隐私政策

 
I. Introduction

With the following information, we would like to give you, the "data subject" an overview of how Minitüb GmbH processes personal data and your rights under the General Data Protection Regulation (GDPR).

The processing of personal data takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations.

As the responsible party, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can fundamentally have security gaps, so that absolute protection cannot be guaranteed. For this reason, we also offer you the option to transmit personal data to us in alternative ways, for example by telephone or by post.


II. Responsible party

Responsible within the meaning of the GDPR is:

Minitüb GmbH
Hauptstraße 41, 
84184 Tiefenbach, 
Germany
Phone: (+49) 8709 9229 0
E-mail: minitube@minitube.de


III. Data protection officer

You can contact the data protection officer as follows:

Niklas Hanitsch
secjur GmbH
Franz-Mayer-Straße 1,
93053 Regensburg,
Germany
Phone: (+49) 941 569 550 20
E-mail: dsb@secjur.com

If you have any questions, suggestions, etc. regarding data protection, please feel free to contact our data protection officer directly.


IV. Definitions

This data protection declaration is based on the terms of the GDPR. To simplify understanding, we would like to explain some of the important terms in this context:  

  • Personal data: Personal data is all information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
  • Data subject: Affected person is any identified or identifiable natural person whose personal data is processed by the responsible party (our company).
  • Processing: Processing is any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
  • Recipient: Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under union law or the law of the member states are not considered recipients.
  • Third party: A third party is a natural or legal person, authority, agency or other body apart from the data subject, the responsible party, the processor and the persons who are authorized under the direct responsibility of the responsible party or processor to process the personal data.
  • Consent: Consent is any declaration of intent made voluntarily by data subjects for a specific case in an informed manner and unequivocally in the form of a declaration or another clear confirming action by which the data subjects indicate their consent to the processing of their personal data.

V. Legal basis for processing
  • Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations where we obtain consent for a specific processing purpose.
  • If the processing of personal data is necessary to fulfill a contract to which you are a party, the processing is based on Art. 6 Para. 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
  • If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 Para. 1 lit. c GDPR.
  • Ultimately, processing operations can be based on Art. 6 Para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company, provided that the interests, fundamental rights and freedoms of the data subjects do not outweigh them. 

VI. Technology
1. SSL / TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that "https://" appears in the address line of the browser instead of "http://" and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

2. Data collection when visiting the website ("server log files")
Every time you or an automated system access our website, we process data that your browser transmits to our server (in so-called "server log files"). This data is stored in the server's log files. The following can be recorded:
  • browser types and versions used,
  • operating system used by the accessing system,
  • website from which an accessing system reaches our website (so-called referrer),
  • sub-websites that are accessed via an accessing system on our website,
  • date and time of access to the website,
  • internet protocol address (IP address),
  • internet service provider of the accessing system.
 

We process this data in order to deliver the content of our website correctly, to guarantee the permanent functionality of our IT systems and the technology of our website and to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack. This collected data and information is evaluated statistically with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data provided by a data subject. In principle, deletion of the server log files takes place after 14 days. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR, our legitimate interest for the purposes listed above.


VIII. Geo-IP evaluation

When you visit our website, we evaluate your IP address to see from which country you are accessing our website (hereinafter "Geo-IP"). The reason is that we can only make our shop available to you in certain countries. Therefore, we do not provide the "Login" and "Register" fields on our website for users from countries in which we cannot offer the shop. One of the reasons for this is that we only supply certain countries through distributors. In the case of website visitors who access our website with a Geo-IP in which we provide the shop, this means that we have already preselected the corresponding country in the input mask during registration. The legal basis for processing your personal data in this context is Art. 6 Para. 1 S. 1 lit. f GDPR . Our overriding legitimate interest is the individual presentation of individual functions depending on the country of the Geo-IP to be accessed. This check of the Geo-IP takes place every time you visit our website.


VIII. Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are saved on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. The use of cookies serves to make the use of our offer more pleasant for you. In addition, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. You can find an overview of the cookies used in our cookie banner. The legal basis for the use of cookies depends on the specific purpose for which they are used, which is why we would like to explain our use of cookies to you in more detail below.
 

1. Own cookies
We use our own cookies on our website, which are necessary so that, for example, you remain logged in to our shop even after changing pages or any selected filters or searches are retained. We also use cookies to provide you with the shopping cart function in the shop. The legal basis for processing your personal data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to enable a user-friendly and as simple as possible presentation of various functions for our website visitors. In this context, your data will not be passed on to third parties and will generally be stored for one year and then deleted.

2. Google reCAPTCHA
On our website we use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to protect against spam for forms used on our website. For this purpose, Google reCAPTCHA automatically analyzes your usage behavior on our website based on various features in order to differentiate between human behavior and automated spam messages. The data collected in this process is forwarded to Google. The data may also be transmitted to Google LLC in the USA. For this type of data processing, Art. 6, Para. 1, S. 1, lit. f GDPR provides the necessary legal basis. Our legitimate interest is to protect our online offerings against spam issues. The storage period is 6 months. For more information on Google reCAPTCHA, please refer to: www.google.com/recaptcha/about/

3. Matomo
We use Matomo, an open source software from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on our website. Via Matomo, we carry out analyses, e.g. on visitor numbers, length of stay or access to our website from different countries. These analyses enable us to optimize our website and adapt it accordingly. The legal basis for processing your personal data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. We store this personal data which, in principle, is deleted after 90 days. Further information about Matomo can be found at: www.matomo.org

4. YouTube
We would like to offer you the option of being able to watch YouTube videos, e.g. about our products, on our website. For this purpose, we have integrated YouTube videos on our website, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for processing your personal data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. In this context, data may also be transmitted to Google LLC in the USA. If you have not given us your consent via the cookie banner, you have the option of loading the YouTube video again by clicking the corresponding pages of our website and hereby giving us your consent.
Further information about Google can be found at: https://policies.google.com/privacy?hl=de

5. Sendinblue
We would like to offer you the option to register for our newsletter directly on our website. For this purpose, we have integrated the registration form from our newsletter service Sendinblue, Sendinblue GmbH, Köpenickerstraße 126, 10179 Berlin, directly on the website. If you have given us your consent within the framework of the cookie banner, in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, it will be displayed to you directly. If you have not given us your consent via the cookie banner, you have the option of clicking the relevant page again to display the registration form and to give us your consent to process your personal data for the Sendinblue form.
Further information about Sendinblue can be found at: https://www.sendinblue.com/information-for-email-recipients/.

IX. Contents of our website
1. Establishing contact / contact form
When contacting us (e.g. via contact form or e-mail), personal data is collected. The following data is collected in the contact form: 
  • Salutation (optional)
  • First name
  • Surname
  • Telephone number
  • E-mail address
  • Country (used to assign the correct contact person)
  • Street (optional)
  • ZIP code (optional)
  • City (optional)
  • State / Region (optional)
  • Customer number (optional)
  • VAT ID no. (optional)
  • Company (optional)
  • Message text
     
This data is stored and used for the purpose of assigning and answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. If the purpose of your contact is to conclude a contract or if your request contains an order, the legal basis in processing your data is Art. 6 Para. 1 S. 1 lit. b GDPR. Furthermore, a legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR exists for processing your data. Your data will generally be deleted after your request has been processed, unless they are necessary for the performance of the contractual relationship. This is the case if it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that there are no statutory archiving requirements. Longer storage in accordance with the statutory deadlines (e.g. HGB, AO) is required if you place an order using our contact form. Due to the specificity of our products, there may be a need to provide you with advice on how to use them, or to answer questions resulting from your message. In such cases we may also contact you by phone.

2. Applications / job exchange
We process the personal data of applicants for the purpose of handling the application process. Processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If there is employment, we will include your documents from the application in the personnel file. The storage takes place in accordance with Art. 6 Para. 1 S. 1. lit. b GDPR in conjunction with Section 26 BDSG. If there is no employment, the application documents are generally deleted after 6 months. The data processing until then takes place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, which results in particular from the AGG. For admission to our applicant pool, we will separately ask for your consent, in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. Your data in the applicant pool is then deleted after one year.

X. Shop
Access to the Minitüb GmbH shop is only intended for registered users after logging in (see "X. 2. Login").

1. Registration
We have a shop on our website for ordering products. If you are not an existing customer, you must first register in order to gain access to our shop. As part of the registration process, we will receive an e-mail with your details from the registration, which we will save as verification. This is followed by an internal check before you receive your access data from us. As part of the registration process, we collect the following personal data from you:
  • Companies
  • First name
  • Surname
  • Street
  • House number
  • Post Code
  • City
  • Country (used to assign the correct contact person.)
  • Telephone number
  • E-mail address
  • VAT ID no. (optional)
  • Data upload (optional)

The legal basis for processing your personal data in this context is Art. 6 Para. 1 S. 1 lit. f GDPR, specifically our legitimate interest in enabling access to our shop solely to a restricted group, since we supply e.g. some countries only through distributors. Another legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR, the implementation of pre-contractual measures and subsequent fulfillment of a contract.
We store data such as the “home pharmacy certificate”, which can be uploaded as verification using the upload function, in accordance with Art. 6 Para. 1 Clause 1 lit. c GDPR to prove compliance with legal requirements.

2. Login    
On our website we provide you with a login function to access our shop. Here you can log in as a registered customer with your e-mail address and your password, in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. In the course of registration, the following data will also be processed: date, time and your IP address. The legal basis for this is Art. 6, Para. 1, S. 1, lit. f GDPR, namely our legitimate interest in customer-specific and secure access to our shop.

3. My account    
Under “My Account” you have the option of adding further personal data, such as an additional delivery address, or updating your data. You can also use this to view the contact details of your representative at Minitüb GmbH and review your orders and archived documents. You can make use of the User Management function to create additional sub-accounts for yourself as an organization. There is no separate notification to Minitüb GmbH.

4. Purchases through the shop
You can purchase products directly from our shop. However, this does not apply to all of the products as displayed, since certain products are very specific and may require prior consultation for use (hereinafter referred to as “specific products”). For these specific products, it is first necessary to send us a request using our inquiry form. When inquiring about specific products, the following data are sent to us:
  • Requested product (pre-filled)
  • Name (pre-filled)
  • Customer number (pre-filled)
  • E-mail address (pre-filled)
  • Address (pre-filled)
  • Individual message

This is done in accordance with Art. 6, Para. 1, S. 1, lit. b GDPR on the basis of the pre-contractual relationship with you.

When purchasing products that do not require further explanation, you can stow them in your virtual shopping cart until you are ready to send your order. We process the shopping cart items, customer data, any additional information in the ordering process and the date and time of your order. Your inquiries are then transmitted to our ERP system, whereupon your order will be placed and you will receive an order confirmation from us. The payment conditions can then be found in the order confirmation.
Your data from the order as well as your contact details for delivery and your billing data for invoicing will be processed in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR to fulfill the contractual relationship. The provision of this data is necessary for the conclusion of the contract and the corresponding processing.
For the delivery of the ordered products we work together with external logistics service providers / transport companies; therefore we pass on the data required for this to them, such as address, etc. The legal basis for this is Article 6 Paragraph 1 Sentence 1 lit. b) GDPR. The processing is necessary in order to be able to fulfill our contractual obligation towards you.

Unlike other shops, we have not integrated any external service providers directly into our shop for payment processing.
 
XI. Newsletter dispatch
1. Advertising newsletter
Our website gives you the opportunity to subscribe to our company’s newsletter. Regarding cookies that are used in this context, we refer to the topic “VIII. Cookies ” in this data protection declaration.
In connection with the newsletter, we process your personal data for the dispatch and the associated analyses of the newsletter with regard to e.g. opening rates, clicks to improve our newsletter in accordance with Art. 6 Para. 1 S. 1 lit. on the basis of your consent, which you have given us with your registration. We also use Sendinblue, of Sendinblue GmbH, Köpenickerstraße 126, 10179 Berlin, for the dispatch and analyses. For legal reasons, a confirmation e-mail using the double opt-in procedure will be sent to the e-mail address you initially entered for receiving the newsletter. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter.
When registering for the newsletter, we also store your IP address and the date and time of the registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of your e-mail address at a later time and therefore serves our legal protection. The legal basis for this is our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
You can unsubscribe from the newsletter yourself at any time using the "Unsubscribe" link in the newsletter. Find more information about Sendinblue at: https://www.sendinblue.com/information-for-email-recipients/.

2. Sending out newsletters to existing customers   
If you have provided us with your e-mail address when purchasing products or services, we reserve the right to send you regular offers from our range of products or services similar to those already purchased from you by e-mail. We do not have to obtain any separate consent from you for this in accordance with Section 7 (3) UWG. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. You can unsubscribe from the newsletter at any time. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.
In this context, we use the provider Sendinblue and monitor evaluations (opening rates, clicks, etc.) in order to measure the success of our newsletter and in order to constantly improve (See advertising newsletter section above).

XII. Our activities in social networks
So that we can also communicate with you on social networks and provide information about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform in terms of the processing operations triggered thereby, which relate to personal data, within the definition of Art. 26 GDPR. 
We are not the original provider of these pages, but only use them within the scope of the options offered by the respective provider.
As a precaution, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use can therefore expose you to data protection risks, as it may be more difficult to protect your rights e.g. for information, deletion, objection, etc. In addition, data processing in the social networks is often carried out directly for advertising purposes or for analysis of user behavior by the provider, which lies outside the range of our influence. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned directly to your own membership profile of the social networks (if you are logged in).
The processing of personal data described is carried out in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR based on our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to be able to inform you about our services. If you have to give the respective providers consent for data processing as a user, the legal basis relates to Art. 6 Para. 1 S. 1 lit. a GDPR.
Since we have no access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Here we have listed further information regarding the processing of your data in the social networks we use and describe the option to exercise your right of objection or revocation (so-called opt-out) at these respective providers:

LinkedIn
We link to our social media presence at LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Together with us, they are responsible for the processing of your data. 
Our website contains solely a link and not a social media plug-in. Therefore, simply visiting our website does not result in the social media platform being informed of your visit. Once you click on their link, however, your data will be processed by the social media platform. 
You can find LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy

Youtube
We run our own channel on YouTube to present our company and our products. YouTube is operated by Google Ireland Limited., Gordon House, Barrow Street, Dublin 4, Ireland. With them we are jointly responsible. On our website, there is only a link and not a social media plug-in. In this context, data may also be transmitted to Google LLC in the USA. 
You can find Google's data protection declaration here: https://policies.google.com/privacy
 
XIII. Establishing contact via another communication channel
If you do not have access to our shop, you can send us inquiries about our products and orders via various communication channels, such as e-mail, telephone, fax or the contact form. In this context, we process the data you provided us on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR in the pre-contractual area and for processing your order. If your information indicates a need for consultation, e.g. due to the complexity of the products, we will contact you again.

XIV. Your rights as a data subject
1. Right to confirmation
You have the right to request confirmation from us as to whether personal data is being processed.

2. Right to information Art. 15 GDPR
You have the right to receive free information from us at any time about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

3. Right to rectification Art. 16 GDPR
You have the right to request the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purpose of the processing.

4. Deletion Art. 17 GDPR
You have the right to ask us to delete the personal data immediately, if one of the reasons stipulated by law applies and if the processing or storage is not legally necessary.

5. Restriction of processing Art. 18 GDPR
You have the right to request that we restrict processing if one of the legal requirements is met.

6. Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible party without hindrance from us, to whom the personal data has been forwarded, provided that the processing is based on consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance to Art. 6 Para. 1 S. 2 lit. b GDPR and the processing is carried out using automated processes, unless the processing is not necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to us. Furthermore, when exercising your right to data portability in accordance with Art. 20 Para. 1 GDPR, you have the right to have the personal data transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and if the rights and freedoms of others are not compromised.

7. Objection Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time against the processing of your personal data, based on Art. 6 Para. 1 S. 1 lit. e (data processing in the public interest) or f (ata processing based on a weighing of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In individual cases, we process personal data in order to operate direct mail. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is connected with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, you have the right, for reasons that arise from your particular situation, to object to the processing of personal data relating to you, which we use for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR unless such processing is necessary to perform a task in the public interest. You are free to exercise your right to object in connection with the use of information society services, regardless of Directive 2002/58 / EC, using automated procedures that use technical specifications.

8. Revocation of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time with future effect. Processing up to this point remains lawful. To exercise your right of withdrawal, you can contact us by email: minitube@minitube.de or phone: +49 8709 9229 123.

9. Complaint to a supervisory authority
You have the right to complain to a data protection supervisory authority about our processing of personal data. The Bavarian State Office for Data Protection Supervision (BayLDA) is responsible for us: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Phone: (+49) 981 180 093 0, poststelle@lda.bayern.de. You can also use the authority's online complaint form.

XV. Duration of personal data storage
We process your personal data as long as this is necessary due to the respective purpose. Storage takes place in particular if we are subject to a statutory retention period or if the processing of your personal data is necessary to fulfill or initiate a contract. Otherwise your personal data will be routinely deleted.

XVI. Timeliness and update of the data protection declaration
This data protection declaration is currently valid and has the status: March 2021.

Due to the further development of our website and offers or due to changes in legal or official requirements, it may become necessary to update this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.minitube.com/catalog/cn/footer-navigation/yin-si-zheng-ce/.