We hereby provide information about how we process personal data. Personal data includes all data that relates to you personally, such as name, address, email addresses, user behaviour etc.
I. General information
The controller under Article 4(7) of the EU General Data Protection Regulation (EU GDPR) is
Lohmann & Rauscher GmbH & Co. KG
Irlicher Straße 55
Tel.: +49 2634 99-0
Fax: +49 2634 99-6467
(Further details are available in our legal information.)
2. Data protection officers
You can contact our data protection officers via
Lohmann & Rauscher GmbH & Co. KG
- Datenschutzbeauftragter (Data protection officer) -
Tel.: +49 2634 99 7077
Fax: +49 2634 99 7877
3. Supervisory authority
The supervisory authority responsible for our company is
The commissioner for data protection and freedom of information for Rhineland-Palatinate (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
Postal address: PO box 30 40, 55020 Mainz
Address for visitors: Hintere Bleiche 34, 55116 Mainz
Tel.: +49 6131 2082449
Fax: +49 6131 2082497
4. Data and its origin
We process personal data that we receive from you in the context of our planned or existing business relationship. Where this is necessary for our business activity, we also process personal data that we have legitimately received (e.g. to implement orders, fulfil contracts or on the basis of another consent granted by you) from other companies affiliated to us within the Lohmann & Rauscher Group or from other third parties (e.g. service agencies). We also process personal data that we have legitimately received from publicly accessible sources (e.g. the commercial register or register of associations, record of debtors, land registers, media or the internet) and are permitted to process.
Relevant personal data in this regard may in particular be: Name, academic qualification, job title, address, telephone number, fax number, email address, date and place of birth, authentication data (e.g. ID card information), bank account details (IBAN or BIC), tax ID number.
Data communicated by you to us, for example when you contact us via email or via a contact form (your email address and, where relevant, your name and telephone number), is stored by us in order that we can respond to your questions.
As part of the initiation of business transactions and over the course of the business relationship, particularly as a result of contact in person, by telephone or in writing, further personal data may arise, such as information about the method of communication, date, reason for and result of the contact and (electronic) copies of the correspondence.
As part of our business relationship, you have to provide personal data that are needed to build and execute the respective business relationship and to fulfil the contractual obligations linked to this or data that we are legally obliged to collect. Without the necessary data, we will generally not be able to enter into or continue the business relationship.
5. Purposes of the data processing
We process the above-mentioned personal data in accordance with the provisions of the EU GDPR and the German Federal Data Protection Act (BDSG) as amended from time to time:
a. On the basis of your consent (Article 6(1)(a) EU GDPR): Where you have provided us with consent to the processing of personal data for specific purposes, such processing is lawful on the basis of your consent. Consent that has been granted can be withdrawn at any time. The withdrawal of consent only has future effect, meaning that processing that occurred prior to withdrawal is not affected by this.
b. for the performance of a contract (Article 6(1)(b) EU GDPR): The processing of personal data is done as part of the initiation or conduct of our business relationship with you. The purposes of the data processing are primarily based on the specific subject matter of the business relationship and may in particular cover the provision of services and the manufacture and delivery of products.
c. due to legal obligations (Article 6(1)(c) EU GDPR) or in the public interest (Article 6(1)(e) EU GDPR): Where we are subject to legal obligations, we are permitted to process data to the extent that this is required for the purpose of the fulfilment of the respective legal obligations, for example with respect to the proper provision of information to the financial authorities on the basis of existing tax laws.
d. as part of a balancing of interests (Article 6(1)(f) EU GDPR): Where necessary, we process your data beyond the actual fulfilment of the contract for the protection of our company’s legitimate interests and those of third parties. Examples of this are allowable advertising and market research, the conduct of litigation to bring or defend against legal claims, the ensuring of our company’s IT security and measures to ensure building and system security or to defend our rights to determine who has the right to access our building e.g. through access controls.
6. Recipient of the data
Within our company those areas that require this for the fulfilment of the contractual and legal obligations existing in connection with our business activity have access to your data.
Service providers (processors) used by us may also receive data for this purpose if they have undertaken to comply with our written instructions in connection with data protection law. These include in particular companies in the following areas of activity: support/maintenance for IT applications, archiving, document processing, data destruction, call centre services, marketing, auditing.
Furthermore, public bodies and institutions (e.g. financial authorities) may receive personal data where there is a legal or official obligation.
Further data recipients may include those bodies to which you have granted your consent to the transfer of your data.
Data is only sent to companies outside the EU and the EEA (known as third countries) if this is necessary for us to enter into or conduct our business relationship with you or where this is provided by law, you have granted us consent for this or corresponding contracted data processing is being done. If service providers in a third country are used, they are obliged to comply with the level of data protection prescribed within the EU through written instructions or other agreement (namely in accordance with the EU standard contractual clauses).
7. Duration of storage
We process and store your personal data for as long as is necessary for the performance of our contractual and legal obligations. It should be noted that the business relationship may be a continuing obligation over several years. If the data is no longer needed for performance of the contractual or legal obligations, it is deleted at regular intervals unless its further processing (on a time-limited or restricted basis) is necessary for the following purposes:
a. Fulfilment of retention periods under commercial or tax law, the periods indicated there for retention or documentation being between two and ten years;
b. Preservation of evidence in the context of applicable regulations governing limitation periods. Pursuant to Sections 195 et seq. German Civil Code (BGB), these limitation periods can be up to 30 years, with the normal limitation period being set at three years.
8. Your rights
a. You have the following rights over us regarding the personal data relating to you:
- i. Right to information,
- ii. Right to rectification or erasure,
- iii. Right to restrictions on processing,
- iv. Right of objection to processing,
- v. Right to data portability.
b. You also have the right to complain to data protection authorities about the processing of your personal data by our company.
c. In particular, you have a right to object to processing on a case-by-case basis in the following sense:
- i. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) (data processing in the public interest) or point (f) (data processing on the basis of a balance of interests) of Article 6(1) EU GDPR, including profiling based on those provisions. If you object, we shall no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- ii. Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes.
9. Automated decision-making/profiling
We do not generally use fully-automated decision-making as the basis of or to conduct the business relationship with you. Should we use this process in individual cases, we will provide information about this separately where this is prescribed by law.
II. Additional information on the use of our website
1. Data collection
If you only use the website for information, in other words, if you do not register or provide us with information in another way, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data that are technically necessary for us to display the website to you and ensure stability and security (the legal basis for this is point (f) of Article 6(1), Sentence 1, EU GDPR):
a. IP address
b. date and time of the request
c. time zone difference from Greenwich Mean Time (GMT)
d. content of the request (specific page)
e. access status/HTTP status code
f. in each case, the quantity of data transferred
g. website from which the request comes
i. operating system and interface
j. language and version of the browser software.
In addition to the data mentioned above, when you use our website cookies will also be stored on your computer. Cookies are small text files that are stored on your hard drive allocated to the browser you use and can be used by the body that placed the cookie (in this case us) to provide certain information. Cookies cannot run programs or transfer viruses to your computer. They are used to make the online experience more user-friendly and efficient.
a. This website uses the following types of cookies, the scope of which and how they function will be explained below:
- i. Transient cookies (see b)
- ii. Persistent cookies (see c).
b. Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store what is known as a session ID, by which various requests made by your browser can be allocated to the same session. As a result, it is possible to recognise your computer when you return to our website. The session cookies are deleted when you log out or close the browser.
c. Persistent cookies are automatically deleted after a predefined period of time, which can vary from cookie to cookie. You can delete the cookies from your browser’s security settings at any time.
d. You can configure your browser settings as you wish and, for example, accept third party cookies or reject all cookies. We should point out that this may mean you will be unable to use all of the functions of this website.
4. Further functions and services on our website
a. In addition to the use of our website for purely informational purposes, we also offer various services that you can use if you are interested. In order to do so, you generally have to enter further personal information that we will use to provide the relevant service and to which the principles of data protection referred to above apply.
b. In some cases, we use external service providers to process your data. We select and commission these service providers carefully, and they are bound by our instructions and regularly checked.
c. Furthermore, we are able to pass your personal data on to third parties where offer sales campaigns, competitions, entry into contracts or similar services are offered by us jointly with partners. More information on this is available in the description of the relevant service.
d. Where our service provider or partner is based in a state outside the European Economic Area (EEA), we inform you of the impact this has in the description of the relevant service.
III. Additional information on the use of our mobile apps
1. In addition to our online presence, we also offer mobile apps that you can download onto your mobile terminal. We provide information below on the collection of personal data when you use our mobile apps.
2. When you download a mobile app with data collection, the required information is transferred to the app store, in particular the username, email address and customer number of your account, the time of the download, payment information and individual device reference number. We have no influence over this data collection and are not responsible for it. We only process data where this is necessary for the download of the mobile app onto your mobile terminal.
3. In the case of mobile apps without data collection, the mobile app is downloaded onto your mobile terminal and can be used without access to the internet. No personal data is collected when these apps are used.
IV. Additional information on particular forms of use of websites.
Clause 1 Use of our online shop
1. If you wish to order from the online shop set up for business customers (trade/doctor portal or kit pack portal), then, in order to create a contract you need to enter the personal data we need to process your order. Information essential for the processing of orders is marked, other information is voluntary. We process the data you provide us with in order to complete your order and store it for any future purchases you may make. You may withdraw your consent for this. In this case we can pass your payment information on to our bank. The legal basis for this is point b of Article 6(1), Sentence 1, EU GDPR.
We can also process the data you provide to us to inform you about other interesting products from our range or to arrange for you to be sent emails containing technical information.
2. We are obliged, based on the provisions of commercial and tax law, to retain your address, payment and order data for a period of ten years. However, we restrict the processing of this at our reasonable discretion. In other words, your data is only used for the purpose of complying with legal obligations.
3. Authentication and various encryption techniques are used to prevent unauthorised access to your data by third parties.
Clause 2 Use of the function “My L&R”
If you wish to use the “My L&R” function, you need to register by entering your email address, a password of your choice and a username of your choice. There is no obligation to use your real name, you can access the function using a pseudonym. We use what is known as the double opt-in method for registration. In other words, your registration is only complete if you have previously confirmed your registration by clicking on the link in a confirmation email sent to you for this purpose. If you do not confirm your registration within 24 hours, your registration will automatically be deleted from our database. The provision of the above data is mandatory. You are able to provide all further information on a voluntary basis by using the “My L&R” function.
Clause 3 Use of our supplier portal
1. If you wish to contact us using the supplier portal we have set up, you need to enter the personal data we require to process your request. We process the data you provide us with in order to process your request and retain it for any future commercial transactions you may make, although you can withdraw your consent to this. The legal basis for this is point b of Article 6(1), Sentence 1, EU GDPR.
2. Where applicable, we are obliged, under the provisions of commercial and tax law, to retain your data for a period of ten years. However, we restrict the processing of it at our reasonable discretion. In other words, your data is only used for the purpose of complying with legal obligations.
3. Authentication and various encryption techniques are used to prevent unauthorised access to your data by third parties.
V. Additional information on the use of web analytics
1. Our website uses Google Analytics, a web analysis service from Google Inc (“Google”). Google Analytics uses “cookies”, i.e. text files that are saved on your computer to make it possible to analyse your usage of the website. The information generated by the cookies about your use of this website is generally transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be shortened in advance by Google within member states of the European Union or in other signatories to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred by Google to a server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services related to website and Internet usage.
2. The IP address sent by your browser as part of Google Analytics is not combined with other data by Google.
3. You can prevent the storage of cookies by adjusting the settings of your browser software accordingly; we should point out, however, that in that case you may be unable to fully use all of the functions of this website. Furthermore, you can prevent Google collecting the data generated by the cookie and relating to your use of the website (including your IP address), and prevent Google processing it, by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
4. Our website uses Google Analytics with the extension "_anonymizeIp()". This means shortened IP addresses are processed such that any reference to a particular individual is excluded. If there is a personal reference in the data collected about you, this is instantly ruled out and the personal data deleted immediately.
5. We use Google Analytics to analyse the use of our website and regularly improve it. We can use the statistics obtained to improve our online presence and make it more interesting for you as a user. Google has drafted the EU-US Privacy Shield for the exceptional cases in which personal data is sent to the USA: www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is point (f) of Article 6(1), Sentence 1, EU GDPR.
6. Google notes in particular the information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/us.html, overview of data protection: support.google.com/analytics/answer/6004245 and the privacy statement: http://policies.google.com/privacy?hl=en-GB&gl=de.
VI. Additional information on social media
Clause 1 Use of social media plug-ins
1. We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing, LinkedIn]. We use what is known as the two-click solution. This means that when you visit our site, no personal data is initially passed on by us to the plug-in provider. You can recognise the plug-in provider by the mark on the box[,] by their initial letter or logo. We give you the option of communicating directly with the plug-in provider by clicking the button. The plug-in provider only receives the information that you have accessed the relevant website from our online presence if you click on the selected area. Where applicable, the data mentioned above under I.4 is sent to the relevant plug-in provider and processed by them.
2. We do not have any influence over the data collected by the relevant plug-in provider or over data collection processes, nor are we aware of the full scope of the data collection, the purposes for which the data is processed or the retention periods. Neither do we have any information on the erasure of the data collected by the plug-in provider. We advise you to obtain more detailed information on this from the relevant plug-in provider and, to this end, to use the contact details available on the internet and other information, in particular any data privacy statements and settings to protect your privacy.
Clause 2 Inclusion of YouTube videos
1. We have included YouTube videos in our online presence. These are stored on www.YouTube.com and can be played directly from our website.
2. By visiting the website, YouTube receives the information that you have accessed the relevant subsite of our website. The data mentioned under I.4 (above) of this privacy statement is also sent. This occurs regardless of whether YouTube provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data is allocated directly to your account. If you do not want this to be allocated to your profile on YouTube, you have to log out before clicking on the button. YouTube retains your data as usage profiles and uses it for advertising, market research and/or necessary website design purposes. An evaluation of this kind is carried out in particular (even for users who are not logged in) so as to carry out appropriate advertising and to inform other users of the social network about your activities on our website. You may object to the creation of this user profile, but to exercise such right you need to contact YouTube itself.
3. We advise you to obtain more detailed information on the purpose and scope of the data collection and its processing by YouTube directly from YouTube and, to this end, to use the contact details available on the internet and other information, in particular privacy statements and settings to protect your privacy.
Clause 3 Inclusion of Google Maps
1. We use Google Maps on our website. This means we can display interactive maps directly on the website and allow you to use the map function easily.
2. When you visit our website, Google receives the information that you have accessed the relevant subsite of our website. The data mentioned under I.4 of this privacy statement is also sent. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data is allocated directly to your account. If you do not wish this to be allocated to your profile on Google, you have to log out before clicking on the button. Google retains your data as usage profiles and uses them for the purposes of advertising, market research and/or necessary website design. An evaluation of this kind is carried out in particular (even for users who are not logged in) so as to carry out appropriate advertising and to inform other users of the social network about your activities on our website. You may object to the creation of this user profile, but to exercise such right you need to contact Google itself.
3. We advise you to obtain more detailed information on the purpose and scope of the data collection and its processing by Google directly from Google and, to this end, to use the contact details available on the internet and other information, in particular privacy statements and settings to protect your privacy.
VII. Additional information about the newsletter
(1) By consenting you can sign up for our newsletter on our website so we can send you current information and offers for our products.
(2) We use the double opt-in process for users registering for our newsletter. This means that when you register we will send an email to the email address you have entered asking you to confirm that you wish to receive the newsletter. By confirming, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. When you register for the newsletter, we will save the IP address registered by your Internet Service Provider (ISP) and the date and time of registration so as to be able to identify any potential misuse of your email address at a later date.
(3) The only compulsory information we require in order to send you the newsletter is your email address. Information regarding your first name and surname is provided on a voluntary basis, so we can address you personally. Once you have confirmed your registration, we will store the data collected during your newsletter registration in order to contact you for promotional reasons by sending you our newsletter. The legal basis for this is Article 6(1) sentence 1 letter a GDPR.
(5) Our email newsletter is sent using the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”), to whom we will transfer the data you provide when you register for the newsletter. This transfer is done in accordance with Article 1(1)(f) GDPR and serves our legitimate interest in the application of a secure and user-friendly newsletter system which is effective as advertising. This means your personal data arising in connection with your newsletter subscription is processed: your email address and, where applicable, your first name and surname are stored on the CleverReach servers in Germany or Ireland. CleverReach uses this information to send and statistically evaluate the newsletter on our behalf.
When we send the newsletter, we evaluate your user behaviour. In order to carry out this evaluation, the emails and newsletters sent contain what are known as “web beacons” or “tracking pixels”, single pixel image files that are accessed when the newsletter is opened from the CleverReach server and which are stored on our website. As part of this access process, we are able to determine whether a newsletter is opened and, where relevant, which links are clicked on. For the evaluation, we link the data mentioned in clause VII (3) above and the web beacons to your email address and an individual ID. The data are only collected in pseudonymised form; the IDs are also not linked to your personal data and any direct connection to a person is excluded. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). These data are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to recipients’ interests.
We have entered into a processing contract with CleverReach in which we impose an undertaking on CleverReach to protect our customers’ data and not to pass the data on to third parties.
Further information on data analysis by CleverReach is available via the following link: www.cleverreach.com/de/funktionen/reporting-und-tracking/
If you wish to object to the analysis of data for statistical evaluation purposes, you must unsubscribe from the newsletter as described in clause VII (4) above.