Data Privacy Statement
Information on data protection
With this data protection information we notify you about our handling of your personal data and about your rights according to the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). dicomsys GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.
I. General information
If you have any questions or suggestions regarding this information, or if you would like to contact us about asserting your rights, please send your request to
2. Legal basis
The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) TMG or Art. 6 (1) a GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b GDPR), for the performance of a legal obligation (Art. 6 (1) (c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override (Art. 6 (1) (f) GDPR).
3. Duration of storage
Unless otherwise stated in the following notes, we store data only as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal storage obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you contradict to processing for this purpose.
4. Categories of recipients of the data
We use order processors in the context of processing your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities. Further recipients may be listed in the following notes.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as suitable safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49(1)(a) GDPR.
6. Processing when you exercise your rights
If you exercise your rights under Articles 15 to 22 GDPR, we process the personal data transferred for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and Section 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
- You have the right, in accordance with Art. 17 GDPR and § 35 BDSG, to demand that we delete your personal data.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7 (3) GDPR. Such a revocation will not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on the basis of reasons arising from your particular situation. If personal data about you is processed by us for the purpose of direct marketing, you may object to such processing pursuant to Article 21 (2) and (3) GDPR.
9. Data protection officer
You can reach our data protection officer at the following contact details:
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after eight weeks unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR, unless you provide additional information to enable us to identify you in order to exercise your rights set out in these articles.
3. Consent Management Tool
The Consent Management Tool “Borlabs Cookie” of Borlabs – Benjamin A. Bornschein (Germany) allows users of our website to give consent to certain data processing processes, to revoke consent given or to object to data processing. In addition, the Consent Management Tool helps us to provide proof of your declarations. For this purpose, log data on your declarations is processed. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis is Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 7 para. 1 GDPR. Further instructions can be found in the settings of the Consent Management Tool.
4. Contact form
Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this data will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your inquiry. If your request is directed towards the conclusion or performance of a contract with us, Art. 6 (1) b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f GDPR.
5. Analysis of our website
Our website uses WebAnalytics, a service of 1&1 IONOS SE, for the statistical evaluation of visitor accesses. Your IP address is transmitted during the transmission of a page request, anonymized directly after transmission and processed without personal reference. In addition, we process server log files that your browser transmits to us when the page is set up. Simple statistics are created from the data in anonymized form. For this purpose, no user profiles are created and no cookies are set. A personal identification of a visitor is therefore not possible, even afterwards. We process the data for the purpose of measuring our reach and optimizing our website. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f GDPR.
b) Google Tag Manager
We use the Google Tag Manager of Google Ireland Limited (Ireland/EU). The Google Tag Manager is used to be able to manage our website tags via an interface. The Google Tag Manager is a cookie-less domain that does not collect or store any personal data. The Google Tag Manager merely triggers other tags, which in turn may collect data without accessing that data themselves. If a deactivation has been made at the domain or cookie level (e.g. via the Consent Management Tool), this remains in place for all tracking tags implemented with the Google Tag Manager.
c) Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data. We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships. Data on user actions is stored for a period of 14 months and then automatically deleted. In this process, the deletion of data whose storage period has expired occurs automatically once a month.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Section 15 (3) TMG or Article 6 (1) a GDPR. You can revoke this consent at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google’s Ireland sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 para. 2 lit. c GDPR.
6. services and contents of third parties
a) Open Street Map
We use the “Open Street Map” service of the OpenStreetMap Foundation (United Kingdom) on our website to display maps. For the use of Open Street Map, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Open Street Map and Open Street Map may set its own cookies. You can find more information about this processing activity and the storage period in the section “Cookies”. Open Street Map is only used with your consent pursuant to Section 15 (3) of the German Telemedia Act (TMG) or Article 6 (1) a GDPR.
When using Open Street Map, a transfer of your personal data to the United Kingdom cannot be excluded. The transfer takes place on the basis of the adequacy decision pursuant to Art. 45 DSGVO, which the European Commission has issued for the United Kingdom: https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.
b) Google Fonts
We use Google Web Fonts from Google Ireland Limited (Ireland/EU) on our website to display fonts. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google. This data processing is carried out to protect our legitimate interests in the optimization and economic operation of our website and is based on the legal basis of Art. 6 (1) f GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is, for example, the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on the website.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Users can find further information on data protection at Google in Google’s data protection information: https://www.google.com/policies/privacy.
c) Google ReCaptcha
We use the reCAPTCHA service of Google Ireland Limited (Ireland/EU). For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google. In addition, Google collects further data, e.g. about your browser and your click behavior. We use the service for security reasons to check whether form entries are made by a natural person. In this way, automated access attempts and attacks can be detected and warded off. We are required by law to take technically and commercially reasonable measures to ensure the security of the portal. The legal basis is Art. 6 I c GDPR in conjunction with. Art. 32 GDPR and § 13 para. 7 TMG.
You can prevent this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is, for example, the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on the website or portal.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Users can find further information on data protection at Google in Google’s data protection information: https://www.google.com/policies/privacy.
III. Data processing on our social media sites
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, processing of personal data about you may occur. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. Visit of a social media page
a) Facebook and Instagram page
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU – “Facebook”). For more information about the processing of personal data by Facebook, please visit https://www.facebook.com/privacy/explanation. Facebook offers the possibility to object to certain data processing; related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
b) LinkedIn company page
For the processing of personal data when visiting our LinkedIn page, LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is basically the sole controller. For more information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) GDPR. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
In principle, New Work SE (Germany/EU) is the sole controller for the processing of personal data when visiting our Xing profile. For more information about the processing of personal data by New Work SE, please visit https://privacy.xing.com/de/datenschutzerklaerung.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have consented (Art. 6 para 1 letter a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para 1 letter c GDPR).
If you have provided us with the information because of participation in a sweepstake, we will only process it in order to be able to send you a prize, if applicable. After delivery of the prize or if you have not won, we will delete the data. The legal basis for the processing is Art. 6 para. 1 letter b GDPR.
IV. Further data processing
1. Contacting us by E-mail
If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest to get in touch with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR.
2. Customer and interested party data
If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master, contract and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. These processing operations are carried out on the legal basis of Art. 6 Para. 1 Letter f GDPR and serve our interest to further develop our offer and to inform you specifically about our offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c GDPR).
3. Use of e-mail address for marketing purposes
We may use the email address you provide when registering or ordering to inform you about our own similar products and services offered by us. The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 7 (3) UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to email@example.com.
If you apply to our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. The legal basis for data processing is Section 26 (1) sentence 1 BDSG. If we store your applicant data beyond a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) GDPR. Such a revocation will not affect the lawfulness of the processing that was carried out until the revocation on the basis of the consent.