1. Who is responsible for processing my personal data?
BEO MedConsulting Berlin GmbH
Dipl.-Ing. Michael Vent (CEO)
Dipl.-Ing., MBA Karsten Nieter-Kubin (COO)
Tel. +49 (0)30 318 045 30
Fax +49 (0)30 318 045 40
Data protection officer (external)
Dirk Trettin, Attorney at Law
2. What data do you process when I visit your website?
We process personal data solely within the legal framework of the relevant legislation and, where appropriate, with your consent. Personal data means any information relating to an identified or identifiable natural person. When you visit our website, we store certain data about the browser and operating system you are using, the date and time of your visit, the access status (for instance error messages), your use of the website’s features, any search terms you may have entered, the frequency with which you access individual web pages, the description of files that are accessed, the data volume that is transmitted, the website from which you accessed our website and the website you access from our website. For security reasons, especially to prevent and identify attacks on our website or fraud attempts, we also store your IP address and the name of your Internet service provider. We only store other personal data if you provide us with such data for registering or logging in or on a contact form, or for performing a contract.
3. For what purposes do you process my data when I visit your website?
We use the data we collect when you visit our website to make operating our website as comfortable as possible for you and to protect our IT systems against attacks and other illegal actions. If you provide us with further personal data, for instance when you register or log in or use a contact form, or for performing a contract, we will use these data within the necessary scope for the stated purposes, for the purpose of customer management, and for the processing and billing of any transactions.
4. To whom will my personal data be transmitted?
5. What is the legal basis for processing my personal data?
We are only justified in processing your personal data on the basis of your consent (legal basis). Here is a list of the most important legal bases.
• Art. 6 (1) (a) GDPR
If you have given us your consent to the processing of your personal data.
• Art. 6 (1) (b) GDPR
If the processing of your personal data is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract with you.
• Art. 6 (1) (c) GDPR
If the processing of your personal data is necessary for compliance with our legal obligations (for instance for the safekeeping of data).
• Art. 6 (1) (f) GDPR
If the processing of your personal data is necessary for the purposes of pursuing our legitimate interests and the legitimate interests of third parties (for instance maintaining the functionality of our IT systems, marketing our services and the documentation of business contacts as required by law).
Strictly necessary cookies
These cookies are essential for you to navigate our website and use its features, for instance for setting your data privacy preferences, for logging in or for filling in forms. Without these cookies we are unable to provide properly the services you request via the website. Under applicable laws, we do not need your consent as a user for strictly necessary cookies. The legal basis for the processing of personal data using strictly necessary cookies lies in our legitimate interest in operating our website (Art. 6 (1) (f) GDPR).
Performance cookies collect data about the use of our website, for instance which pages are most frequently visited and how visitors move about on the website. They are intended to help us improve the user-friendliness of the website and your experience as a user. The data collected from the use of performance cookies are aggregated and cannot as a rule be allocated to any specific natural person. If in individual cases data processed using performance cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).
Functional cookies enable a website to store an input or selection made by you, such as your user name, language preference or the geographical region in which you are located; and to offer you as a user improved and more personal features. They are also used to enable requested features such as the playing of videos. If in individual cases data processed using functional cookies allow you to be identified as a specific natural person, your consent as a user is the legal basis for the processing of your personal data (Art. 6 (1) (a) GDPR).
Marketing cookies are used to enable the display of tips advertising third party websites that may be more relevant to you and your interests. They are also used to limit the frequency with which an advertisement is displayed and to measure and steer the effectiveness of advertising campaigns. The legal basis for the processing of any data that may be related to you as an identifiable natural person using marketing cookies is your consent as a user (Art. 6 (1) (a) GDPR).
7. When will my data be erased?
We erase your IP address and the name of your Internet service provider, which we store purely for security reasons, after seven days. Otherwise. we erase your personal data once they are no longer required for the purpose for which we collected and processed them. Your personal data will only be stored beyond this period if this is required under the laws, regulations and other legislation to which we are subject (for instance a statutory period of safekeeping).
8. What tools do you use?
Our website uses Matomo, a web analysis service by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo installs cookies on your end device to enable us to analyse your use of our website. The information collected in this way is stored solely on our server (in-house-hosting). This prevents any transmission of your data to third parties.
For this purpose, a cookie is installed on the user’s end device, enabling us to keep track of activities and, for instance, identify return visits. Your IP address is automatically abbreviated (IP masking) so that you are no longer individually identifiable. The information that is analysed includes your approximate geographical location, your end device, your monitor resolution, your browser and the sites you have visited including how long you spent there.
We use Matomo to analyse the use of our website and its individual features and offerings and to enable us constantly to improve your user experience. The statistical analysis of user behaviour enables us to make constant improvements in the features and services we offer.
If we obtain your consent as a user, your personal data are processed on the legal basis of Art. 6 (1) (a) GDPR. You may withdraw the consent you have given at any time with future effect. To withdraw your consent, all you need to do is deactivate this service in the Cookie Consent Tool that is provided on the website. Otherwise, it is based on Art. 6 (1) (f) GDPR. Our legitimate interest is in the optimisation of our website, the improvement of the services and features we offer and online marketing.
On our website we use videos for various requirements, such as spreading information. For technical reasons, these videos are not hosted on our own server. We use the services of the external provider Vimeo (Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA). Using this plug-in enables us to display video material of interest to you direct on our website.
To the extent that we obtain your consent as user, your personal data are processed on the legal basis of Art. 6 (1) (a) GDPR. You may withdraw the consent you have given at any time with future effect. . To withdraw your consent, all you need to do is deactivate this service in the Cookie Consent Tool that is provided on the website. Otherwise, it is based on Art. 6 (1) (f) GDPR. Our legitimate interest is in a technically stable website and the spreading of information.
9. Social Media Plug-ins
If you subscribe to our newsletter, we need you to provide us with your email address. Other data may be provided voluntarily. Unless you consent to your data being used for purposes beyond this, the data you provide will be used solely for sending you our newsletter. To send you our newsletter we use the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The legal basis for the processing of your personal data is your consent, which you give us by subscribing to the newsletter (Art. 6 (1) (a) GDPR). You may unsubscribe the newsletter at any time using the unsubscribe link provided in the newsletter.
Möchten Sie von Ihrem Widerrufs- oder Widerspruchsrecht Gebrauch machen, genügt eine E-Mail an uns.
11. Contacting us
Personal data are collected when you contact us, for instance using a contact form or by email. The data collected when using a contact form can be seen in the form itself. These data are stored and used solely for the purpose of responding to your message or for contacting you and for the associated technical management. The legal basis for the processing of these data is our legitimate interest in accordance with Art. 6 (1) (f) GDPR in responding to your message. If you contact us with a view to entering into a contract with us, the additional legal basis for processing your data is Art. 6 (1) (b) GDPR. Your data will be erased once the processing of your enquiry has been completed. This is deemed to be the case if it is clear from the relevant circumstances that the matter in question has been fully dealt with and if erasure of your data is not prevented by statutory safe-keeping obligations.
12. Will my data be transmitted to recipients outside the EU?
We fundamentally work with service providers based within the EU. If in exceptional cases personal data are transmitted to recipients outside the EU and processed there, we fundamentally ensure by means of appropriate measures that an appropriate level of data protection is achieved that is as comparable as possible with European data protection legislation.
13. Online meetings and online seminars
We use various tools for holding telephone and video conferences, online meetings or online seminars (together referred to here as Online Meetings). For online seminars we use the edudip tool, a service provided by edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany (the Provider). Various kinds of data are processed when Online Meeting software is used. The scope of the data depends on the details you provide as data before or during your participation in an Online Meeting. The following personal data are processed:
Details of the user
Forename, surname, telephone number (optional), email address, password (if Single Sign On is not being used), profile photo (optional), department (optional)
Subject, description (optional), participants‘-IP addresses, device/hardware information
For recordings (optional)
MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, text file of the Online Meeting chat.
For dialling in by telephone
Details of telephone numbers for incoming and outgoing calls, country name, start and end times. Other connection data may be stored as required, such as the IP address of the device.
Text, audio and video data
You may be able to use the chat, question or survey features in an Online Meeting. If so, the text you input will be processed for display in the Online Meeting and, if necessary, for the record. To enable the display of video and the playback of audio, the relevant data from the microphone in your end device and any video camera in your end device will be processed during the Online Meeting. You may at any time switch off the camera or put the microphone on mute using their applications..
If we wish to record Online Meetings, we will notify you if this transparently beforehand and – if necessary – ask for your consent. The fact that recording is taking place will also be displayed for you in the app. If necessary for the purpose of making a record of the outcome of an Online Meeting, we will make a record of the content of chats. For webinars, we may also process the questions asked by webinar participants for the purpose of recording and post-production of the webinar. If personal data are processed by our staff when Online Meetings are held, the legal basis for the processing of data is Section 26 of the Federal Data Protection Act (BDSG). Otherwise, the legal basis for the processing of data from Online Meetings is Art. 6 (1) (b) GDPR, if such Meetings are held within the scope of contractual relationships. Where no contractual or pre-contractual relationship exists, the legal basis is Art. 6 (1) (f) GDPR. We have an interest in the effective holding of Online Meetings. Personal data processed in connection with participation in Online Meetings will fundamentally not be transmitted to third parties unless they are intended to be so transmitted. Please note that content from Online Meetings as well as from in-person meetings and conferences are frequently used to communicate information with customers, prospective customers and third parties, which means that they are intended for transmission. If necessary, the Provider will be informed of the data mentioned above if this is stipulated as part of our order processing contract with the order processor.
14. Data protection in the application process
We collect and process applicants’ personal data for the purpose of processing their applications. The data may also be processed electronically. If we sign an employment contract with an applicant, the data that have been transmitted for the purpose of processing the application will be stored, subject to statutory provisions. The legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. If the controller responsible for processing does not sign an employment contract with the applicant, the application documents are erased six months after the announcement of the rejection decision, unless the controller responsible for processing has other legitimate interests preventing erasure. These other legitimate interests might for example include a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
15. Will my data be used for automated decision-making?
As a company aware of our responsibilities, we do not use automated decision-making or profiling.
16. Data security measures
During your visit to our website we use the widespread SSL (Secure Socket Layer) process for encryption. Otherwise, we use appropriate technical and organisational security measures to protect data against chance or intentional manipulation, loss, destruction and unauthorised third party access. Our security measures are constantly updated and improved as the technology develops.
17. What are my rights and who should I contact?
As a subject of data processing (data subject), you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (“the right to be forgotten“) (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), to object (Art. 21 GDPR) and the right to withdraw any consent you have given under data privacy law for the processing of your data.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) GDPR. If you lodge an objection, we as the controller will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to withdraw consent
You have the right to withdraw at any time any consent you have given under data privacy law for the processing of your data with effect for the future. Withdrawal of consent will not affect the lawfulness of processing up to the time you withdraw your consent. Nor will any continued processing on a different legal basis be affected, for instance for the fulfilment of legal obligations.
Please if possible address any claims and declarations to the following contact address: firstname.lastname@example.org. If you believe that the processing of your personal data breaches statutory provisions, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).