Privacy Policy
Data Protection: your Right – our Duty
You can rest assured that your personal data will be protected and remain secure. The protection of your privacy and your rights in the processing of personal data is an important concern for FIOR & GENTZ Gesellschaft für Entwicklung und Vertrieb von orthopädietechnischen Systemen mbH, which we take into account in all our business processes.
We therefore wish to inform you of the basic rules governing the way we handle personal data.
How We Use your Data
FIOR & GENTZ Gesellschaft für Entwicklung und Vertrieb von orthopädietechnischen Systemen mbH collects, processes and uses all personal data arising from your visits to our online services only in accordance with the applicable regulations for the protection of personal data.
We only use the personal data for the purposes stated in this Privacy Policy (for example to process inquiries or to fulfil orders for medical devices). When we collect personal data via forms, we will inform you of the purpose of its collection and other details in accordance with the provisions of Art. 13 of the GDPR. The use of such data for other purposes is excluded.
Controller
The controller, who is responsible for processing your data, within the meaning of the General Data Protection Regulation (GDPR) is:
FIOR & GENTZ Gesellschaft für Entwicklung und Vertrieb von orthopädietechnischen Systemen mbH
Dorette-von-Stern-Straße 5
21337 Lüneburg (Germany)
Information Collected by Us
You can use almost the entirety of this website without us requiring personal data from you. Only a few offerings and services that you will find on our pages require you to provide personal data for their use.
1. Provision of the Website
When you use the website’s Internet services, the Internet servers (web servers) automatically record and evaluate technical access data (browser type, browser version, operating system used, referrer URL, host name, time of server request, IP address). However, this data cannot be attributed to a specific person; the individual user remains anonymous. This data is not merged with any other data. The legal basis for this processing is Art. 6(1) lit. a GDPR (legitimate interest for the purpose of technically error-free presentation and optimisation of the website). The data is stored only for as long as is necessary for the stated purpose.
2. Cookies
We would like to point out that these web pages use cookies. Cookies are text files that are stored in the web browser on your computer system. The legal basis for the use of cookies is Art. 6(1)(a) of the GDPR (consent to processing for statistical purposes, for optimisation of the presentation or for marketing purposes). If you choose not to accept the use of cookies, some offerings of the website may be unavailable or limited.
Information about the cookies used:
Website | |||||
Name | Purpose | Length of Storage | Provider | Type |
|
fe_typo_user | This cookie is a TYPO3 standard session cookie. It stores the access data entered when you log in to a protected area. | duration of the session | TYPO3 Association, Sihlbruggstrasse 105, 6340 Baar, Switzerland | HTTP | necessary |
typo3_geoip_target | GeoIP Cookie forwards the user to the appropriate national version. | 1 month | FIOR & GENTZ | HTTP | necessary |
rc::c | distinguishes between humans and bots | duration of the session | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTML | necessary |
_ga | registers a unique ID, which is used to generate statistical data on your usage of the website | 2 years | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gid | registers a unique ID, which is used to generate statistical data on your usage of the website | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gat | The _gat_UA cookie also contains the identity number (_gat_ <***>) of the Google Analytics account or website to which the cookie refers. | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gcl_au | is used by Google AdSense for advertising efficiency on web pages | 3 months | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | marketing |
r/collect | transmits data about your device and browsing behaviour to Google Analytics | duration of the session | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | pixel | marketing |
Webshop | |||||
Name | Purpose | Length of Storage | Provider | Type |
|
ASPSESSIONID | records your actions for all page queries | duration of the session | Microsoft Corporation, One Microsoft Way, Redmond, WA USA | HTTP | necessary |
_ga | registers a unique ID, which is used to generate statistical data on your usage of the website | 2 years | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gid | registers a unique ID, which is used to generate statistical data on your usage of the website | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gat | The _gat_UA cookie also contains the identity number (_gat_ <***>) of the Google Analytics account or website to which the cookie refers. | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | statistics |
_gcl_au | is used by Google AdSense for advertising efficiency on web pages | 3 months | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | marketing |
r/collect | transmits data about your device and browsing behaviour to Google Analytics | duration of the session | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | pixel | marketing |
Orthosis Configurator | |||||
Name | Purpose | Length of Storage | Provider | Type |
|
ASP.NET_SessionId | records your actions for all page queries | duration of the session | Microsoft Corporation, One Microsoft Way, Redmond, WA USA | HTTP | technical |
ASPSESSIONID | records your actions for all page queries | duration of the session | Microsoft Corporation, One Microsoft Way, Redmond, WA USA | HTTP | technical |
_ga | registers a unique ID, which is used to generate statistical data on your usage of the website | 2 years |
| HTTP | marketing |
_gid | registers a unique ID, which is used to generate statistical data on your usage of the website | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | marketing |
_gat | The _gat_UA cookie also contains the identity number (_gat_ <***>) of the Google Analytics account or website to which the cookie refers. | 1 day | Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | HTTP | marketing |
The website also uses cookies that are essential for the technical operation of the website. These do not contain any personal information and are not read by any third party.
3. Contact Form and Email Contact
Our website includes a contact form, which you can use for sending enquiries to us. In order to respond to your enquiry, both the email address field and the text field detailing your enquiry (both mandatory fields) will need to be completed.
Any further information is voluntary. Alternatively, it is also possible to contact us via the specified email address. The data associated with your enquiry will be processed by us for the purpose of responding. The legal basis for the processing is Art. 6(1) lit. a GDPR. The purpose of the processing is to deal with your enquiry. The stored data will be erased if the purpose of the processing ceases to exist and there are no further legal or contractual retention obligations. As a rule, the data associated with your enquiries will be retained for 12 months unless another processing purpose (such as an order or quotation) arises from the enquiry.
4. EXPERTMAIL – the FIOR & GENTZ Newsletter
Our website offers a facility for subscribing to EXPERTMAIL. For this purpose, the following data is collected and stored for the purpose of sending you the newsletter and to ensure verifiability:
- email address,
- date and time of registration,
- date and time of the confirmation email (double opt-in procedure).
The legal basis is Art. 6(1)(a) of the GDPR (Consent). When you subscribe to our newsletter, your consent is obtained and we refer you to this Privacy Policy. This involves the use of a double-opt-in procedure. After you have given your consent, we will send you an email with a confirmation link to complete the subscription process. You can withdraw your consent to being sent our EXPERTMAIL newsletter at any time with future effect. Your data will then be deleted immediately unless there are legal or contractual retention obligations to the contrary.
Payment with PayPal
PayPal assumes the function of an online payment service provider as well as a trustee and offers buyer protection services. By selecting and using payment via PayPal or PayPal Plus (credit card/direct debit) as part of your order process, the data required for payment processing is automatically transmitted to PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, and serves to fulfil the contract in accordance with Article 6 (1) (b) GDPR.
The personal data transmitted to PayPal generally includes first name, surname, address, email address, IP address and other data required for payment processing. Personal data relating to the respective order (e.g. number of items, item number, invoice amount, taxes and other invoice information) is also required to fulfil the purchase contract.
The transmission of your data is necessary for payment processing via PayPal and serves the purpose of confirming your identity and administering your payment order. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be authorised to process your personal data if it is necessary for contractual payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal and direct debit via PayPal. For this purpose, your payment data will be disclosed to credit agencies in accordance with Article 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your willingness and ability to pay. We do not have any influence on this process and only receive the result as to whether the payment has been made or rejected or whether a review is pending.
You can find PayPal's Privacy Statement at https://www.paypal.com/ad/legalhub/privacy-full.
PayPal is not a processor as defined by Article 4 (8) GDPR with its own responsibility.
Integration of Third-Party Services and Content
Our website may contain links to other websites that are outside our control and to which this Privacy Policy does not apply. If you access other websites using the links provided, the operators of these websites may collect information about you that they use in accordance with their own Privacy Policy, which may differ from ours.
When processing your personal data, we may share it with various recipients in different situations. Recipients of personal data may be organisations that support the controller in the course of its business activities, in particular banks, courier and transport companies, external bodies that provide IT support, companies that carry out internal controls/audits on behalf of the controller or provide services that we use on the website, or authorities on the basis of applicable laws. We always adhere to the principle of using data only for specific purposes and we collect, process and store your personal data only for the purposes for which you have communicated it to us. Your personal data will not be shared with third parties without your explicit consent except where necessary for the provision of the service or for the execution of the contract.
We utilise content from the following third-party service providers on the legal basis of Art. 6(1) lit. a GDPR:
YouTube
This website uses videos from YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to present our company and our services.
The videos on the FIOR & GENTZ website are embedded locally, i.e. no personal data will be disclosed to any third parties. However, when using our YouTube link, please note that you are directed to the YouTube website. When you access our videos on the YouTube platform, Google Ireland Ltd., as the operator of the platform in the EU, will process your data (personal information, IP address, etc.).
You can view YouTube’s data protection policy at https://policies.google.com/privacy.
Instagram
On this social media platform, we share responsibility with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The legal basis for the resulting processing of personal data described below is Art. 6(1) lit. a GDPR. Our legitimate interest lies in the analysis, communication, sales and promotion of our products and services.
When you access our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU, will process your data (personal information, IP address, etc.).
You can view Instagram’s data protection policy at https://help.instagram.com/519522125107875.
Google Analytics
We use Google Analytics to analyse website usage. The data obtained is used to optimise our website and advertising measures. The legal basis for the processing is Art. 6(1) lit. a GDPR.
Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes website usage data and is contractually committed to measures to ensure the security and confidentiality of the data processed.
The service uses cookies, which are stored on your device for up to two years. The information gathered by the cookies is usually sent to a Google server in the USA and stored there. The recorded data is stored with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
You can find more information on the usage of data by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=en.
Google Maps
We use Google Maps on our website to show you locations better and thus adapt our service to your needs. The legal basis for the processing is Art. 6(1) lit. a GDPR. Google Maps is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes website usage data and is contractually committed to measures to ensure the security and confidentiality of the data processed. In order for Google Maps to fully provide its service, data from you will be recorded and stored. These include, among others, the search terms entered, your IP address and GPS coordinates (latitude and longitude). If you are using the route planner function, the start address entered is also saved. This data storage occurs on the Google Maps websites. We can only inform you of this, but cannot influence it. Since Google Maps is integrated into our website, Google sets at least one cookie (name: NID) in your browser. This cookie saves data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising. The information gathered by the cookies is usually sent to a Google server in the USA and stored there. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/inside/locations/?hl=en
Google stores some data for a set period of time. For other data, Google only provides the option to delete it manually. The company also anonymises information, such as advertising data, in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively. The automatic location and activity data deletion feature stores location and web and app activity information for either 3 or 18 months – depending on your decision – and then deletes it. In addition, you can also manually delete this data from your history at any time via your Google account. If you want to completely prevent location tracking, you need to pause the "Web and App Activity" section in your Google Account. Click "Data and Personalisation" and then the "Activity Setting" option. Here you can switch the activities on or off.
You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.
You can find more information on the usage of data by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=en
Facebook is an online service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Both are referred to as "Facebook" here.
The legal basis is Art. 6(1) lit. a GDPR: Our legitimate interest lies in improving the quality of our web presence.
Facebook provides further information about the collection and use of data and also your rights and protection options at:
- Data policy: https://www.facebook.com/policy
- Pursuant to Art. 26(1) sentence 2 of the GDPR, responsibility with regard to the processing of Insights data is explained at https://www.facebook.com/legal/terms/page_controller_addendum
- Facebook opt-out: Your ad preferences
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen and http://www.youronlinechoices.com - Facebook Data Protection Officer: https://www.facebook.com/help/contact/540977946302970
Privacy Protection for Persons under the Age of 16 on the Internet
FIOR & GENTZ Gesellschaft für Entwicklung und Vertrieb von orthopädietechnischen Systemen mbH will not knowingly collect or use personal data from minors (under the age of 16) in any form. Generally, we do not know the age of the person visiting our websites. However, we have not taken any specific measures to protect such data to a particular degree. Persons under the age of 16 may not transmit any personal data without the express consent of their parents or guardians.
Your Rights Regarding the Processing of Your Data
Right of Access: You have the right to request confirmation from the controller as to whether personal data concerning you is being processed; if this is the case, you have a right of access to this personal data and to the information specified in Art. 15 of the GDPR.
Right to Rectification: You have the right to request the controller to rectify any incorrect personal data concerning you without delay and, if necessary, to complete incomplete personal data (Art. 16 of the GDPR).
Right to Erasure: You have the right to request the controller to delete personal data concerning you without delay if any of the reasons specified in Art. 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).
Right to Restriction of Processing: You have the right to request the controller to restrict processing if any of the conditions specified in Art. 18 of the GDPR applies, e.g. if you have lodged an objection to processing, for the duration of the review by the controller.
Notification Obligation: You have the right to be informed about the recipients of personal data. The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article16, Article 17(1) and Article 18 to each recipient, unless this proves impossible or involves disproportionate effort (Art. 19 of the GDPR).
Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another controller, if technically feasible, (Art. 20 of the GDPR).
Right to Object: You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. The controller will then no longer process the personal data unless they can demonstrate compelling grounds for processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 of the GDPR).
Right to Lodge a Complaint: You have the right of appeal to a supervisory authority, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data concerning you is contrary to the GDPR (Art. 77 of the GDPR). You may exercise this right before a supervisory authority in the Member State where you reside or work, or where the alleged infringement occurred. The responsible supervisory authority for Lower Saxony is:
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover
Security of Your Data
The data provided by you to FIOR & GENTZ Gesellschaft für Entwicklung und Vertrieb von orthopädietechnischen Systemen mbH is protected by suitable technical and organisational means with the aim of securing your data against accidental or intentional manipulation, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are continuously monitored and improved in accordance with technological developments and organisational possibilities.
Data Protection Officer
For further information, please contact our data protection officer at any time: datenschutz(at)hbsn-gruppe.de