• European Flag
  • Česká vlajka

GDPR/Datenschutzrichtlinie

 

 

Processing of personal data on the CMI website

 

In accordance with Regulation (EU) 2016/679 (GDPR), we are hereby providing you with information regarding the processing of personal data that occurs in connection with the communications we have with our job applicants, suppliers, and customers.

 

1.      Contact data

The controller of personal data is Contract Medical International GmbH, Lauensteiner Straße 37, 01277, Germany

The contact information for the person responsible for the protection of personal data is: gdprdd@contract-medical.com.

 

2.      Tables describing the processing of personal data

 

Processing of personal data regarding job applicants

Processing category

Processing purpose

Personal data category

Legal grounds

Storage period

Employee recruitment

Selecting suitable employees

Job applicant contact data and CVs

Conclusion and establishment of contracts

Six months after the end of the recruitment and selection procedure

 

Processing of personal data regarding suppliers

Processing category

Processing purpose

Personal data category

Legal grounds

Storage period

Placement of orders

Procurement of materials, equipment, and services

Contact and invoice data, contact persons

Conclusion and performance of contracts

Legal obilgations under German Tax and trade law (AO/ HGB)

6 years

In accordance with legal requirements

Receipt and payment of invoices

Registration of incoming invoices

Invoice data, contact persons

Legal obligations under income tax and VAT legislation

10 years

 

Processing of personal data regarding customers

Processing category

Processing purpose

Personal data category

Legal grounds

Storage period

Registration of contracts with customers and communications regarding completion of deliveries

Ensuring delivery of products in accordance with contracts and handling of complaints

Contact and invoice data, contact persons

Performance of contracts

In accordance with ISO 13485

Invoicing

Registration of invoices

Invoice data

Legal obligations under income tax and VAT legislation

10 years

 

3.      Explanations in reference to the tables describing the processing of personal data

Legal grounds – are justifications for the processing of personal data, based on the current stipulations of European law as defined in Sections 6 and 9 of GDPR.  

Storage period – means the period of time in which we are authorized or required to process your personal data and to keep it stored in our system.

We obtain personal data directly from natural persons. We do not obtain personal data from any other sources.

We do not pass on personal data to other recipients, with the sole exception of shipping service providers for the purpose of carrying out deliveries. We do not intend to pass on personal data that is in our possession to recipients outside of the European Union or to any international organizations.

In cases where the processing of personal data falls into the category designated Conclusion and performance of contracts, we need your personal data in order to be able to conclude and subsequently execute a contract. Without this data, it would not be possible to conclude the contract in question.

In cases where the processing of personal data falls into the category designated Legal obligations, we need to process your personal data in accordance with the requirements of the law in question, doing so within the time limit established for this to take place. We are not allowed to restrict use of this data nor to erase it during this period of time.

We will process your personal data only for the purposes indicated in the tables.

4.      Description of the rights of data subjects

As a data subject (a natural person whose personal data is subject to processing) you have the following rights with regard to your personal data:

Rights

Specifications

The right to request a copy of your personal data.

If a set of personal data stored in our system is your personal data and you want a copy of it, then the right that applies here is your right to gain access to your personal data.

We will provide a copy of the data in question in a format that is in accordance with the means we have at our disposal. You will not have the right to demand a copy in a specific format of your choice.  

There is an exception to this right of access to your personal data. We are not allowed to provide a copy of the data in question if it includes documents or information, the publication of which would constitute a threat to the rights and freedoms of other persons. This is based on the duty incumbent upon us to protect data regarding other persons, trade secrets, intellectual property, etc.

 

The right to request correction of your personal data.

 

If you have ascertained that the data we have about you is incorrect, outdated, or incomplete, then you have the right to request that it be corrected or that missing information be added. 

The right to request the deletion of your personal data.

 

We will be required to delete your personal data if it can be shown that we still have your personal data stored in our system after the established storage period has elapsed or if we do not have valid legal grounds for having your personal data stored in our system.

By law, we are not allowed to delete your personal data in cases where processing is based on Performance of contracts or Legal obligations.

The right to request that a restriction be placed on the processing of your personal data.

This pertains to the processing of personal data for reasons of legitimate interest.

A restriction may be placed on the processing of your personal data by filing an objection to its unrestricted use. The restriction will be in effect during the period of time in which the objection is under consideration.

The right to file an objection to the processing of your personal data.

It will be possible for you to file an objection to the processing of your personal data if its processing is based on reasons of legitimate interest.

Objections to the sending of business-related communications will always be accepted as valid.

If your name and/or other contact data are used in business-related communications, the possibility of abuse can pretty much be ruled out, a factor of major significance in this context.

The right to withdraw consent given for your personal data to be processed.

This will be possible if the processing of your personal data is based on consent. If you consented to the processing of your personal data in the past and at some point you decide to withdraw your consent, the processing of your personal data will be terminated.

The right to request a copy of your personal data in a portable data format.

 

You will be able to request a copy of your personal data in a portable data format only in cases where processing is based on the legal grounds designated performance of contracts and consent.

 

You will be able to request a copy only of the data that you provided to us and which is stored in our system in electronic form. You will not have the right to request a specific format.

The right to file an objection to automated decision-making.

We do not engage in any processing of personal data that is based on automated decision-making.

The right to file a complaint with the responsible supervisory authority.

 

If, within one month, you do not receive a reply in response to your request to exercise your rights, you will be entitled to file a complaint with the authority responsible for protection of personal data.

 

5.      Exercising your rights

If you wish to exercise any of these rights, you can send your request to one of the contact addresses indicated in the above. Verification of your identity will be a key factor in determining whether or not your request will be accepted. It will simply not be possible to accept your request unless and until you can be identified.

Subsequent to your request being accepted, you will be sent a letter of notification, informing you of the outcome as well as providing you with related information material.

Services rendered for data subjects exercising their GDPR rights will be provided free of charge. When there are requests for more than one copy of personal data, we will charge a fee to offset the additional costs.

If requests are found to be patently unfounded or exaggerated and, in particular, if they are found to be repetitive, then we can:

a)      impose a fee proportionate to the administrative costs they cause

b)      and refuse to accept further requests.

 

 

 

If any doubts arise in the process of checking your identity, we will ask you to provide additional information to help us confirm that you are who you claim to be.

Location

Contract Medical International GmbH
Lauensteiner Strasse 37
01277 Dresden, Germany

Contract Medical International, spol. s r.o.
Vazni 848, 500 03 Hradec Králové
Czech Republic

get in touch | send applications to

tel. +49 351 213 88 88 | fax +49 351 213 88 99
info@contract-medical.com

Dresden: jobs@contract-medical.com
Hradec Králové: jobshk@contract-medical.com

projects are supported by the eu