How we treat your private data
This Privacy Policy is intended to inform users of this website, in accordance with the Federal Data Protection Act (BDSG), the TDDDG, and the GDPR, about the nature, scope, and purpose of the collection and use of personal data by the website operator:
Med & IT Trading GmbH
Klötzlmüllerstr. 154
84034 Landshut
Germany
Phone: +49 (0) 871 974 08 03
Mail: info@medit-trading.de
Med & IT Trading GmbH is responsible for the content of www.medit-trading.de.
The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with legal regulations. Please note that data transmission over the Internet may generally be subject to security vulnerabilities. Complete protection against access by third parties cannot be guaranteed.
Access data
The website operator or page provider collects data about accesses to the site and temporarily stores them as server log files. Legal basis: GDPR Art. 6(1)(f). The following data is logged:
- the IP address
- the date and time of access
- the name and URL of the retrieved file
- the website from which the access occurred (referrer URL)
- the browser you are using and, if applicable, the operating system of your Internet-enabled computer as well as the name of your access provider
The data collected is used solely for order processing (e.g., preparing quotes, invoicing, delivery notes, etc.) as well as for purely internal company statistical evaluations and for improving the website. However, the website operator reserves the right to retrospectively check the server log files if there are concrete indications of illegal use.
Data processing during registration
It is possible to register as a customer or supplier. A password-protected customer account is created. The data involved is determined from the input form that is completed during registration. This data is used exclusively for internal, permanent storage of your personal data in a password-protected customer account. The IP address, the date, and the time of registration are saved.
Furthermore, a check is carried out to determine whether the customer is not a consumer. This check serves to exclude consumers, as the platform is aimed exclusively at B2B customers. The legal basis for this data processing is Art. 6 (1) (b) GDPR.
Data Processing in Connection with the Inquiry Process
Data processing in connection with inquiries is necessary to handle all aspects of the inquiry. The legal basis for this is Article 6(1)(b) of the GDPR. The specific data involved is determined by the form you fill out when submitting the inquiry.
The following data processing is required to execute the purchase contract:
Your email address is used to facilitate electronic communication regarding your order and its processing. The legal basis for this processing is Article 6(1)(c) of the GDPR.
To fulfill our contractual obligations, order data is transmitted to the supplier (parcel service, freight forwarder, etc.) delivering the goods or to specialized companies providing the booked services, and the data is made available for use for this purpose. The legal basis for this processing is Article 6(1)(b) of the GDPR.
To fulfill the contract, it may be necessary to forward the data to our payment service providers or to the designated financial institution. This depends on the selected payment method.
The following payment methods can be used:
- Payment in advance
- Invoice
- PayPal
Credit check
During the course of the ordering process, we reserve the right to check your creditworthiness for orders above a certain value. The credit check does not apply when paying in advance. For the purpose of the credit check, we transmit the necessary data (first and last name of the managing director, company, address data) to the following credit agencies:
a) Creditsafe Deutschland GmbH, Charlottenstr. 68-71, 10117 Berlin, Germany
b) Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany
c) Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
Based on mathematical and statistical procedures, corresponding assessments are carried out. Your address data is also included in the calculation of the probability score. You may object to the transfer of your data to credit agencies at any time in text form, for example by email, fax, or letter.
The legal basis for the credit check is Article 6(1)(f) GDPR. Our legitimate interest lies in the fact that we want to advance payment for the respective payment method and keep our credit risk as low as possible.
Further data processing
Furthermore, data is collected and recorded that you explicitly provide to us yourself. For example, during individual customer contact via e-mail, telephone, or on the platform when you use the option to enter data (such as login registration, booking forms, inquiry forms). The data intended for collection will be communicated to you according to their type before the respective process, unless it is already evident from the nature of the upcoming process (such as name and password during login registration or in the user data form: phone and e-mail).
Furthermore, usage data is collected that you leave behind when using the platform (such as performed article searches) and/or that is provided by the respective Internet provider when using the platform (including the IP address of your computer) and/or generated through e-tracking. Usage data may include personal or company-related data or allow conclusions to be drawn about such data.
Without your registration or login, anonymous usage data, such as the type of browser and operating system you use and which pages you have visited on the website, are transmitted by your browser when accessing the platform. The data collected in this way is not used to identify you or your company.
The usage data is automatically stored in server log files. These are used to make the handling of the platform’s functions more attractive and to ensure and improve its performance.
This constitutes a legitimate interest for us and is therefore based on the legal grounds of Article 6(1)(f) GDPR.
Contact by email, phone, or through the contact form
If you contact us by email, phone, or through a form on our website, we will store the data you provide (name, contact information, content of your inquiry) in order to process your inquiry and retain it in case of follow-up questions. The legal basis for this processing is Article 6(1)(b) of the GDPR, provided that your inquiry serves to initiate or fulfill a contractual relationship. In all other cases, the processing is based on our legitimate interest in effectively handling inquiries directed to us, in accordance with Article 6(1)(f) of the GDPR.
Your data will not be disclosed to third parties without your consent. It will be stored for the duration of the processing of your request and, beyond that, for the duration of statutory retention periods (in particular, commercial and tax law retention periods of up to 10 years in accordance with § 147 AO and § 257 HGB). Once these periods have expired, the data will be deleted, unless other statutory retention obligations apply or you have consented to further storage.
Hosting and Data Processing
Our website is hosted by an external service provider:
Alexander Manhart IT
Niederbayerbach 14
84181 Neufraunhofen
In providing hosting services, our service provider processes the personal data of our website visitors (e.g., IP addresses, access data, server log files) on our behalf. The legal basis for this processing is Article 6(1)(f) of the GDPR, in conjunction with our legitimate interest in ensuring the technically stable and secure provision of our online services.
We have entered into a data processing agreement with our hosting provider in accordance with Article 28 of the GDPR. This agreement ensures that the processing of our website visitors’ personal data is carried out only in accordance with our instructions and in compliance with the GDPR.
Spam Protection with Cloudflare Turnstile
To protect our website and, in particular, our forms (e.g., contact and inquiry forms) from automated access and misuse (such as by spam bots), we use “Cloudflare Turnstile,” a service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (“Cloudflare”). The provider for users in the European Economic Area is Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich.
Cloudflare Turnstile checks whether a form submission is being made by a human or by a bot. To do this, the service analyzes various technical characteristics of your device (including IP address, browser information, and behavior patterns). This data is transmitted to Cloudflare and analyzed there.
The legal basis for the processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting our website and the forms embedded on it from abusive automated use and spam.
Your data may be transferred to the United States and other third countries outside the EU/EEA. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses pursuant to Article 46(2) of the GDPR are in place. For more information on data processing by Cloudflare, please see Cloudflare’s Privacy Policy at https://www.cloudflare.com/privacypolicy/ and, specifically regarding Turnstile, at https://www.cloudflare.com/application-services/products/turnstile/.
Email campaigns
We send email campaigns (e.g. newsletters) only with the recipient’s consent in accordance with Art. 6(1)(a) GDPR. The data entered when registering for the MED & IT Trading information service is used exclusively for this purpose. By registering for the MED & IT Trading information service, you will receive information through various email campaigns about new and/or interesting products/articles for you, MED & IT Trading (e.g. e-procurement functionalities), webinars, competitions, and events. We pursue our own advertising purposes with this.
Subscribing to the newsletter takes place during online registration with a checkmark that approves the sending of the newsletter.
We record the receipt of the newsletter order.
The data is used exclusively for sending the newsletter and is not shared with third parties. Consent to receive email campaigns can be revoked at any time for the respective email campaign. The link to revoke consent can be found at the end of each email.
Consent Management with Complianz
On our website, we use the consent management tool “Complianz” from Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands, to obtain consent in compliance with the law for the storage of certain cookies on your device or for the use of certain technologies, and to document this consent in accordance with data protection regulations.
When you visit our website, a consent banner appears informing you about the cookies and technologies we use, allowing you to either actively accept, reject, or selectively choose them. Your consent or refusal is stored in a cookie in your browser so that the prompt does not have to be repeated every time you visit a new page. The relevant data will be stored until you request that we delete it, delete the Complianz cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention requirements remain unaffected.
The legal basis for the use of Complianz is Article 6(1)(c) of the GDPR, in conjunction with our legal obligation under Article 7(1) of the GDPR to be able to demonstrate that consent has been obtained for the processing of personal data.
Complianz processes consent data exclusively on servers located within the European Union. No data is transferred to third countries.
Cookies
This website uses cookies. These are small text files that are stored on your device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website.
Insofar as the use of cookies constitutes the processing of personal data, the use of cookies is based on the legal ground of Art. 6(1)(f) GDPR. Our legitimate interest is derived from website optimization, enabling us to present our offer in a safer and more user-friendly manner. This allows us to tailor the content of our website more specifically to your needs and thereby improve our offer for you.
Common browsers offer the option to refuse cookies. Note: There is no guarantee that you will be able to access all functions of this website without restrictions if you make the appropriate settings.
The duration of cookie storage depends on their purpose and is not the same for all.
Google Translator
On our website, we use the “Google Translate” translation service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When you activate the translation feature, the content of the page you are viewing, as well as your IP address, is transmitted to Google’s servers and automatically translated into the selected language. Your data may be transferred to the United States and other third countries outside the EU/EEA. Google is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses pursuant to Article 46(2) of the GDPR are in place.
The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the GDPR, which you provide via our cookie banner or by actively selecting the translation feature. You may withdraw your consent at any time with future effect by no longer using the translation feature or by adjusting your settings in the cookie banner. For more information on data processing by Google, please see Google’s Privacy Policy at https://policies.google.com/privacy and the EU-U.S. Data Privacy Framework at https://www.dataprivacyframework.gov.
Our website is available in German and English. Google Translate is provided solely as a supplementary feature for visitors who need another language.
Deletion of personal data
Data that we store will be blocked from further use when the corresponding authorization ceases, particularly after the purpose has been achieved, and will be deleted after the expiration of tax and commercial retention periods, unless you have explicitly consented to the continued use of your data or something else has been contractually agreed.
Data security
In order to protect your data against accidental or unlawful deletion, disclosure, access, manipulation, loss and other misuse, we take appropriate technical and organizational measures.
For your security, your data is encrypted using an SSL website certificate (Secure Socket Layer). SSL is an encryption standard that is also used, for example, in online banking. You can recognize a secure SSL connection by the added “s” in “http” — i.e. “https://…” — in your browser’s address bar, or by the padlock icon in your browser.
Please bear in mind that safety when using the Internet depends on various circumstances and cannot be guaranteed at all times without gaps.
Overview of your rights
- Right of access
You may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the origin of your data, if it was not collected directly from you. - Right to rectification
You may request that inaccurate data be corrected or that correct data be completed. - Right to erasure
You may request the erasure of your personal data. - Right to data portability
You have the right to receive the personal data you have provided in a commonly used, machine-readable format and to request its transmission to another controller. - Right to lodge a complaint
You may contact the supervisory authority of your habitual residence or our competent supervisory authority. Für uns ist zuständig: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, https://www.lda.bayern.de/ - Right to restriction of processing
You can exercise the right to restrict data processing if the accuracy of the personal data is contested, if processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of their use, if the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise, or defend legal claims, or if the data subject has objected to processing pursuant to Art. 21 GDPR, as long as it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject. - Right to object
The general right to object applies to all processing activities described here that are carried out on the basis of Article 6(1)(f) GDPR. Unlike the processing described under “Data processing for marketing purposes”, we are only obliged to comply with your objection if you provide grounds relating to your particular situation which are of overriding importance. - Right to Withdraw Consent
You may revoke your consent at any time with future effect, without affecting the lawfulness of the processing that took place prior to the revocation.