1. Information on data processing, legal bases and terminology
1.2. The terms used, such as ‘personal data’ or their ‘processing’, refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed in the context of this online offer includes usage data (the visited websites of our online offer, access times), communication data (device IDs, IP addresses, location data, browser type and version, operating system used, website, from You visit us), content data (entries in the contact form) as well as applicant data (name, contact details, subject areas, application documents).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, prospects, applicants and other visitors to our online offer. The terms used, such as “users” are to be understood gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if we have a legal permit. That is, especially if the data processing for the provision of our contractual services (eg processing of orders) as well as online services is required or required by law, the consent of the user exists, as well as our legitimate interests (ie interest in the analysis, optimisation and economic Operation and security of our online offer within the meaning of Art. 6 (1) lit. GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers).
1.6. Please note that the legal basis for the consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR. The legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. GDPR. The legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c. GDPR and the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR.
2. Safety measures
2.1. We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
2.2 .The security measures include in particular the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third parties
3.1. A transfer of data to third parties is only within the scope of legal requirements. We only pass on the data of the users to third parties if, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f. GDPR for efficient and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable law.
3.4. MedSynApps is a group of companies, see: https://medsynapps.care/about-us/. Within this cooperation, marketing activities can be carried out by one partner for the entire group. For this purpose, data may be processed outside the EU, e.g. in France. Contracts were signed between the partners for processing personal data in compliance with EU security guidelines.
4. Collection of access data and log files
4.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which our website is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address (anonymised) and the requesting provider.
4.2. Log File information is stored for security reasons (eg to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident.
4.3. For the hosting of our website we use a service provided by OVH. As part of the hosting, the IP address of the user (anonymous) in the form of log files to the OVH, where it will be deleted after 2 months at the latest. It processes the data on our behalf in accordance with Art. 28 (3) sentence 1 GDPR.
5. Cookies and reach measurement
5.1. Cookies are information transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
5.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
5.5. Our cookies usage can differ depending on the browser, device or network settings, as follows:
Usage Storage period
_ga (Google) Differentiation from users 2 years
_gat (Google) Google property ID 1 minute
_gid (Google) Differentiation from users 1 day
_gac_ (Google) Differentiation of users in Google campaigns 1 minute
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service 1 day
__cfduid (HubSpot) Security cookie from Cloudflare, the CDN provider of Hubspot 30 days
__hssc (Hubspot) Tracking of session 30 minutes
__hssrc (Hubspot) Session-Cookie session
__hstc (Hubspot) contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit) and session no. 13 month
6. Google Analytics
6.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation ( https://www.privacyshield.gov/ participant? Id = a2zt000000001L5AAI & status = Active ).
6.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous user profiles of the processed data can be created.
6.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address will be sent to a Google server in the US and shortened there.
6.5. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection of data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing a browser plug-in available under the following link: http://tools.google .com / dlpage / gaoptout? hl = en .
6.6. For more information about Google uses data, settings and opposition opportunities can be found on the websites of Google: https://www.google.com/intl/de/policies / privacy / partners ( “How Google uses data when you use websites or apps our partners “), http://www.google.com/policies/ technologies / ads (” Use of data for promotional purposes “), http://www.google.com/settings/ads (” Managing information that Google uses, to show you advertising “).
7.1. When contacting us (via contact form or email), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.
7.5. Live Support
7.5.1. Via the chat function on our website, users have the opportunity to contact MedSynApps employees directly, for example to clarify questions regarding open job profiles. The use of the chat does not require the provision of personal data.
7.5.2. For the service mentioned in 7.5.1 we use Userlike, a live chat software of the company Userlike UG (limited liability). Userlike uses “cookies”, text files that are stored on your computer and that enable a personal conversation in the form of a real-time chat on the website with you. The collected data will not be used to personally identify the visitor of this website and will not be merged with personal data about the bearer of the pseudonym.
7.5.3. For internal evaluation and optimization of our service quality, we store the chat logs for a period of 90 days.
8. Embedding third-party services and contents
8.1. On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and economic operation of our website as defined by Section 6 Subsection 1 lit. f. GDPR), within our website, we use offers of content and services by third-party providers such as embedding possibilities for recommending our website (hereinafter holistically called “contents”). This always presupposes that the third-party providers perceive the users’ IP address, because they could not send the contents to their browser without the IP address. The IP address is thus necessary for the presentation of these contents. We endeavour to only use such contents whose respective provider solely uses the IP address to send out the contents. Furthermore, third-party providers can use so-called pixel tags (invisible graphic images also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users’ device and contain, among others, technical information about the browser and operating system, referring websites, time of visit as well as other details on using our website, and can also be associated with such information from other sources.
8.2. The following provides an overview of third-party providers as well as their contents plus links to their Privacy Policies, which contain further information on the processing of data and, partially stated here, possibilities of revocation (so-called “opt-out”):
8.4. Our website uses functions of the network, LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When visiting one of our pages that contains functions of LinkedIn, a connection is established to servers of LinkedIn. LinkedIn is informed that you have visited our web pages with your IP address. If you click on the “Recommend-Button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We must point out that we as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by LinkedIn. Data Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
9. Downloading exclusive contents
9.1. MedSynApps offers registered users the possibility of requesting exclusive editorial contents on the website by e-mail and to download them. In the scope of this registration, we store the user’s name, e-mail address, the company and the telephone number for our own advertising purposes as well as the sending out of these contents as per their express consent as defined by Section 6 Subsection 1 lit. a. and Section 7 GDPR.
9.2. To process registrations, we use ”MailChimp”, a marketing automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the marketing automation platform’s data protection provisions here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield and, due to this, provides a guarantee of observing the European level of data protection (https://www.privacyshield .gov/participant?id=a2zt0000000TO6hAAG&status=Active).
10. Regulations for applicants
10.1. By submitting your application via our website, you agree to the processing of your personal data as part of the recruiting process. This includes name, address, date of birth, phone number, e-mail address and any other data from the CV or other attachments.
10.2. If the application procedure is followed by the conclusion of an employment contract, the data transmitted by the applicant may be stored in the personnel file for the purpose of the usual organisational and administrative process in compliance with the legal regulations of relevant company from the MedSynApps Group.
10.3. If the conclusion of the application process does not follow the conclusion of a contract of employment, the applicant’s data will be stored for 2 months and then deleted completely. In case when you agreed for the data processing for future recruitment process your data will be stored until your consent withdrawal.
11. Inclusion in the talent pool
11.1. For candidates who are not candidates in a specific application process Candidates or their profile does not fit into a current vacancy (hereinafter referred to as “candidates” ), there is the possibility of inclusion in a relationship database of MedSynApps (hereinafter referred to as “talent pool” ). The type of database depends on your data controller. You will be specifically asked for a consent to be included in the talent pool by your respective data controller.
11.2. The processing of these data takes place in accordance with the explicit consent of the candidate in accordance with Art. 6 para. 1 lit. a. and Art. 7 GDPR.
12. Deletion of data
12.1. The data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the users’ data are not deleted because they are required for legally permitted purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of users who must be kept for commercial or tax reasons.
13. Right of revocation
13.1. Users can revoke future processing of their personal data according to statutory regulations at any time. The revocation may, in particular, be directed towards processing for purposes of direct marketing.
Rules for general equal treatment
For easier readability, a gender-specific representation, such as employee, is dispensed with. Appropriate terms apply in the sense of equal treatment, of course, for all genders.
The Company is fully committed to providing equality to individuals fairly and irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race including colour, ethnic or national origins and nationality, religion or belief or sexual orientation We aim to create a working environment that is free from discrimination and harassment in any form, in which all staff, customers and suppliers are treated with dignity and respect.