Clarification Text


INSPITAL Medical Techlology GmbH (“Company”) implements the requirements of the EU General Data Protection Regulation (GDPR) and other legal requirements for the protection of personal data. In particular, technical and organizational security measures are implemented in accordance with current security standards.

With the following data protection information, we inform you about the processing of personal data by İnspital within the scope of our general business activities and the rights of data subjects:

1. Who is responsible for data processing?
Inspital Medikal Teknoloji GmbH
Kaiserswerther Str. 83B Ratingen North Rhine- Westphalia 40878 Germany
Phone: + +49 (2102) 939 46 94

2. How can I contact the Data Protection Officer?
You can reach the personal data protection officer from the following information:

Data Protection Officer
Kaiserswerther Str. 83B Ratingen North Rhine- Westphalia 40878 Germany

3. What personal data do we process?

The term "personal data" in this document refers to Article 4 No. 1 means personal data as defined in GDPR. This is any information about a natural person by which that person can be identified, directly or indirectly.

As part of our general business operations and in order to serve our customers, we generally process not only contact information such as name, address, telephone number and e-mail address, but also information such as bank information and payment information, and as long as it plays a role in the provision of the services, personal and professional other information on conditions.

Working with anonymous or pseudonymous data within the scope of our activities is in many cases not possible or disproportionate. We are also obliged by law to process certain personal data of an individual, for example to fulfill obligations under the Money Laundering Act.

4. For what purpose and on what legal basis do we process personal data?

As a company, we process personal data as part of our general business activities and to serve our customers on one of the following legal bases:

a) Consent of the data subject (Art. 6 Para. 1 S.1 clause a), Art. 7 GDPR)

Inspital bases the processing of personal data for certain activities in the field of our general commercial activities (eg customer information, newsletter) on the informed consent of the data subject, which is expressly obtained from them.

b) Fulfillment of contractual obligations (GDPR Art. 6 para. 1 p. 1 para. b)

The processing of personal data takes place in order to conclude a contract or when starting a contractual relationship with a natural person. The scope and details of data processing derive from the relevant contract and, if any, relevant terms and conditions.

c) Fulfillment of legal requirements (Article 6 paragraph 1 S.1 clause c of GDPR)

Inspital is subject to legal requirements that may give rise to an obligation to process personal data. Based on these requirements, Inspital is specifically obliged to properly store documents and archive them in appropriate IT systems and, if necessary, also in paper form.

d) Protection of legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Inspital processes personal data for the purpose of providing services to our customers in the context of general commercial activities and on the basis of the weight of interests, provided that the legitimate interests of the data subject do not prevail. One of Inspital's tangible interests here is to fulfill our contractual obligations to our customers. İnspital processes personal data provided by customers only to the extent truly necessary for the provision of services.

5. To whom is personal data disclosed?

In accordance with legal obligations, personal data may be given to the following recipients:

• INSPITAL Medical Techlology GmbH (“Company”) group Companies

• If necessary, financial institutions, authorities, courts or other public institutions in Germany and abroad.

• Other service providers and other processors are strictly on purpose, such as hosting, cloud services, document destruction, archiving, topical, public relations (eg sending newsletters, customer information, studies).

When service providers are involved in Inspital data processing processes, Inspital data protection standards are contractually transferred to service providers. In the case of data processing relationships mandated in accordance with Article 28 GDPR, legally standardized data protection agreements are accepted.

6. Are the data transferred to a third country or an international organisation?

The transfer of personal data to countries outside the European Economic Area (EEA) takes place only if necessary in the context of general business activities, on the basis of consent, to fulfill legal requirements or by engaging processors.

Inspital is committed to complying with minimum data protection standards. The main obligations in this regard are contained in the data protection guidelines of Inspital and in the contract articles of Inspital on data protection. In terms of content, these are data protection guarantees within the meaning of Article 46 (1) GDPR, which legitimizes international data transfers.

For companies and service providers outside the EEA (including the use of cloud services), the appropriate level of data protection required under EU data protection law is achieved by complying with the requirements of GDPR Article 45 and further – usually within the meaning of GDPR Article 46(2)(c) by agreement with the EU standard contractual clauses.

7. How long is personal data stored?

Inspital retains personal data as long as it is necessary for the execution of the relevant service relationship. This is subject to statutory retention requirements.

8. What data protection rights do data subjects have?

The persons concerned have the right to rectification and rectification of the processing of their personal data by İnspital 15 GDPR (if the processing takes place, including the purpose of processing, any recipient and the expected period of storage). Correct data (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing and data portability of sent data (Art. 18, 20 GDPR) and the right to object to its use for marketing purposes and on the basis of processing legitimate interest (Art. 21 GDPR) .

Once approvals have been given, they can be revoked from Inspital at any time with effect for the future. To protect these rights, anyone concerned can contact Inspita's data protection officer (see Section 2). If you have any questions, you also have the right to lodge a complaint using the data subject application form on our website or, in particular, to a supervisory authority with the data protection authority of the Member State of your habitual residence or workplace. Inspital's responsible data protection supervisory authority is Rheinland-Palatinate, State Data Protection Officer for Data Protection and Freedom of Information.