Data Protection


medifa GmbH
Industriestraße 5
57413 Finnentrop
T +49 (0)2721 - 7177-0
F +49 (0)2721 - 7177-255

Managing Director medifa GmbH: Dr. Markus Keussen, Magnus Rüding

Data protection officer



As a user of our website, you will receive all necessary information in this Privacy Statement about how, to what extent and for what purpose we or third-party providers collect data from you and use it.

The collection and use of your data is carried out strictly in accordance with the requirements of the EU General Data Protection Regulation (GDPR), the German data protection law in accordance with the Act to Adapt Data Protection Law to Regulation (EU) (DSAnpUG-EU) and the Telemedia Act (TMG) as far as applicable.

We are committed to the confidentiality of your personal data and therefore work strictly within the limits set by law.

The collection of this personal data takes place on a voluntary basis, if this is possible for us. We will also only pass this data on to third parties with your express consent.

We ensure a high level of security by using SSL encryption for particularly confidential data such as payment transactions or with regard to your enquiries to us.

At this point, we would like to draw your attention to the general dangers of Internet use, over which we have no influence. Particularly in e-mail traffic, your data is not secure without further precautions and may be collected by third parties under certain circumstances.

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is carried out with or without the aid of automated processes and which involves personal data. The term reaches far and covers practically every handling of data.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Applicable legal bases

According to Art. 13 GDPR we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Statement, the following applies:

  • The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR.
  • The legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b GDPR.
  • The legal basis for the processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR.
  • The legal basis for the processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR.
  • Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.

Cooperation with contract processors and third parties

Insofar as we disclose data to other persons and companies (contract processors or third parties) in the scope of our processing, we transfer the data to them or otherwise grant them access to the data, this is only done on the basis of:

  • a legal permit (e.g. data to payment service providers required in accordance with Art. 6 Para. 1 lit. b GDPR for contract performance)
  • your consent,
  • a legal obligation to do so, or
  • on the basis of our legitimate interests (e.g. when using agents, web hosts, IT maintenance orders etc.)

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this only occurs if it is:

  • for the fulfilment of our (pre)contractual obligations
  • on the basis of your consent
  • by virtue of a legal obligation, or
  • on the basis of our legitimate interests.

Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or the observance of officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether the data in question are being processed and to obtain information about this data and further information and a copy of the data in accordance with Art. 15 GDPR.

Pursuant to Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.

Pursuant to Art. 17 EU GDPR, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 GDPR.

You have the right to receive the data concerning you, which you have provided to us, in compliance with Art. 20 GDPR and to demand its transfer to other controllers.

Furthermore, you have the right pursuant to Art. 77 GDPR to lodge a complaint with the competent supervisory authority.

Right to withdraw consent

You have the right to withdraw consents granted pursuant to Art. 7 para. 3 GDPR with effect for the future.

Right to object

You can object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. The objection may in particular be lodged against processing for the purposes of direct marketing.

Erasure of data

You have the right to request the correction, blocking or deletion of your data. Excluded from this are data which are stored due to legal regulations or which are required for the proper processing of business. To ensure that a data lock can be implemented at any time, data is stored in a lock file for control purposes. If data is not covered by a statutory archiving obligation, we will erase your data at your request. If the archiving obligation applies, we lock your data. For all questions and concerns regarding the correction, locking or erasur of personal data, please contact our data protection officer at the contact details in this Privacy Statement or at the address given in the legal notice.

Personal data

Every time a user accesses our website and every time a file is retrieved, data about this process is temporarily stored and processed in a log file.

Before storage, each data record is anonymised by changing the IP address. In detail, the following data is stored for each access / retrieval::

  • Anonymised IP address
  • Date and time,
  • Page/name of the retrieved file,
  • Amount of data transferred,
  • Message whether the access/retrieval was successful.

This data is only evaluated for statistical purposes and to improve the offer and then deleted. Any other use or disclosure to third parties will not take place.

If we collect personal data, we do this in the scope of data avoidance and data economy only to the extent and for as long as necessary to use our website or as required by law.

If we collect personal data – such as your name, address or e-mail address – this data collection is voluntary. This data will not be disclosed to third parties without your express consent.

We take the protection of your personal data seriously and adhere strictly to the relevant legal regulations and this Privacy Statement when collecting and processing personal data.

If the purpose of the data collection no longer applies or the end of the legal storage period has been reached, the collected data will be locked or erased. Our website can be used regularly without the passing on of personal data.


When individual pages are called up, so-called temporary cookies are used to facilitate navigation. These session cookies contain no personal data and expire at the end of the session. Techniques that make it possible to track the access behaviour of users are not used.

Wir verwenden auf unserer Webseite Cookies. Diese kleinen Textdateien werden von unserem Server aus auf Ihrem PC gespeichert. Sie unterstützen die Darstellung unserer Webseite und helfen Ihnen, sich auf unserer Webseite zu bewegen.

We use cookies on our website. These small text files are stored by our server on your PC. They support the representation of our web page and help you to move on our web page.

Cookies collect data about your IP address, your browser, your operating system and your Internet connection. We do not associate this information with personal data and do not pass it on to third parties.

Under no circumstances are cookies used by us to bring malware or spyware to your computer.

You can also use our website without the use of cookies, which may limit the use of some representations and functions of our offer.

If you wish to deactivate the cookies, you can do so via special settings in your browser. Please use its help function to make the appropriate changes.

The hosting services used by us serve the provision of the following services:

  • Infrastructure and platform services
  • Computing capacity
  • Storage space and database services
  • Security and technical maintenance services

which we use for the purpose of operating this website.

We, and/or our hosting provider process inventory data, contact data, content data, contract data, use data, Meta and communication data of customers, prospective customers and visitors of this Internet side on basis of our legitimate interests in an efficient and safe supply of this on-line offer in accordance with Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of a contract for processing).

Collection of access data and log files

We, or our hosting provider, raise on the basis of our legitimate interests as defined by Art. 6 para. 1 lit. f. GDPR data about each access to the server on which this service is located (so-called server log files). Access data includes the name of the website accessed, the file, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. These log files do not allow any conclusions to be drawn about you or your person.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud actions) for the duration of maximally 7 days and erased afterwards. Data, the further storage of which is necessary for evidence purposes, are excluded from erasure until the respective incident has been finally clarified.

Third party content and services

The content on our website may also include content, services and performances of other providers, which supplement our offer.

Calling up these services from third parties regularly requires the transmission of your IP address. This makes it possible for these providers to perceive your user IP address and also to store it. We favour only those third party providers who use IP addresses solely for the delivery of content. However, we have no influence on which third party provider may store the IP address. This storage can be used for statistical purposes, for example. Should we become aware of storage processes by third parties, we will immediately inform our users of this fact.

In this context, please also refer to the specific privacy statements of individual third parties and service providers whose services we use on our website. You will also find this information in this Privacy Statement.

SSL encryption

Our website uses SSL encryption for the transmission of confidential or personal content of our users. This encryption is activated, for example, during the processing of payment transactions as well as for enquiries that you make to us via our website.

Please make sure that the SSL encryption is activated by your side during corresponding activities. The use of encryption is easy to detect: The display in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Transmit your confidential information only with SSL encryption enabled and contact us if in doubt.

Facebook plugin
You can find plugins of the social network Facebook on our website. Its provider is Facebook Inc. based in the USA, California 94025, 1 Hacker Way, Menlo Park.

The Facebook logo or “Like” button on our page identifies the Facebook plugins. See also the Facebook plugin overview at

When you visit our website, we connect directly to the Facebook server via the plugin. You are then switched there via your browser. For Facebook, this is associated with the information that you have visited our website with your IP address.

With a click on the Facebook “Like-Button” you link contents of our website with your profile on Facebook. For Facebook, a visit to our site can be assigned to your user account. We are not aware of the nature of the content that is transmitted to Facebook and how Facebook uses it.

For more information about data collection and use, please see the Facebook privacy statement, available at

You can prevent your visit to our site from being associated with your Facebook profile by simply logging out of your Facebook account beforehand.

Google Maps plugin

We use a plugin of the Internet service Google Maps on our website. Its operator is Google Inc. It is located in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View.

When you use Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored on this server.

We have no knowledge of the exact content of the data transmitted, nor of its use by Google. In this context, the company denies the association of the data with information from other Google services and the collection of personal data. However, Google may transfer the information to third parties.

If you deactivate Javascript in your browser, you prevent the execution of Google Maps. However, you will not be able to use the map display on our website. By using our website, you consent to the collection and processing of information by Google Inc. as described above.

To learn more about the Google Maps privacy policy and terms of use, please visit