1.    Name and contact details of the controller and his representative 
We, medac GmbH, Theaterstraße 6, 22880 Wedel, Germany (Imprint) are controller for the processing.

Contact details of the data protection officer
Our data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company.
You can reach our data protection officer at mail@planit.legal, Data Protection Officer Dr. Bernd Schmidt, Deputy Data Protection Officer Dr. Anna-Kristina Roschek.

2.    Website: Processing of your personal data 
The use of this website requires the processing of personal data to the extent described in section 2.1. 
When you visit our website, we display a "cookie banner" to inform you that we use cookies and other tracking technologies to improve the user experience on our website and for the purposes of web analytics and interest-based advertising. The related data processing is described below. We may set cookies that are necessary for the operation of our website without your consent because of our legitimate interest in operating a website. We set all other cookies only after you have consented to the setting of the respective cookie via the cookie banner. Before you declare your consent, only technically necessary cookies are set. Your consent may also include data transfers to the USA pursuant to Art. 49 (1) (a) GDPR (see also Section 14 Data transfers to countries outside the EEA). You may revoke your consent in whole or in part at any time with effect for the future. The options available for this are described in detail in section 3.

2.1.    Data processing to enable website use 
When you visit our website (https://www.bc-care.com/), some of your personal data are automatically processed and stored in so-called web server log files. These are:

• the address (URL) of the accessed web page
• Browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the hostname and IP address of the device from which access is made
• Date and time

We receive these data about the devices you use.
The purpose of creating the webserver log files is to ensure the functionality of the website. The legal basis for the processing is Art. 6 (1) lit. f GDPR.
The webserver log files are stored for a maximum of two weeks and then automatically deleted. We do not share these data with third parties. 

2.2.    Cookies 
When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are sent to your browser by a webserver and stored on your computer's hard drive. This makes it possible for you to be recognized when you return to the website. In this way we can ensure better functionality of the site or carry out web analysis.

There are various types of cookies. A distinction must be made between cookies placed by the website operator when you visit a website (also known as "first party cookies") and cookies placed by third parties (also known as "third party cookies"). We solely have technical control over the first mentioned cookies. On the other hand, there are cookies that are only stored on your computer during your visit to our website (also known as "session cookies") and cookies that are stored for a longer period of time.

Most browsers are set to accept cookies automatically. You can deactivate the storage of cookies in your browser and can delete them from your hard disk at any time. We would like to point out that the use of our offers on the website without cookies is only possible to a limited extent. 

However, you can also adjust your browser to only prevent the setting of certain cookies (e.g. cookies from third parties), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser. 

To completely prevent the use of cookies, you can also configure your browser settings accordingly and disable the setting of cookies in whole or in part. In addition, you can install a data protection plugin in your browser that offers the option of preventing web analytics - e.g. AdBlock, Ghostery or NoScript (however, please note the privacy policies of the respective plugin provider). Furthermore, some web analytics providers are members of industry associations via whose websites you can centrally prevent usage-based online advertising and web analytics by the respective members. Below you will find the websites of these associations for convenient cross-provider prevention of web analytics. In this way, you can also prevent the creation of pseudonymous profiles:

• "European Interactive Digital Advertising Alliance" (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/ 
• "Digital Advertising Alliance" (DAA): info/choices/ 
• "Network Advertising Initiative" (NAI): http://www.networkadvertising.org/choices/

We use the following cookies:

Name    Storage duration    Purpose (necessity)
        [please add ]
        [please add]
        
_ga    1 year    Traffic analysis (not necessary)
_ga_< id>    1 year    Traffic analysis (not necessary)

3.    Use of Google Analytics 
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies (see section 2.2) to make the analyzation of how users use the website possible. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States (for data transfers outside the EEA, see section 14). However, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus be made anonymous. Only in exceptional cases the full IP address is transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

You can revoke your consent to the web analysis and the related use of cookies as well as the data transfer to the USA as follows: You can prevent the storage of cookies by making the appropriate settings in your browser software and rejecting them (see section 2.2.) or using a privacy plug-in (see section 2.3.). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en

4.    Processing of your data when you contact us for business purposes
If you contact us as an interested party, supplier, service provider or other business partner, we process your personal data such as contact details or correspondence to the extent necessary to process your inquiry (legitimate interest under Art. 6 (1) (f) GDPR) or to initiate or carry out the respective transaction (Art. 6 (1) (b) GDPR) and, if applicable, retain the data within the scope of legal retention obligations (based on legal obligations under Art. 6 (1) (c) GDPR). 

The same applies if you are an employee of a interested party, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in initiating or conducting the business relationship with your employer (Art. 6 (1) (f) GDPR).

5.    Contact form
When you contact us via the contact form, we store your details (your name, e-mail address, telephone number if necessary, and the text of your request) and process them in order to process your request.

As far as it is necessary in order to answer your request or your request is directed towards this, we may transfer your details to another company of the Medac group (e.g. if your request relates to a contract or a customer relationship with another company of the Medac group or its products). The legal basis for this data processing is - depending on the subject of your request - the admissibility of the processing within the framework of contract initiation, a contract or our legitimate interest in providing a contact form for general requests (Art. 6 Para. 1 lit. b or f GDPR). 

6.    Video integration through Vimeo 
On our website we have also embedded videos via the provider Vimeo. Vimeo is a platform for video hosting. Service provider is Vimeo LLC, 555 West 18th Street New York, NY 10011, USA; website: https://vimeo.com/; privacy policy: https://vimeo.com/privacy (only available in English).

If you call up a page on our website on which a video with Vimeo has been embedded, your IP address and possibly other technically necessary personal data will be transmitted to Vimeo. In the process, your data will be transmitted to the USA. The USA (and possibly other non-EEA countries) do not offer a level of data protection comparable to that of the European Union and, in particular, unauthorized access by government agencies cannot be ruled out in individual cases.

The legal basis for the use of the services of Vimeo is our legitimate interest in the functional presentation of the website, Art. 6 (1) (f) GDPR. If you have any questions about the balance of interests, please contact one of the contact addresses listed in section 1 above

7.    Links to third party websites 
Our website includes links to third-party websites. When you call up the website links, you leave our website and the browser of your device establishes a direct connection with the servers of the respective website. The respective privacy policies of this website apply.

8.    Data security
We has taken the necessary technical and organisational measures to protect the personal data provided by you from loss, destruction, manipulation and unauthorized access. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is attached to the address component http:// ("https://") or a green, closed padlock symbol is displayed in the browser. By clicking on the symbol, you will receive information about the SSL certificate used. SSL encryption guarantees the secure and complete transmission of your data.

9.    Transmission to third parties
We only pass on the personal data described here if it is necessary for the provision of our service or if it is required by law. Within the scope of the purposes mentioned here, personal data will be forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. In particular, this includes an obligation as a processor according to Article 28 GDPR. 

Otherwise, we will only transfer personal data to other recipients if we have a legal permit to do so or you have given your prior consent. You may revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent that this is permissible under data protection law.

10.    Transfer to countries outside the EEA 
To the extent necessary for our purposes, we may also transfer your data to recipients outside the EU and the European Economic Area. This is particularly the case if we have to transfer this data to recipients in countries within the scope of contract processing or due to legal regulations. 

With the exception of the processing described in sections [3 and 9 ], we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations described in these sections result in data being transferred to the servers of the processor by us. These servers are partly located in the USA. If the servers are located in Europe, it cannot be completely ruled out that data may nevertheless be transferred to the USA because it is a US provider. The data transfer takes place on the basis of so-called standard contractual clauses of the EU Commission.

We would like to point out that the USA is not a safe third country in the sense of EU data protection law. In certain cases, US companies are obliged to hand over personal data to US authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

11.    Deletion
We will delete your personal data as soon as it is no longer required for the aforementioned purposes of processing, or if in the event of an objection there are no compelling reasons on the part of Medac worthy of protection or if in the event of a revocation there is no other legal basis for processing. In certain cases, e.g. if there is a legal storage obligation, your personal data will initially be blocked and deleted at the end of the storage period. 

12.    Your rights
According to the provisions of the GDPR, you have the right to

• request information about the processing of your data free of charge (Art. 15 (1) GDPR) and to receive a copy of your personal data (Art. 15 (3) GDPR). Among other things, you can request information about the purposes of the processing, the categories of personal data that are processed, the recipients of the data (if a transfer takes place), the duration of the storage or the criteria for determining the duration;
• rectify your data (Art. 16 GDPR). If your personal data is incomplete, you have the right - taking into account the purposes of processing - to complete the data; 
• have your data erased or blocked (Art. 17 DSGVO). Reasons for the existence of a deletion/blocking claim include revocation of the consent on which the processing is based, objection to the processing or unlawful processing of the personal data;
• to have the processing restricted (Art. 18 GDPR);
• request the transfer of your data (Art. 20 GDPR);
• revoke your consent to the processing of your data for the future, insofar as the processing is based on consent (Art. 7 (3) GDPR); Please note that in the event of a revocation, we will continue to retain your consent. This is because even after revocation and deletion of your personal data, we must be able to prove consent. The legal basis for the (also continued) storage of consent is Art. 6 (1) (c) in conjunction with. Art. 5 (1) (a), (2), Art. 7 (1) GDPR and Art. 6 (1) (f) GDPR.
• complain to a supervisory authority about unlawful data processing (Art. 77 GDPR).

In addition, in case of processing based on Art. 6 (1) (e) or (f) of the GDPR, you may object to the processing (Art. 21 of the GDPR). You do not have to provide you reasons except for the case of direct marketing.

If you wish to exercise any of your rights, please contact us at one of the contact addresses listed in section 1.

13.    No automated individual case-by-case decision-making
We do not use your personal data for automated case-by-case decisions according to Art. 22 (1) GDPR.

14.    Change of the privacy policy
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The data protection declaration will then be adapted accordingly. You will always find the latest version on our website.

Status: December 2022