim-med.com

If you have questions regarding the processing of your personal data, please get in touch with our data protection officer:

DATAWERTE GmbH
Herr Michael Berninger
Bergstraße 2a
D-87600 Kaufbeuren
Germany

The responsible authority is the natural or legal person, who decides alone or jointly with others about the purpose and means of processing personal data (e.g. names, e-mail addresses, or similar items).

Withdrawal of your consent for data processing
Many data processing processes are possible only with your express consent. You can withdraw your consent, which you have granted already, at any time. To do this, send us an informal notification by e-mail. The legality of the data processing up to the time of the withdrawal shall remain unaffected by the withdrawal.

Right of appeal to the relevant supervisory authority
In the event of infringements of data protection legislation, the person affected has the right of appeal to the relevant supervisory authority. Our supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
D-91522 Ansbach
Germany

SSL or TLS encryption
For security reasons and to protect the transmission of confidential contacts, such as orders or enquiries that you send to us as a website operator, this website uses SSL or TLS encryption. You will be able to recognise an encrypted link by seeing that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you send to us cannot be read also by third parties.

Recipients of data/ Passing data on
Data which you have given us will categorically not be passed on to third parties. In particular, your data will not be passed on to third parties for their promotional purposes.
However, where necessary, we use service providers for the operation of these Internet sites or for other products of ours. In this case it is possible that a service provider may gain knowledge of personal data. We choose our service providers very carefully – particularly with regard to data protection and data security – and we take all steps required to ensure that our data processing is allowable under data protection legislation.

Data processing outside the European Union
Other than using Google Analytics, your personal data is not processed in a so-called third state outside the European Union.
Regarding the use of Google Analytics, it should be noted that the appropriate level of data security of Google with regard to its participation in the so-called „Privacy Shield“ and the measures put in place by Google for data protection and data security are guaranteed.

3. Data collection on our website

Cookies
Internet sites use so-called cookies to some extent. Cookies present no risks to your computer and contain no viruses. Cookies serve to make our offer more user-friendly, more effective and more secure. Cookies are small text files which are filed on your computer and stored in your browser.

Most of the cookies used by us are so-called “session cookies”. They are deleted automatically at the end of your visit. Other cookies remain and are stored on your terminal until you erase them. These cookies enable us to recognise your browser when you next visit.

You can adjust your browser so that you are informed about the depositing of cookies, and you allow cookies only in an individual case, you exclude the acceptance of cookies for certain cases or in general, and you can activate the automatic deletion of cookies when the browser is closed. The deactivation of cookies may restrict the functionality of this website.

Cookies which are needed to perform the electronic communication process are stored based on Art. 6 Abs. 1 lit. f DSGVO. CIM med GmbH has a justified interest in the storage of cookies in order to provide its services in a technically error-free and optimised manner. Insofar as other cookies (such as cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.

Server Log files
The provider of the sites acquires and stores information automatically in so-called server log files which your browser sends to us automatically. These are:

• Browser type and browser version
• Operating system in use
• Referrer URL
• Host name of the accessing computer
• Date and time of the server enquiry
• IP address

These data are not amalgamated with other data sources.

The data processing is based on Art. 6 Abs. 1 lit. b DSGVO, which permits the data processing of data for the fulfilment of a contract or precontractual measures.

4. Hosting

We host the content of our website with the following provider:
RAIDBOXES
The provider is RAIDBOXES GmbH, Hafenstr. 32, 48151 Münster, Germany (hereinafter RAIDBOXES). When you visit our website, RAIDBOXES collects various log files including your IP addresses.
Details can be found in the RAIDBOXES privacy policy: https://raidboxes.io/en/legal/privacy/.
RAIDBOXES is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Plugins und Tools

YouTube with extended data protection
This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited («Google»), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google Marketing Network regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the «EU-US Data Privacy Framework» (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

LinkedIn 
Our website uses a function of the LinkedIn network. It is provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click the LinkedIn button (plug-in), you will be forwarded to our LinkedIn profile in a separate browser window and, provided you are logged into your account at LinkedIn, you can follow us on LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn therefore receives the information, that you have visited our website with your IP address. LinkedIn is then be able to associate your visit on our website with you and your account, provided you are logged into your account at LinkedIn. Please note, that we have no knowledge of the content of the transmitted (personal) data and its use by LinkedIn. For more information, please see the LinkedIn’s Privacy Policy at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Google web fonts
This site uses so-called web fonts provided by Google to achieve a uniform representation of font types. When it opens a site, your browser loads the necessary web fonts needed in your browser cache so that texts and font types can be correctly displayed.
For this reason, the browser you are using has to connect to Google’s servers. To do this, Google requires that our website had been called up via your IP address. The use of Google web fonts is done in the interest of having a uniform and appealing presentation of our online offerings. This constitutes a justifiable interest within the scope of Art. 6 Abs. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font type is used by your computer.
You will find further information about Google web fonts at https://developers.google.com/fonts/faq and in Google’s data protection declaration at https://www.google.com/policies/privacy/.

Google Analytics
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: «Google»). Google Analytics uses «cookies», which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can find more information on terms of use and data protection at https://marketingplatform.google.com/about/analytics/terms/gb/ and at https://policies.google.com/?hl=en.
On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
Revocation of consent:
You can prevent tracking by Google Analytics on our website by selecting this in the cookie banner. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future as long as the cookie remains installed in your browser.
You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: Browser Add On to deactivate Google Analytics.

OpenStreetMap
We use the OpenStreetMap (OSM) map service.
We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behaviour on this website may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies.
The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

CleanTalk
This website uses anti-spam plugins from CleanTalk. The provider is CleanTalk Inc, 711 S Carson Street, suite 4, Carson City, NV, 89701, USA (hereinafter «CleanTalk»).
CleanTalk serves to protect our website from spam activities (e.g. preventing unwanted advertising, unwanted messages or comments). For this purpose, CleanTalk collects various personal data such as IP address, e-mail address, nickname of the message sender, information about the JavaScript technology in the sender’s browser and the texts entered.
This information is transferred to a CleanTalk server in the EU and stored there.
For security reasons and to protect against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 31 days. At the end of this period, this data will be completely deleted.
CleanTalk is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website spam activities as effectively as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://cleantalk.org/my/session?back_url=profile#scc_agreement.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.