Privacy Policy

1. Introduction and contact details of the responsible person

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data is all data that can be used to identify you personally.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Atrium Healthcare GmbH, Erkrather Straße 401, 40231 Düsseldorf, Germany, Tel.: +49 211 261094090, Email: info@atrium-healthcare.de.

The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2. Data collection when visiting our website

2.1 If you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited

Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the site
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser bar.

3. Cookies

To make visiting our website more attractive and enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”); others remain on your device for a longer period and enable the saving of page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of your web browser’s cookie settings.

If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either for the execution of the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and to decide whether to accept them individually or to exclude cookies for specific cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal basis for the processing of personal data in this context is Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide the personal data. If you do not provide the personal data, we cannot manage your consents.

4. Contact us

4.1 When you contact us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is related to a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

5. Data processing when opening a customer account

In accordance with Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deleting your customer account, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods to the contrary, and we have no legitimate interest in continuing to store it.

6. Data processing for order processing

6.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact details you provided when placing your order (name, address, email address) in order to personally inform you about upcoming updates within the legally stipulated period via a suitable communication channel (e.g., by post or email) within the scope of our statutory information obligations pursuant to Art. 6 (1) (c) GDPR. Your contact details will be used strictly for the purpose of notifying you of updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

6.2 Transfer of personal data to shipping service providers

Deutsche Post

We use the following provider as our transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or providing delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, we will only pass on the recipient’s name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) (b) GDPR. This data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with future effect by contacting the above-mentioned controller or the provider.

– DHL

We use the following provider as our transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or providing delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, we will only pass on the recipient’s name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) (b) GDPR. This information will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with future effect by notifying the above-mentioned controller or the provider.

6.3 Use of payment service providers (payment services)

– PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider that requires you to make an advance payment, the payment details you provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method for which we make advance payments, you will also be asked to provide certain personal information (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, information about an alternative payment method) during the ordering process.

In order to protect our legitimate interest in determining your ability to pay in such cases, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. The provider will check, based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), whether the payment option you have selected can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If a score value are included in the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

7. Web analysis services

– WP-Statistics

This website uses the WordPress analytics plugin WP-Statistics. This plugin is provided by wp-statistics.com. Simple statistics for audience measurement are compiled from the data in an anonymized form. No user profiles are created for this purpose, and no cookies are set. All data collected by WP-Statistics is stored completely anonymously on this web server. Personal identification of a visitor is therefore not possible, even retrospectively.

Further information can be found at: https://wp-statistics.com/privacy-and-policy/

– Google Analytics

We also use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your website usage. The information generated by the cookie (including your IP address) is usually transferred to a Google server in the USA and stored there. We have activated IP anonymization on this website. This means that your IP address will be shortened by Google within member states of the European Union or other contracting states to the Agreement on the European Economic Area. Google will use this information on our behalf to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

– Google Tag Manager

We also use Google Tag Manager. This tool itself does not process any personal data of visitors. It merely triggers other tags, which in turn may collect data. Google Tag Manager itself does not access this data.

Cookie Banner and Consent

The use of Google Analytics and Google Tag Manager is based on your consent (Art. 6 (1) (a) GDPR). You can grant this consent via our cookie banner or revoke it there at any time with future effect. Further information on data protection at Google: https://policies.google.com/privacy

8. Data processing by social networks

We operate fan pages on various social networks and platforms in order to get in touch with customers, interested parties, and users active there and to inform them about our offers. When you use social plug-ins, a connection is established between your device and the servers of the respective social network provider. The plug-in is then displayed on the page via a message to your browser, provided you have consented. Both your IP address and information about which pages of our offer you have visited are transmitted to the providers’ servers. This occurs regardless of whether you are registered or logged in to the social network. A transmission also takes place for unregistered or unlogged-in users. If you are connected to one or more of your social media accounts at the same time, the collected data can be assigned to your respective profile. If you use the functions of the plug-in (e.g. by clicking the button), this information is also assigned to your user account. To avoid this assignment, you can log out of your social media accounts before visiting our website and before activating the buttons.

The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) (1) TDDDG in conjunction with Article 6 (1) (a) GDPR. The processing of your personal data is based on your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out up to that point on the basis of your consent.

The social networks listed below are integrated into our website via social plug-ins. Further information about the scope and purpose of data collection as well as your rights to protect your privacy can be found in the privacy policies of the providers, which are accessible via the corresponding links.

Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), (hereinafter Meta)

According to Meta, the collected data is also transferred to the USA and other third countries.

We have concluded a joint processing agreement with Meta (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The Data Privacy Framework (DPF) is an agreement between the European Union and the United States that ensures that European data protection standards are adhered to when processing data in the United States. Every company certified under the Data Privacy Framework (DPF) is committed to complying with these data protection standards. Further information can be found from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

– Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): https://help.instagram.com/155833707900388

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.

Details on how Instagram handles your personal data can be found in its privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures that European data protection standards are adhered to when processing data in the United States. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be found from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

YouTube

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

TikTok

The processing of personal data is jointly controlled by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter: “TikTok”).

TikTok provides you with further information on joint controllership and specific data processing:

“Jurisdiction Specific Terms” and there “Part B: European Economic Area (EEA) and the United Kingdom”: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

9. Rights of the data subject

9.1 Applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data. Reference is made to the legal basis listed for the respective conditions for exercising these rights:

Right to information pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

9.2 RIGHT OF OBJECTION

IF, AS PART OF A BALANCE OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA IN QUESTION. However, we reserve the right to further process your data if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right of objection as described above.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

10. Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of the processing, and – where applicable – also by the respective statutory retention period (e.g., retention periods under commercial and tax law).

When personal data is processed on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data in question will be stored until you revoke your consent.

If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations based on Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection under Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.