Data protection

As at 25 May 2018

 

a) Data protection policy for samed-dresden.de and samed-dresden.com


Samed GmbH Dresden (hereafter referred to as "Samed") operates the websites samed-dresden.de and samed-dresden.com. In the following data protection policy, we wish to inform you about the extent to which data is collected when using our website, and for what purpose this data is used.


Furthermore, Samed would like to inform you about what rights you have in this context. Please note that this data protection policy applies exclusively to the websites www.samed-dresden.de and www.samed-dresden.com, including any sub-pages (such as www.samed-dresden.de/[xy] / www.samed-dresden.com/[xy]) and sub-domains (such as [xy].samed-dresden.de / [xy].samed-dresden.com).

 

Responsibility for the processing of your personal data
Samed is the designated body responsible for compliance with the provisions of the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG).

 

What is personal data?


Personal data is individual details about the personal or factual circumstances of a specific or identifiable natural person. This includes information such as your real name, address, phone number and date of birth (if applicable). Statistical information that cannot be directly or indirectly linked to you – for example, the number of users of a web page – is not considered to be personal data.

 

General information on the processing and use of personal data in the context of samed-dresden.de and samed-dresden.com


When you visit our website, by default and for the purposes of system security, our web servers temporarily store the connection data of the requesting computer, the web pages you visit, the date and duration of the visit, the type of browser and operating system used, and the website from which you visited us.

 

This record consists of:


• The site from which the file was requested.
• The name of the file.
• The date and time of the search query.
• The amount of data transferred.

• The access status (file transfer, file not found).
• A description of the type of web browser used.
• The IP address of the requesting computer – shortened by the last three digits.

 

This data is stored anonymously, in accordance with the German Telemedia Act (TMG). Thus, no personal user profiles are created, and this data is deleted or anonymised once the connection has ended.

 

Website analysis/ tracking


Cookies: In some areas of our website, we use cookies, which, for example, help us to recognise visitor preferences so that we can adjust the design of our website accordingly. This also allows easier navigation and makes our website much more user-friendly. Cookies also help us identify particularly popular areas of our website. These cookies are small files that are stored on a visitor’s hard disk. They allow us to retain information that enables us to identify a visitor's computer for a certain period of time. We use permanent cookies to facilitate better user guidance and individual performance, as well as session cookies that are automatically deleted when you close your browser. You can set your browser to inform you about the placement of cookies, which means you will always be aware of their presence. Important: if you completely block the use of cookies, you may not be able to use some of the features of our website. Our website uses the following four categories of cookies:


• Essential cookies.
• Performance cookies.
• Cookies for functionality and personalisation.
• Targeting cookies.

 

Essential cookies: These cookies are necessary for you to be able to navigate our website and use its features, such as accessing password-protected areas. Without these cookies, we would not be able to provide you with certain services you may request. We use essential cookies to uniquely identify registered users so they will be recognised during their stay, and when they revisit the site.

 

Performance cookies: These cookies collect information about how visitors use a website, for example, which pages they visit most often and whether or not they receive error messages from the website. These cookies do not collect any data that could be used to identify visitors. All information collected via these cookies is anonymous and intended solely to improve website service and functionality. We therefore use performance cookies to compile statistics on how our website is used and to verify the effectiveness of our advertising campaigns.

 

Cookies for functionality and personalisation: These cookies allow websites to remember a visitor's previous information preferences (e.g. language) in order to provide optimised and personalised features. These cookies are also used to preserve any website settings you make (such as fonts, font sizes and other user-customisable options). They are also used to provide you with requested services, such as when you want to watch a video clip. These cookies cannot track your browsing activity on other websites. They do not collect any information about you that can be used for promotional purposes, and cannot determine your Internet activity outside our website. We therefore use functionality and personalisation cookies to recognise you when you return to our website, to personalise the content you view, and to save your preferences (such as your preferred language).

 

Targeting cookies: These cookies are used to tailor advertising more effectively to your needs and interests. They also serve to limit how often an ad is presented to you, to assess the effectiveness of an advertising campaign, and to understand user behaviour after viewing an ad. Targeting cookies are usually placed on website pages by advertising networks, with the permission of the website operator. They recognise when a user has visited a certain webpage and pass this information on to others, e.g. advertising companies. Often, they are linked to webpage functionality provided by such companies. We therefore use targeting cookies to connect to social networks, which may then use the information about your visit to tailor their advertising on other websites, and to provide information about your visit to the advertising networks we use. This means that later, and based on your browsing behaviour, you will be able to see exactly the type of advertising in which you are potentially interested.

 

Information is collected about your activities on this website (e.g. surfing habits and the sub-pages you visit on our Internet sites). All usage data is stored using a pseudonym, which means no personal identification is possible. In general, you can prevent the storage of cookies on your hard disk by selecting "Do not accept cookies" in your browser settings. You can also set your browser to ask your permission before installing cookies. And finally, you can delete installed cookies at any time – please refer to your browser’s help pages for further details about how this works. If you do not accept cookies, then in specific instances this may result in some functional restrictions to your use of the website.

 

Contact form


You can use our contact form to make contact with us. When using our contact form, you will be asked to provide the following information:


• Surname and first name.
• Email address.
• Contact event.
• Message.

 

You can tell us further information such as company, address, telephone and fax number, but this is not essential. We will use your data to answer your request, and if necessary, to send any information requested. The data entered by you is transmitted via a secure https/SSL connection and will be deleted within 90 days after completion of the processing, unless longer retention is required for reasons of traceability, customer service or legally prescribed retention periods.

 

YouTube and Facebook


On our website, you will find links to Facebook and YouTube social media services. Links to the websites of these social media services are indicated by their respective company logo. By following these links, you will be able to access Samed's corporate website at the respective social media service. When clicking on a link to a social media service, a connection is made to the servers of that social media service. Your visit to our website will be transmitted to the servers of that social media service. In addition, further data will be transmitted to the social media service provider including:


• Address of the website that contains the activated link.
• Date and time when the website was accessed or activated.
• Information about the type of browser and the operating system used.
• IP address.


If you are already logged in to the corresponding social media service at the time the link is activated, the social media service provider may be able to determine your user name, and possibly even your real name from the transmitted data, and relate this information to your personal user account with the respective social media service. You can exclude the possibility of matching information to your personal user account if you log out of your user account beforehand.


The servers of these social media services are located in the USA and possibly other countries outside the European Union. Data can thus be processed by the social media service provider in countries outside the European Union. Please note that companies operating in these countries are subject to data protection laws that generally do not protect personal data to the same extent as is the case within member states of the European Union.


Please note that we cannot influence the scope, nature and purpose of the data processing performed by the social media service provider. For more information about the use of your data by the social media services included on our website, please refer to the data protection policy of the respective social media service.

 


b) Data security in the company


We take comprehensive technical and organisational security measures to secure and protect your data against unwarranted access. In addition to securing the operating environment, we also use encryption in some areas – for example, with our contact form and for online applications. The information you provide will then be transmitted in encrypted form, using the Secure Sockets Layer (SSL) protocol to prevent any misuse of information by third parties. When this protocol is in use, your browser will display a lock symbol in the status bar, and the address bar will start with "https".

 

Use of service providers/ processing of data in countries of the European Economic Area


Samed uses service providers for the provision of services and for the processing of your data according to § 11 BDSG (among other things, for hosting your data in a secure data centre, delivery of ordered goods and sending of letters or emails, as well as the maintenance and analysis of databases, and order data processing). The service providers process data exclusively according to Samed’s instructions and are obliged to comply with all applicable data protection regulations. All processors of order data have been carefully selected and will only have access to your data as far as is necessary to provide services to the extent and for the period required, and to the extent that you have consented to the processing and use of that data.


The servers of the service providers used by Samed are located within the European Union, and your personal data is protected to the same extent as is the case in Germany.

 

Obtaining information, correction and deletion of your data


Upon request, Samed will provide you with information concerning the personal data we store about you and how it will be used. If any of the data stored by Samed is incorrect, Samed will be happy to correct it. To achieve this, you can contact Samed via the postal address or email address given at the end of this page, or any other convenient method.


You have the right to block and delete personal data stored by Samed. However, if such deletion would be contrary to any statutory retention required under the contractual obligations of tax law or commercial law, then only data blocking is possible, rather than deletion.

 

Job applications


Please note that any applications you send us by email will be sent unencrypted. We therefore recommend that these be sent through the postal system.


Your electronic application data will be accepted by the relevant Human Resources Department and then forwarded to the department responsible for the respective position, or direct to the person entrusted with the processing. All those involved will treat your application documents with the utmost care and with absolute confidentiality. Once the selection process has been completed, the documents sent by you specifically in connection with that selection process will be promptly deleted at your request, unless we conclude an employment contract with you.

 

c) Privacy Description

 

General technical and organizational measures

 

1. Organizational measures


1.1 The company has a data security concept (IT concept), which is constantly being developed and which takes into account the measures required in terms of construction, personnel, organization and technical aspects in order to ensure the safety of the data processed in order and the database and to ensure undisturbed operation.


1.2 In data processing, the entire handling process, from the input of the data through the actual processing to the creation of the desired result, is included in a vulnerable security system. The respective data processing task is created, controlled and checked by the process owner after processing. The actual program sequences and the data processing are set by the IT engineer according to the agreed procedure and i.d.R. mechanically controlled. This rules out procedurally possible sources of error or unauthorized access.


1.3 All employees of the company are informed regarding the requirements of data protection and are obliged to privacy.


1.4 An expert and reliable data protection officer (DSO) has been appointed, who works to ensure compliance with legal and company data protection regulations. It is included in the projects when it comes to basic requirements for data protection and data security. The tasks of the DSO also include the monitoring of the proper use of computer systems and programs, the management of the process overview, the prior checking of the processing of sensitive data and the privacy information of the employees of the company.


The data protection officer must be informed about all occurrences, projects, activities and regulations and, if necessary, included in the relevant process. In case of need or in case of doubt about the handling of personal data, he is to be involved. In the performance of its duties, DSO has unrestricted rights of control in all areas of the company.
Questions about data protection in the company are possible at datenschutz@samed-dresden.de.

 

2. confidentiality

 

2.1 Access control


Access to the data processing and communication systems is denied to unauthorized persons by the following measures:


• Role allocation and rights assignment according to the IT concept
• Outsourcing of data in data centers of service companies based in Germany
• separate lockable offices and archives

 

Have access


• only the respective permanent employees (graduated access regulations)
• Cleaning staff, but only under supervision

 

2.2 Access control


The unauthorized use of data processing systems is prevented by the following measures:


• IT concept
• User-related password assignment
• Password rule: no written deposit of passwords (exception: passwords in locked cupboard in additionally closed office in case of absence)

 

2.3 Access Control


The unauthorized reading, copying, modification or removal of data media is prevented by the following measures:


• As a rule, no data media are used in operational business

 

The respective orders are recorded and controlled in an order program.
Only the data records required for the respective task are released by the process owner to the EDP processing.
Access to the data is limited by:


• functional user-related assignment

• Machine check of the user ID (user ID, password)
• differentiated access to files, records, data fields, application programs and operating system
• differentiated processing options for reading, writing, changing and deleting
• Data, data media and printouts that are no longer used are securely deleted or destroyed (Shredder with security level 4, also for CDs and cards)

 

2.4 Separation Control


The following measures ensure that the data of the clients are processed separately from each other:


• Software separation of orders (client separation)


3. integrity

 

3.1 Input control


The service provider (Drive on Web (Abilis GmbH)) logs who enters, changes or deletes personal data. The last 5 versions of a document are kept.
On documents for customers and suppliers (created with Actindo) the abbreviation of the respective editor automatically appears.

 

3.2 Transfer Control


The unauthorized reading, copying, modification or removal of data in the
Transmission and transport of data carriers is prevented by the following measures:

 

• If data media are handed over in exceptional cases, they will be transported by courier
or courier service in a secure container or directly by the contractor or the client
• Data media are checked for completeness and correctness
• Receipt confirmations and delivery notes are used for external shipments.
• Data is encrypted / transmitted with VPN, SSL, SFTP
• Use of firewalls, virtual private networks (VPN), virus protection, spam protection

• The bringing of private data media into the company is prohibited.
• Prohibition of the use of USB sticks and external data media, the installation of unauthorized software, the storage of data on external media and the unauthorized data transfer

 

4. Availability and resilience


The data is protected against accidental destruction or loss by:


• see order data processing contracts

 

5. Procedures for periodic review, evaluation and evaluation


• Employees are trained on data protection once a year and receive the leaflet (guideline)
• Employees are obliged to handle personal data confidentially when starting work
• a data protection officer is named
• Measures to implement data protection through technology design and privacy-friendly presettings


- Fritz box
- firewalls
- no automatic transmission of data from software vendors (e.g., Microsoft)
- Location of data centers of service providers exclusively in Germany


• Data breaches are reported immediately to the management and the data protection officer
• Requests from affected parties are processed on time
• a list of processing activities is available

 

 

 

 

Responsible body:


Samed GmbH Dresden
Dipl.-Ing. (FH) Thomas Sparborth
Bamberg street 7
01187 Dresden


Questions about data protection:


You can contact our internal data protection officer by e-mail at datenschutz@samed-dresden.de, by telephone on +49 (0) 351/862 62 61 or by post at the following address:


Samed GmbH Dresden
Peggy Opitz – Data Protection Officer
Bamberg street 7
01187 Dresden