M Assist | Datenschutz

Privacy statement

Part 1: Information on data protection about our data processing in accordance with articles (art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
(As of 03.01.2025)

We take data protection seriously and hereby inform you how we process your data and what claims and rights you have under data protection regulations. Valid from 03.01.2025.

1. Body responsible for data processing and contact details

Responsible body in terms of data protection law

M Assist GmbH
Camp-Spich-Strasse 5
53842 Troisdorf
Phone: +49 2241-1270-50
Fax: +49 2241-1270-590

Contact details of our data protection officer:

HEC Harald Eul Consulting GmbH
M-Assist GmbH Data Protection Officer
At level 34
50321 Brühl

datenschutz-massist@he-c.de

2. Purposes and legal basis on which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and in which way is used depends largely on the services requested or agreed upon in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. when using our website or our terms and conditions). In addition, this data protection information may be updated from time to time as you visit our website www.massist.de or www.m-assist.de can extract.

2.1 Purposes for fulfilling a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

Personal data is processed to carry out our contracts with you and to carry out your orders as well as to carry out measures and activities within the framework of pre-contractual relationships, e.g. with interested parties. In particular, the processing is used to provide consulting services in the healthcare sector in accordance with your orders and wishes and includes the necessary services, measures and activities. This primarily includes contract-related communication with you, the traceability of transactions, orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to manage and optimize business processes and to fulfill general due diligence obligations, management and control by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax evaluation of operational services, risk management, assertion of legal claims and defense in the event of legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant safety, ensuring and exercising property rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of crimes; control by supervisory bodies or supervisory bodies (e.g. auditing).

2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

In addition to the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect the legitimate interests of us or third parties, in particular for purposes:

advertising or market and opinion research, provided that you have not objected to the use of your data;
obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
the review and optimization of needs assessment procedures;
the development of services and products as well as existing systems and processes;
the disclosure of personal data as part of due diligence during company sales negotiations;
to compare with European and international anti-terrorist lists, insofar as legal obligations go beyond legal obligations;
enriching our data, including by using or researching publicly available data;
statistical evaluations or market analysis;
benchmarking;
asserting legal claims and defending legal disputes that are not directly attributable to the contractual relationship;
the limited storage of data if deletion is not possible due to the particular type of storage or is only possible with disproportionate effort;
the development of scoring systems or automated decision-making processes;
preventing and investigating criminal offences, unless exclusively to comply with legal requirements;
building and plant security (e.g. through access controls and video surveillance), as far as general due diligence requirements go beyond general due diligence requirements;
internal and external investigations, safety reviews;
possibly listening to or recording telephone calls for quality control and training purposes;
obtaining and maintaining certifications of a private or regulatory nature;
ensuring and exercising property rights through appropriate measures as well as through video surveillance to protect our customers and employees as well as to secure evidence of criminal offences and prevent them, as well as to prove compliance with data protection, in particular access monitoring to data processing rooms.

2.3 Purposes within the scope of your consent (Article 6 (1) a GDPR)

Your personal data may also be processed for specific purposes (e.g. use of your email address for marketing purposes) based on your consent. As a rule, you can cancel this at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. You will be informed separately about the purposes and consequences of withdrawing or not granting consent in the corresponding text of the consent.
In principle, the withdrawal of consent is only effective for the future. Processing that took place before the withdrawal is not affected and remains lawful.

2.4 Purposes to comply with legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like everyone who participates in economic activity, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws, social code; medical device law), but also, where applicable, regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, preventing, combating and clarifying terrorist financing and asset-endangering crimes, reconciliation with European and international anti-terrorist lists, compliance with European and international anti-terrorist lists, compliance with tax control Reporting and data archiving requirements for data protection and data security purposes as well as auditing by tax and other authorities. In addition, disclosure of personal data may be required as part of authorities/court measures for the purposes of collecting evidence, prosecuting or enforcing civil claims.

3. The categories of data processed by us, insofar as we do not receive data directly from you, and their origin

To the extent necessary to provide our services, we process personal data legitimately received from other companies or other third parties (e.g. healthcare providers). We also process personal data that we have legitimately taken, received or acquired from publicly available sources (such as telephone directories, trade and association registers, debtor registers, land registers, press, Internet and other media).

Relevant categories of personal data may include in particular:

personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
contact details (address, email address, telephone number and comparable data)
Address data (registration data and comparable data)
Payment and coverage confirmation for bank and credit cards
Information about your financial situation (credit rating data including scoring, i.e. data to assess economic risk)
customer history
Data about your use of the telemedia we offer (e.g. time of access to our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)
video data
Patient data and billing data in accordance with SGB V
Invoicing documents in accordance with SGB V

(explanatory forms; prescription images; delivery records; confirmations of use of medical devices; maintenance and service information on medical devices with settings, etc.)

4. Recipients or categories of recipients of your data

Within our company, those internal offices or organizational units that need it to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interest will receive your data. Your data will be passed on to external bodies solely

In connection with contract execution;
for purposes of complying with legal requirements, according to which we are obliged to provide information, report or share data, or
transfer of data is in the public interest (see section 2.4);
insofar as external service providers process data on our behalf as contract processors or function providers (e.g. external data centers, support/maintenance of IT/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility check, data destruction, purchasing/procurement, customer management, letter shops, marketing, media technology, research, risk controlling, billing, Economics, website management, hosting audit service, credit institutions, printing houses or companies for data disposal, courier services, logistics);
based on our legitimate interest or the legitimate interest of the third party for the purposes set out in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, gooders, affiliated companies and committees and supervisory bodies);
if you have given us consent to transfer data to third parties.

We will not share your data with third parties beyond that. Insofar as we engage service providers as part of order processing, your data is subject to the same security standards there as ours. In other cases, recipients may only use the data for the purposes for which it was transmitted to them.

5. Duration of storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various storage and documentation obligations, including the Commercial Code (HGB) and the Tax Code (AO), SGB V of the Medical Devices Ordinance (traceability). The storage and documentation periods specified there are up to ten years beyond the end of the business relationship or pre-contractual legal relationship.

In addition, special legal regulations may require a longer storage period, such as the preservation of evidence within the framework of statutory statutes of limitations. According to Sections 195 et seq. of the Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also apply.

If the data is no longer required to fulfill contractual or legal obligations and rights, they are regularly deleted, unless their - temporary - further processing is necessary for the fulfilment of the purposes listed in section 2.2 for an overriding legitimate interest. Such an overriding legitimate interest exists, for example, even if deletion is not possible due to the particular type of storage or is only possible with disproportionate effort and processing for other purposes is ruled out by suitable technical and organizational measures.

6. Processing of your data in a third country or by an international organization

Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary to execute an order/contract from or with you, if it is required by law (e.g. tax reporting requirements), if it is in the context of a legitimate interest of us or a third party, or if you have given us consent.
Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing. Insofar as there is no decision by the EU Commission on an adequate level of data protection in the country concerned, in accordance with EU data protection requirements, we ensure through appropriate contracts that their rights and freedoms are adequately protected and guaranteed. We will provide you with relevant detailed information upon request.

Information about the appropriate or appropriate guarantees and the opportunity to obtain a copy from you can be requested from the company data protection officer.

7. Your data protection rights

Under certain conditions, you can assert your data protection rights against us

For example, you have the right to receive information from us about your data stored by us in accordance with the rules of Article 15 GDPR (possibly with restrictions under Section 34 BDSG).
At your request, we will correct the data stored about you in accordance with Article 16 GDPR if it is incorrect or incorrect.
If you wish, we will delete your data in accordance with the principles of Article 17 GDPR, provided that other legal regulations (e.g. statutory storage obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
Taking into account the requirements of Article 18 GDPR, you can request us to restrict the processing of your data.
You can also object to the processing of your data in accordance with Article 21 GDPR, as a result of which we must stop processing your data. However, this right of objection only applies if there are very special circumstances relating to your personal situation, although our company's rights may conflict with your right of objection.
You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Article 20 GDPR or to transfer it to a third party.
In addition, you have the right to withdraw any consent you have given us to process personal data at any time with effect for the future (see section 2.3).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.

If possible, your requests to exercise your rights should be addressed in writing to the address given above or directly to our data protection officer.

8. Scope of your obligations to provide us with your data

You only need to provide the data that is necessary to enter into and carry out a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also relate to data required later as part of the business relationship. If we also request data from you, you will be notified separately that the information is voluntary.

9. Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making processes in accordance with Article 22 GDPR. Should we use such a procedure in individual cases in future, we will inform you separately, provided that this is required by law.

We may process some of your data with the aim of evaluating certain personal aspects (profiling).

In order to be able to provide you with targeted information and advice about products, we may use evaluation tools. These enable needs-based product design, communication and advertising, including market and opinion research.

Such procedures can also be used to assess your creditworthiness and creditworthiness and to combat money laundering and fraud. So-called “score values” can be used to assess your creditworthiness and creditworthiness. Scoring uses mathematical methods to calculate the probability that a customer will meet his payment obligations in accordance with the contract. Such score values therefore support us, for example, in assessing creditworthiness, making decisions in the context of product transactions and are incorporated into our risk management. The calculation is based on mathematically and statistically recognized and proven methods and is based on your data, in particular income, expenditure, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies.

Information on nationality and special categories of personal data in accordance with Article 9 GDPR are not processed here.

Information about your right to object Art. 21 GDPR

‍

1. You have the right to object at any time to the processing of your data, which is based on Article 6 (1) f GDPR (data processing based on a balance of interests) or Article 6 (1) e GDPR (data processing in the public interest), if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is associated with such direct marketing. We will consider this contradiction for the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made form-free and should, if possible, be addressed to

M Assist GmbH

Camp Spich Street 5

53842 Troisdorf

‍

Part 2: Supplementary data protection information for our website (as of April 17, 2024)

‍

‍1. Data protection at a glance

‍

General notes

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in our Part 1 Information on data protection about our data processing in accordance with articles (art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR).

Data collection on this website

‍

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the “Information about the responsible body” section of this privacy policy.

‍

How do we collect your information?

On the one hand, your data is collected when you provide it to us. This could be data that you enter in a contact form, for example.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. Internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.

‍

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data can be used to analyze your user behavior.

‍

What are your rights with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can withdraw this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this and if you have any further questions about data protection.

‍

Analytical tools and tools from third parties

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

‍

2nd hosting

We host the content of our web shop with the following provider:

‍

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyses visitor numbers, visitor sources and customer behavior, and creates user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other information related to the purchase (such as phone number, amount of sales made, etc.). Shopify stores cookies in your browser for analytics.

‍

For details, see Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

Shopify is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.

We host the content of our website with the following provider:

‍

Webflow

The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.

‍

Webflow is a tool for building and hosting websites. Webflow stores cookies or other recognition technologies that are necessary to display the page, to provide certain website functions and to ensure security (necessary cookies).

For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.

‍

Webflow is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.

‍

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active

‍

Order processing

We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

‍

3. General information and mandatory information

‍

Storage period

Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.

‍

General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, provided that special categories of data are processed in accordance with Article 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. The consent can be withdrawn at any time. If your data is necessary to fulfill a contract or to carry out pre-contractual measures, we process your data on the basis of Article 6 (1) (b) GDPR. We also process your data insofar as it is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c DSGVO. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO. The following paragraphs of this privacy policy provide information on the relevant legal bases in each individual case.

‍

Note on the transfer of data to third countries that are not secure under data protection law and the transfer to US companies that are not DPF certified

Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified according to the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that in third countries that are uncertain about data protection law, no level of data protection comparable with the EU can be guaranteed.

We would like to point out that, as a safe third country, the USA generally has a level of data protection comparable to the EU. Data transfer to the USA is permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

‍

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is activated, the data that you submit to us cannot be read by third parties.

‍

4. Data collection on this website

‍

Cookies

Our websites use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies make it possible to integrate certain services from third-party companies within websites (e.g. cookies to process payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is provided. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG); consent can be withdrawn at any time.

You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

‍

Privacy statement

Part 1: Information on data protection about our data processing in accordance with articles (art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
(As of 03.01.2025)

We take data protection seriously and hereby inform you how we process your data and what claims and rights you have under data protection regulations. Valid from 03.01.2025.

1. Body responsible for data processing and contact details

Responsible body in terms of data protection law

M Assist GmbH
Camp-Spich-Strasse 5
53842 Troisdorf
Phone: +49 2241-1270-50
Fax: +49 2241-1270-590

Contact details of our data protection officer:

HEC Harald Eul Consulting GmbH
M-Assist GmbH Data Protection Officer
At level 34
50321 Brühl

datenschutz-massist@he-c.de

2. Purposes and legal basis on which we process your data

2.1 Purposes for fulfilling a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

advertising or market and opinion research, provided that you have not objected to the use of your data;
obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
the review and optimization of needs assessment procedures;
the development of services and products as well as existing systems and processes;
the disclosure of personal data as part of due diligence during company sales negotiations;
to compare with European and international anti-terrorist lists, insofar as legal obligations go beyond legal obligations;
enriching our data, including by using or researching publicly available data;
statistical evaluations or market analysis;
benchmarking;
asserting legal claims and defending legal disputes that are not directly attributable to the contractual relationship;
the limited storage of data if deletion is not possible due to the particular type of storage or is only possible with disproportionate effort;
the development of scoring systems or automated decision-making processes;
preventing and investigating criminal offences, unless exclusively to comply with legal requirements;
building and plant security (e.g. through access controls and video surveillance), as far as general due diligence requirements go beyond general due diligence requirements;
internal and external investigations, safety reviews;
possibly listening to or recording telephone calls for quality control and training purposes;
obtaining and maintaining certifications of a private or regulatory nature;
ensuring and exercising property rights through appropriate measures as well as through video surveillance to protect our customers and employees as well as to secure evidence of criminal offences and prevent them, as well as to prove compliance with data protection, in particular access monitoring to data processing rooms.

2.3 Purposes within the scope of your consent (Article 6 (1) a GDPR)

2.4 Purposes to comply with legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

3. The categories of data processed by us, insofar as we do not receive data directly from you, and their origin

Relevant categories of personal data may include in particular:

personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
contact details (address, email address, telephone number and comparable data)
Address data (registration data and comparable data)
Payment and coverage confirmation for bank and credit cards
Information about your financial situation (credit rating data including scoring, i.e. data to assess economic risk)
customer history
Data about your use of the telemedia we offer (e.g. time of access to our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)
video data
Patient data and billing data in accordance with SGB V
Invoicing documents in accordance with SGB V

(explanatory forms; prescription images; delivery records; confirmations of use of medical devices; maintenance and service information on medical devices with settings, etc.)

4. Recipients or categories of recipients of your data

In connection with contract execution;
for purposes of complying with legal requirements, according to which we are obliged to provide information, report or share data, or
transfer of data is in the public interest (see section 2.4);
insofar as external service providers process data on our behalf as contract processors or function providers (e.g. external data centers, support/maintenance of IT/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility check, data destruction, purchasing/procurement, customer management, letter shops, marketing, media technology, research, risk controlling, billing, Economics, website management, hosting audit service, credit institutions, printing houses or companies for data disposal, courier services, logistics);
based on our legitimate interest or the legitimate interest of the third party for the purposes set out in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, gooders, affiliated companies and committees and supervisory bodies);
if you have given us consent to transfer data to third parties.

5. Duration of storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

6. Processing of your data in a third country or by an international organization

Information about the appropriate or appropriate guarantees and the opportunity to obtain a copy from you can be requested from the company data protection officer.

7. Your data protection rights

Under certain conditions, you can assert your data protection rights against us

For example, you have the right to receive information from us about your data stored by us in accordance with the rules of Article 15 GDPR (possibly with restrictions under Section 34 BDSG).
At your request, we will correct the data stored about you in accordance with Article 16 GDPR if it is incorrect or incorrect.
If you wish, we will delete your data in accordance with the principles of Article 17 GDPR, provided that other legal regulations (e.g. statutory storage obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
Taking into account the requirements of Article 18 GDPR, you can request us to restrict the processing of your data.
You can also object to the processing of your data in accordance with Article 21 GDPR, as a result of which we must stop processing your data. However, this right of objection only applies if there are very special circumstances relating to your personal situation, although our company's rights may conflict with your right of objection.
You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Article 20 GDPR or to transfer it to a third party.
In addition, you have the right to withdraw any consent you have given us to process personal data at any time with effect for the future (see section 2.3).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.

If possible, your requests to exercise your rights should be addressed in writing to the address given above or directly to our data protection officer.

8. Scope of your obligations to provide us with your data

9. Existence of automated decision-making in individual cases (including profiling)

We may process some of your data with the aim of evaluating certain personal aspects (profiling).

Information on nationality and special categories of personal data in accordance with Article 9 GDPR are not processed here.

Information about your right to object Art. 21 GDPR

‍

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made form-free and should, if possible, be addressed to

M Assist GmbH

Camp Spich Street 5

53842 Troisdorf

‍

Part 2: Supplementary data protection information for our website (as of April 17, 2024)

‍

‍1. Data protection at a glance

‍

General notes

Data collection on this website

‍

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the “Information about the responsible body” section of this privacy policy.

‍

How do we collect your information?

On the one hand, your data is collected when you provide it to us. This could be data that you enter in a contact form, for example.

‍

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data can be used to analyze your user behavior.

‍

What are your rights with regard to your data?

You can contact us at any time about this and if you have any further questions about data protection.

‍

Analytical tools and tools from third parties

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

‍

2nd hosting

We host the content of our web shop with the following provider:

‍

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).

‍

For details, see Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

We host the content of our website with the following provider:

‍

Webflow

‍

For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.

‍

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.

‍

Order processing

‍

3. General information and mandatory information

‍

Storage period

‍

General information on the legal basis of data processing on this website

‍

Note on the transfer of data to third countries that are not secure under data protection law and the transfer to US companies that are not DPF certified

‍

SSL or TLS encryption

If SSL or TLS encryption is activated, the data that you submit to us cannot be read by third parties.

‍

4. Data collection on this website

‍

Cookies

You can find out which cookies and services are used on this website in this privacy policy.

‍

Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is made to Cookiebot's servers to obtain your consent and other explanations about cookie usage. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

‍

Order processing

‍

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

Hubspot CRM allows us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media, or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

‍

Hubspot CRM is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in customer management and customer communication as efficiently as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.

For details, see Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

‍

Order processing

‍

Using Hubspot to book appointments

We use the services of Hubspot, Inc. (25 First Street, Cambridge, MA 02141, USA) and its German branch Hubspot Germany GmbH (Am Postbahnhof 17, 10243 Berlin) as an appointment booking tool. Hubspot allows you to easily make appointments with us online. The data that you provide when booking an appointment (e.g. name, email address, telephone number, date and time of the appointment) is processed by Hubspot and stored on servers in the USA.

Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your data will be used exclusively for the purpose of making an appointment and organizing our contact with you.

Hubspot is certified under the EU-US Data Privacy Framework, which supports an appropriate level of data protection in accordance with the requirements of the GDPR. For more information about HubSpot's certification, visit the official Privacy Shield List website https://www.dataprivacyframework.gov/list.

Your data will only be stored for as long as is necessary for the purposes for which it was collected or until you withdraw your consent.

You can withdraw your consent to the processing of your personal data at any time. Please contact us using the contact details provided in this privacy policy.

‍

Contact form

If you send us inquiries via the contact form, we will store your details from the enquiry form, including the contact details you provided there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.

‍

5. Social media

‍

Instagram

Features of the Instagram service are integrated on this website. These features are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

‍

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thus receives information about your visit to this website.

‍

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement is available at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) with regard to the data processed by Facebook or Instagram directly with Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.

‍

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

‍

Linkedin

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains LinkedIn elements, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website using your IP address. If you click on LinkedIn's “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by LinkedIn.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

‍

XING

This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time you access one of our pages that contains XING elements, a connection to XING servers is established. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored or usage behavior is evaluated.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.

Further information on data protection and the XING share button can be found in XING's privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.

‍

6. Analysis tools and advertising

‍

Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
‍

Google Analytics enables the website operator to analyze the behavior of website visitors. Here, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
‍

‍

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

‍

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

‍

Google signals

We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, Google Signal links visitor data to your Google account and uses it for personalized advertising messages. The data is also used to compile anonymized statistics on the user behavior of our users.

‍

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

‍

Google Analytics e-commerce measurement

This website uses the “e-commerce measurement” feature of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the buying behavior of website visitors to improve their online marketing campaigns. This includes information such as the orders placed, average order values, shipping costs and the time from viewing to buying a product. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

‍

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, Google Tag Manager collects your IP address, which can also be transferred to Google's parent company in the United States.
‍

Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on his website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.
‍

‍

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
‍

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms on Google (keyword targeting). In addition, targeted advertisements can be displayed based on user data available on Google (e.g. location data and interests) (target group targeting). As a website operator, we can quantitatively evaluate this data, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
‍

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
‍

Google AdSense (not personalized)

This website uses Google AdSense, a service to integrate advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
‍

We use Google AdSense in “non-personalized” mode. In contrast to personalized mode, the ads are therefore not based on your previous user behavior and no user profile is created by you. Instead, so-called “contextual information” is used when selecting advertising. The selected ads are then based on, for example, your location, the content of the website you are on, or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.
‍

Please note that cookies or comparable recognition technologies (such as device fingerprinting) can also be used when using Google Adsense in non-personalized mode. According to Google, these are used to combat fraud and misuse.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
‍

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
‍

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated.
‍

You can find more information about Google's advertising technologies here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/. '
‍

Google Ads Remarketing

This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups and then allow you to display interest-based advertising on the Google advertising network (remarketing or retargeting).
‍

In addition, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
‍

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=de.
‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
‍

Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.
‍

‍

Target group building with customer reconciliation

To build target groups, we use, among other things, Google Ads Remarketing customer matching. In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown appropriate advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google conversion tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.
‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
‍

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.
‍

‍

7. Plug-ins and tools

‍

YouTube with advanced data protection

This website includes videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

‍

When you visit one of these websites on which YouTube is integrated, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are displayed in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details about extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

‍

After activating a YouTube video, further data processing processes may be triggered over which we have no influence.

YouTube is used in the interest of presenting our online offerings in an appealing way. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.

‍

For more information about YouTube's privacy policy, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

‍

Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

‍

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts for the purpose of uniformly displaying fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.

‍

Google Maps is used in the interest of presenting our online offerings in an appealing way and making it easy to find the locations we have specified on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.

‍

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how to handle user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

‍

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, to uniformly display fonts. Google fonts are installed locally. There is no connection to Google servers.
‍

For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.

‍

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
‍

The purpose of reCAPTCHA is to check whether the data on this website (e.g. in a contact form) is entered by a person or by an automated program. To this end, reCAPTCHA analyses the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time the website visitor spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
‍

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
‍

Data is stored and analyzed on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.
‍

For more information about Google reCAPTCHA, please see the Google Privacy Policy and Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
‍

‍

8. Audio and video conferences

Data processing

Among other things, we use online conference tools to communicate with our customers. The tools we use in detail are listed below. When you communicate with us via video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

‍

The conference tools collect all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

‍

In addition, the provider of the tool processes all technical data required to process online communication. In particular, this includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker,

‍

Type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full influence on the data processing processes of the tools used. Our options are largely based on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy statements of the tools used in each case, which we have listed below this text.

‍

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Article 6 (1) (f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

‍

Storage period

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for data storage ceases to apply. Saved cookies remain on your device until you delete them. Mandatory legal storage periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

‍

Conference tools used

We use the following conference tools:

‍

TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. Details on data processing can be found in TeamViewer's privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

‍

Order processing

‍

‍Part 3: Data protection information for social media
(as of April 17, 2024)

‍

This privacy policy applies to the following social media sites

Instagram: https://www.instagram.com/massist_consulting/
Xing: https://www.xing.com/pages/massistgmbh
Kununu: https://www.kununu.com/de/m-assist1
LinkedIn: https://www.linkedin.com/company/m-assist/
YouTube: https://youtube.com/@massist_consulting
TikTok: https://www.tiktok.com/@massist_consulting

‍

Data processing through social networks

We maintain publicly available profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, X, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (such as like buttons or advertising banners). Visiting our social media sites triggers numerous data protection-relevant processing processes.

‍

In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.

‍

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. In this way, interest-based advertising can be shown to you within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

‍

Please also note that we cannot track all processing processes on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

‍

Legal basis

Our social media presence should ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by social networks may be based on different legal bases, which must be provided by the operators of the social networks (e.g. consent within the meaning of Article 6 (1) (a) GDPR).

‍

Responsible person and enforcement of rights

If you visit one of our social media sites (e.g. Facebook), we, together with the operator of the social media platform, are responsible for the data processing processes triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

‍

Please note that, despite joint responsibility with the social media portal operators, we do not have full influence on the data processing processes of the social media portals. Our options are largely based on the corporate policy of the respective provider.

‍

Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions — in particular retention periods — remain unaffected.

We have no influence on the storage period of your data, which is stored by social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

‍

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to object, to data portability and to lodge a complaint with the competent supervisory authority. You can also request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

‍

‍Social networks in detail

‍

instagram

We have an Instagram profile. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For details on how they handle your personal data, please see Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

‍

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please see XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

‍

Kununu

We have a profile on kununu. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please see kununu's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

‍

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

‍

If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

‍

Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

‍

Youtube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please see YouTube's privacy policy: https://policies.google.com/privacy?hl=de.
‍

‍

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how they handle your personal data can be found in TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.

Data transmission to non-secure third countries is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de.

‍