©istock.com/Andrea Obzerova
Interdisciplinary CompetenceMolecular Diagnostics
Know how in the analysis of genetic material.
For the benefit of patients.

Data privacy statement

amedes Medizinische Dienstleistungen GmbH ("amedes", "we" or "us") offers unique interdisciplinary medical-diagnostic services for patients, registered doctors and clinics. Dealing with sensitive data is therefore part of our daily routine. For this reason, compliance with data protection laws and thus the protection of your personal data is an important concern for us. We would like to explain to you below which data we collect when you use our Internet offer at www.amedes-group.com ("website"), how we use your data and what we do to protect your data, as well as your rights in this regard.

1. Responsible person and contact details

The responsible person within the meaning of the General Data Protection Regulation ("GDPR") is:

amedes Medizinische Dienstleistungen GmbH
Werner-von-Siemens-Straße 10
37077 Göttingen

Phone +49 (0) 800.58 91 669
info(at)amedes-group.com
www.amedes-group.com

You can reach our data protection officer at: 

amedes Medizinische Dienstleistungen GmbH
Haferweg 40
22769 Hamburg

Phone +49 (0) 40.33 44 11-9922
E-mail: datenschutz(at)amedes-group.com

2. What data we process, for how long and for what purpose

2.1 Informational use of the website

Scope of processing. In the case of merely informative use of our website, i.e. if you do not transmit information to us in any other way, we only collect the personal data that your browser automatically transmits to our server. When you call up our website, we collect the following data: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser, operating system and its interface, language and version of the browser software.

Purpose and legal basis. The purpose of the processing is to make the retrieval of the website technically possible and to ensure the stability and security of the website. The legal basis of the processing is the protection of our legitimate interests (Article 6 (1) (f) DSGVO). Our legitimate interest in data processing also lies in the purposes just mentioned. 

Duration of storage. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We store IP addresses for seven days in order to be able to track misuse.

2.2 Contact form/ contacting by e-mail

Scope of processing. On our website, we offer you a form through which you can contact us electronically. In this case, the data entered in the input mask will be transmitted to us and processed. These are: Name, title, specialist group, e-mail address, telephone number, your details in the free text field. The fields marked with an asterisk are mandatory. The optional details help us to better allocate your enquiry and process it more efficiently. If the message is sent via the contact form, the following data is also processed: IP address of the user, date and time. For the processing of the data, your consent is obtained before sending and reference is made to this data protection declaration. You can of course also communicate with us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be processed.

Purpose and legal basis. The data is processed exclusively for the purpose of enabling the processing of your enquiry. The legal basis for processing the data is your consent (Article 6 (1) a DSGVO). The data transmitted to us in the course of sending an e-mail is processed on the basis of our legitimate interest in ensuring efficient and user-friendly communication and processing of your request as well as reliable documentation for verification purposes (insofar as necessary for the assertion, exercise or defence of legal claims) (Article 6 (1) lit. f DSGVO). If you contact us with the aim of concluding a contract, then we base the processing of your data on the necessity of processing for the implementation of pre-contractual measures in order to make a decision on the establishment of the contract with you (Article 6(1)(b) DSGVO).

Duration of storage. The data mentioned in this sub-number will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective contact has ended. The contact is ended when your request has been dealt with, e.g. by answering your questions, and your request has been completely processed. In individual cases, we may store your data for a longer period of time if this is necessary for the assertion, exercise or defence of legal claims or to comply with legal obligations (such as retention obligations).

2.3 Newsletter & promotional contact

Scope of processing. If you register for our newsletter (including our billing newsletter) and promotional contact, we only require your email address or postal address. All other information is voluntary. If you have registered for the e-mail newsletter, you will first receive an e-mail with a link which you must click to confirm that you wish to receive the newsletter and promotional communication (so-called double opt-in procedure). In this way, we prevent anyone from improperly ordering the newsletter on your behalf. If you have separately consented to us analysing how you use our newsletter, then we also evaluate when you opened the newsletter with what kind of browser and from what location and what content you were interested in. Your registration is logged in order to prevent misuse and to document and prove the registration process in accordance with legal requirements.

Purpose and legal basis. Your data will only be stored and used for the purpose of sending our newsletter and for customer care, to contact you individually (insofar as this is legally permitted) - if necessary after researching further data - to make you offers and to clarify your need for our services. The analysis of the usage serves the purpose of improving our offer. We log and store your registration for the newsletter, if applicable your consent to the usage analysis and your confirmation of the registration, in order to protect our legitimate interests to be able to prove that you have actually registered and given your consent (Article 6 para. 1 lit. f DSGVO). Our legitimate interest in this respect is to prove compliance with legal requirements and to defend against unjustified legal claims.

The legal basis for the data processing in connection with the sending of the newsletter and promotional communication as well as - with the corresponding consent - the separate recording and analysis of usage is your consent (Article 6 (1) lit. a DSGVO).

Duration of storage. For the purpose of sending the newsletter and usage analysis, we store your data until you revoke your consent or until the newsletter is permanently discontinued. For the purposes of servicing interested parties, we delete your data as soon as you object to its use or at the latest five years after your last expression of interest. We retain the data stored for the purpose of proving consent for up to three years after sending the last newsletter or other promotional communication to you. If you do not confirm your newsletter subscription, we delete your data after 24 hours.

2.4 Customer magazine

Scope of processing. If you register for our customer magazine, we only require your postal or e-mail address. All other information is voluntary.

Purpose and legal basis. Your data will only be stored and used for the purpose of sending our customer magazine and for customer care in order to contact you individually (insofar as this is legally permitted) - if necessary after researching further data - to make you offers and to clarify your need for our services. We log and store your registration for the customer magazine to protect our legitimate interests in order to be able to prove that you have actually registered and have given your consent (Article 6 (1) (f) DSGVO). Our legitimate interest in this respect is to prove compliance with legal requirements and to defend against unjustified legal claims. The legal basis for data processing in connection with the mailing of the customer magazine is your consent (Article 6 para. 1 lit. a DSGVO).

Duration of storage. For the purpose of sending the customer magazine, we store your data until you revoke your consent or until the customer magazine is permanently discontinued. For the purposes of servicing interested parties, we delete your data as soon as you object to its use or at the latest after five years have elapsed since your last expression of interest. We retain the data stored for the purpose of proving consent for up to three years after sending the last customer magazine to you.

2.5 Downloading flyers and information material

If you wish to download a flyer or other content from our site, section 2.1 applies accordingly.

2.6 Integration of Google Maps/YouTube

Scope of processing. We integrate Google Maps/YouTube Videos, a map and video service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website. These services are deactivated by default and you can decide yourself whether you want to use the respective services. If you activate the respective services (by clicking on the respective buttons), Google will receive the information that you have accessed the page on which the map or video is embedded. In addition, the data mentioned under 2.1 will be transmitted. In this respect, it is irrelevant whether you have a user account with Google or not. However, if you are logged into your Google user account, your data can be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. You should only activate the respective services if you agree to the processing of your data by Google.

Purpose and legal basis. Google stores your data as usage profiles and uses them for advertising and market research purposes. Such an evaluation is also carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other Google users about your activities on our website. For more information on the purpose and scope of data collection and its processing by Google, please refer to Google's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. We do not receive any information from Google and do not carry out any specific processing of our own of your personal data in connection with the use of Google Maps or YouTube.

The legal basis for any processing by us is your consent (insofar as data is transferred to Google or other limited processing takes place in the context of the integration of the tools). By activating the respective Google services, you consent to the use of cookies by Google in this regard as well as to the processing of your personal data in this regard (Section 25 TTDSG, Article 6 (1) a DSGVO).

Recipients / transmission to third countries. The recipient of the data is Google Ireland and, if applicable, Google LLC in the USA. The European Commission assumes that an adequate level of data protection does not exist in the USA.

Possible risks that cannot be excluded in connection with the transfer of your personal data to the USA are in particular:

  • You may not be able to sustainably assert or enforce your rights of access and other data subject rights against Google LLC.
  • There is a risk that the US state authorities will direct requests for information against Google as the data recipient and that the US state authorities will thus be able to view your personal data without this being subject to equally strict regulations as in the EU. In particular, possible legal protection is not adequately guaranteed in this context.

By activating the respective Google services, you also consent to the relevant transmission of your personal data to Google LLC in the USA (Art. 49 para. 1 lit. a) DSGVO). In order to adequately protect your data, Google LLC undertakes to protect your data on the basis of the EU standard contractual clauses (Art. 46 para. 2, para. 5 DSGVO) (see https://privacy.google.com/businesses/processorterms/mccs/). Furthermore, additional protective measures are implemented.

To find out more about the recipients of your data, the third countries concerned and the measures we have taken to protect your data, including the possibility of obtaining a copy of the measures, please contact us using the contact details listed in section 1.

You can revoke your consent at any time by contacting us using the contact details listed in section 1, without this affecting the lawfulness of the processing of your data carried out on the basis of the consent until revocation.

Additional specific data subject rights: You have the right to object to the creation of user profiles, and you must contact Google to exercise this right: adssettings.google.com/authenticated

2.7 Downloading the amelis software 

Scope of processing. If you download our software amelis from our website, the data mentioned in section 2.1 will initially be collected when you call up the website. If you have installed the software on your computer, certain login data will be collected (i.e. user name and password). The software is only activated for a specific device, i.e. coupled with it, so that a device identification number is generated and stored during the installation and registration process. Finally, so-called log files or log files are generated during use. A log file is a file that contains a list of events that have been "logged" by a computer.

Purpose and legal basis. The purpose of the aforementioned data collection is the provision of software for the secure retrieval of findings via the internet. The legal basis is the contract concluded between you and us regarding the use of the software (Article 6 (1) b DSGVO).

Duration of storage. The login data is stored for the duration of the existence of the licence agreement for the amelis software. The log files are deleted on an ongoing basis in accordance with the limitation to a certain size. All other data is deleted as soon as it is no longer required for the provision of the service.

2.8 Download the amelis LDT3 application on mobile devices (Android, iOS)

Scope of processing.
When you use the application, we collect, process and store various information.
Users registered with us receive a retrieval token with which the user creates an individual certificate on the device. This certificate is used to identify the user and to encrypt the transmitted data.

When you use the amelis application, the following activities and information are logged and stored on our servers:

  1. To identify the user
    • IP address + user certificate
  2. To fulfill the purpose of the application
    • Logging in and out of the system
    • Reading and/or changing diagnostic data
    • Setting the display parameters
    • Changes to user master data
    • Proof of confirmation for data requiring special treatment
  3. For troubleshooting and static purposes
    • Model name
    • Type of device (phone / tablet)
    • OS version
    • Screen size
    • Diagnostic data when errors occur
    • User agent string of the end device

The amelis application uses Internet-based notification services from Google and Apple. The “Google Firebase Cloud Messaging” and “Apple Notification Service” services use individual push IDs to deliver information to end devices. In order to be able to send messages to specific devices, we link the push IDs with the corresponding login data. Sensitive information is always transmitted end-to-end encrypted.
You can access the respective data protection declarations of the services used under the following links:
Google Firebase
Apple Notification

Purpose and legal basis.
The purpose of the aforementioned data collection is to provide an application for the secure retrieval of findings via the Internet. The legal basis is the contract concluded between you and us regarding the use of the application (Article 6 Paragraph 1 Letter b GDPR).

Duration of storage.
The above-mentioned registration data will be stored for the duration of the customer relationship and, if necessary, to comply with the required legal retention periods. All other data will be deleted as soon as they are no longer required to provide the service.

2.9 Fertility app

Scope of processing. When downloading the amedes app, the required information is transferred to the respective app store, i.e. in particular user name, email address and customer number of your account, time of download and the individual device identification number. We have no influence on this data collection, which is subject to the conditions of the Google Play Store or Apple Store. We only process the data insofar as it is necessary for downloading the app to your mobile device.

If you then use the app on your mobile device, we collect the following personal data: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser type, operating system and its interface, language and version of the browser software. Furthermore, we need your device identification, unique number of the terminal device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile terminal device and e-mail address.

Purpose and legal basis. We use the data generated during the download of the app to enable you to download the app technically. We process the data generated when using the app for the purpose of enabling the functionality of the app and ensuring its stability and security. The basis for the use is therefore the fulfilment of the licence agreement between you and us on the use of the app that is created by the download (Article 6 (1) (b) DSGVO) as well as our legitimate interest in ensuring the functioning and stability of the app (Article 6 (1) (f) DSGVO).

Duration of storage. The data collected when downloading the app will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data to enable the download, this is the case when the respective download has ended. The same applies to the data that accumulates during the use of the app. We store IP addresses for seven days in order to be able to track misuse.

2.10 Registration for events

Scope of processing. When you register for an event, we require certain data from you depending on the type of event. The registration form indicates which information is required and which is voluntary. The voluntary information helps us to better allocate your registration and process it more efficiently. Your data will not be passed on to third parties. Any exceptions (e.g. for cooperation events) will be clearly communicated during registration.

Purpose and legal basis. We only use your data for the event and to send you information on similar events, furthermore to prove that we are allowed to send you this information based on your previous registration, and for customer care. If participation in the event is subject to a fee, we must also store your registration and, if applicable, payment data for tax and commercial law reasons. We base the processing of your data for the purpose of handling your participation in the event on the necessity of the processing for the fulfilment of the contract with you, or for the implementation of pre-contractual measures, which take place in response to your registration request (Article 6 para. 1 lit. b DSGVO). Processing for the purpose of proving your request is based on our legitimate interest in ensuring and documenting compliance with legal requirements with regard to promotional approaches and customer care (Article 6 (1) (f) DSGVO). The basis for the storage of e.g. commercial or business letters or accounting vouchers is the necessity of the processing for the fulfilment of the tax and commercial law regulations (Article 6 para. 1 lit. c) DSGVO in conjunction with. § 147 AO, 257 HGB). Furthermore, your data is processed to protect our legitimate interests in fulfilling your requests, promoting sales of our products and services through appropriate advertising, and asserting or exercising legal claims or defending against legal claims (Art. 6 para. 1 lit. f DSGVO).

Duration of storage. We will delete your data by 31 March of the seventh calendar year after it is created in the case of business letters and other tax-relevant documents, and by 31 March of the eleventh calendar year after it is created in the case of accounting documents. For event purposes, we delete your data three months after the end of the event; for the purpose of sending information, as soon as you object or we permanently discontinue sending information; for the purpose of customer care, as soon as you object or by 31 March of the fifth calendar year after the end of the last event for which you registered or in which you participated, or after your last other expression of interest; for the purpose of proving your registration, by 31 March of the fourth calendar year following the last mailing of information.     

2.11 Cookies

Our website uses cookies. Cookies are text files that are stored on your computer by your internet browser. These cookies contain a string of characters that allows your browser to be uniquely identified when you return to the website. For example, some elements of our website require that the calling browser can be identified even after a page change in order to provide you with the desired functionalities. For this purpose, data identifying the user is stored and transmitted in these technically required cookies. We also set other cookies, for example for statistical and marketing purposes, which are only set if you give your consent. When accessing our website, the user is informed about the use of these cookies and has the opportunity to give his or her consent to the processing of personal data used in this context. In this context, there is also a reference to this data protection declaration. In addition, the user can subsequently revoke or grant his consent at any time via our cookie settings, or individually adjust his selection with regard to the use of cookies.

More information about which cookies we use, for what purposes they are used and for how long they are stored can be accessed at any time via the cookie settings.

You can also set your browser to generally prevent cookies from being saved. Once cookies have been set, you can delete them again at any time. You can find out how all this works in detail in the help function of your browser. Please note that a general deactivation of cookies may lead to functional restrictions on our website.

Purpose and legal basis. We use cookies that are technically absolutely necessary to enable the operation of the website. Depending on the cookie settings you have made (and your consent in this regard), we also use other cookies for statistical or marketing purposes:

  • Technically necessary cookies are used to enable the technical operation of a website and to make it functionally usable for you. The use of cookies is based on our legitimate interest in offering a technically flawless website. However, you can generally deactivate the use of cookies in your browser.
  • Statistics cookies collect information about how websites are used in order to improve their attractiveness, content and functionality. They are only used with your consent and only as long as you have not deactivated the respective cookie.
  • Marketing cookies come from external advertising companies and are used to collect information about the websites visited by the user. They are only used with your consent and only as long as you have not deactivated the respective cookie.

Insofar as the technically necessary cookies used by us allow a conclusion to be drawn about your person, we base the processing of your data on the necessity of the processing to safeguard our legitimate interest in the technically flawless and secure operation and smooth functionality of our website (Article 6 para. 1 lit. f DSGVO). Your consent is not required for the use of technically necessary cookies in accordance with Section 25 (2) No. 2 TTDSG (Telecommunications and Telemedia Data Protection Act).

The use of statistics and marketing cookies only takes place if you declare your consent (§ 25 para. 1 TTDSG and Article 6 para. 1 lit. a DSGVO). By accepting statistical and/or marketing cookies, you also consent to the processing of your personal data in this regard. Your consent is voluntary and can be given or revoked at any time for the future by calling up the cookie settings. The revocation of your consent does not affect the lawfulness of the processing of your data carried out on the basis of your consent until revocation.

Duration of storage. Cookies are stored on your computer. You can call up the duration of the storage in the overview in the cookie settings.

a. Google Analytics

Scope of processing. This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. (Parent company: Google LLC, USA). Google Analytics uses cookies (see section 2.11). By setting these cookies, it is possible to analyse the activities of a user regardless of the use of different devices by assigning Google a user ID. If you have given your consent, Google will store cookies on your terminal device to enable an analysis of your use of the website. This provides us with various usage data, such as page views, length of stay, browser type/version, operating systems used, host name of the accessing computer (IP address), time of the server request and origin of the user (referrer URL).

The information generated by the cookie about the use of our website will be transmitted to and stored by Google on servers in the United States. IP anonymisation has been activated on this website so that the IP address of the user is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

We have concluded an order processing agreement with Google for the use of Google Analytics. When configuring Google Analytics, care was also taken to ensure that Google acts as an order processor and may not, in principle, use the data for its own purposes. However, data may be transferred from Google to third parties if Google is legally obliged to do so.

More information on Google's handling of user data with Google Analytics can be found here. You can find an overview of Google's data protection here. Google's privacy policy can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de.

Purpose and legal basis. Google will use the data on our behalf to analyse the use of our website and to compile reports on usage for us. Analysis and use by us is based solely on statistical and aggregated information. In particular, this information helps us to better understand how users use our website, where users come from, which pages they visit, and how long users stay on our website. This enables us to improve our website and functionalities and to make our offer more interesting for you as a user. If necessary, the data is also used to be able to provide us with chargeable services. The legal basis for the use of Google Analytics is your consent. By accepting the corresponding cookies, you also consent to the processing of your personal data in this regard (Section 25 (1) TTDSG, Article 6 (1) a DSGVO). You can revoke your consent at any time with effect for the future via our cookie settings.

Duration of storage. The usage data collected via Google Analytics is automatically deleted on a monthly basis after 14 months.

Recipients / transmission to third countries. In the context of the use of Google Analytics, it cannot be ruled out that Google LLC in the USA may also have access to the stored data. The data protection laws in the USA do not offer a level of protection comparable to European laws, which would be considered appropriate by the European Commission. In particular, it cannot be ruled out that US authorities (e.g. security authorities in the USA) could access your data in the USA without US laws granting you adequate judicial remedies. With your consent to the use of the described analysis cookies, you also consent to the transfer of your personal data to Google LLC in the USA (Art. 49 para. 1 lit. a) DSGVO). In order to adequately protect your data, Google LLC further undertakes to protect your data on the basis of the EU standard contractual clauses (Art. 46 para. 2, para. 5 DSGVO) (see https://privacy.google.com/businesses/processorterms/mccs/). To find out more about the recipients of your data, the third countries concerned and the measures we have taken to protect your data, including the possibility of obtaining a copy of the measures, please contact us using the contact details listed in section 1.

Special data subject rights: You can prevent tracking by Google Analytics by only allowing required cookies in the cookie banner.

Furthermore, you can permanently prevent the collection of your data by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de.

Please note that you will have to carry out the above process again if you use a different terminal device or browser.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

2.12 Applicant portal

Scope of processing. If you apply to us via the website, we process the information we receive from you as part of the application process, e.g. through uploaded letters of application, CV, certificates, correspondence, telephone or verbal details. In addition to your contact details, information about your education, work experience and skills is particularly relevant to us. If required to carry out a pre-employment compliance check of your suitability for the desired position, we will also check your data against relevant European and internationally recognised sanctions and terror lists (in particular sanctions and terror lists of the EU and, where applicable, the UN, the UK, the USA and Canada). In the application process, we will not use information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, health data or data concerning sex life, sexual orientation, pregnancy or family planning. We ask you not to provide us with any such information in the first place. The only exception is that we will contact you if you have voluntarily provided us with information about your gender, and that we will use any information about a severe disability in accordance with the legal requirements. However, you are under no obligation to provide us with such information. In order to identify returning applicants without having to store their data, we create a pseudonymised identification key to an applicant's personal data.

Purpose and legal basis. Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, it will become part of your personnel file and be used to implement and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against any legal claims, in particular due to an alleged disadvantage in the application process. Insofar as you receive reimbursements of costs, the corresponding accounting records are processed to fulfil the retention obligations under commercial and tax law. The basis of data processing in the application procedure is the authority to process personal data for purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination (Article 6 para. 1 lit. b DSGVO and Section 26 para. 1 BDSG). We further base any pre-employment compliance check (esp. any comparison with sanctions and terror lists) on our legitimate interests in ensuring and documenting compliance with group-wide compliance requirements as well as legal and regulatory requirements, avoiding sanctioned conduct and promoting business relationships with individuals, companies and/or associations involved in terrorist or unlawful activities (Article 6(1)(f) DSGVO). After a cancellation, we continue to process your data for a short period of time (see below) to protect our legitimate interests (Art. 6 para. 1 lit. f DSGVO). In this respect, the legitimate interest is the defence against legal claims. The basis for any other storage of e.g. commercial or business letters or accounting vouchers, for example in the context of cost reimbursements, is the necessity of the processing for the fulfilment of tax and commercial law regulations (Article 6 para. 1 lit. c DSGVO in conjunction with §§ 147 AO, 257 HGB). 

Duration of storage. If your application is successful, your application data will be processed and, if necessary, deleted in accordance with the regulations applicable to personnel files. If your application is unsuccessful, we will delete your data no later than six months after sending the rejection. Insofar as you receive reimbursements of costs, the corresponding accounting documents will be retained for the purpose of fulfilling the retention obligations under commercial and tax law until 31 March of the eleventh calendar year after payment at the latest, and in the case of commercial and business letters and other tax-relevant documents of the seventh calendar year after their creation.

3. Recipients of personal data

We share your data with the following categories of third parties and other recipients in the scenarios below:

3.1 Service providers, business partners and affiliated companies

We transfer your data to partner companies and other service providers, including amedes affiliated companies of the amedes group, that have been carefully selected in advance and are contractually obligated as processors in accordance with the relevant provisions of data protection law. For example, we may share your personal data with our service providers and affiliates who provide technical services (hosting, IT support), marketing services or other business processes on our behalf. These companies may only use your personal data to the extent necessary to provide the services we have contracted them to provide. Your data will not be sold to third parties or marketed in any other way. You can obtain further information about the recipients of your personal data at any time upon request to amedes using the contact details provided in section 1.

3.2 Law enforcement agencies, courts, regulatory authorities, government agencies or other third parties

We may also disclose your personal data to these parties if we believe that doing so is necessary to comply with a legal or regulatory obligation or to protect and defend our rights or the rights of others, such as when we are required to cooperate with authorities in connection with legal investigations. To the extent permitted by law or regulation and where reasonable, we will endeavour to notify you of any such requirements.

4. Data subject rights

You have the right in accordance with the statutory provisions:

  • Request information about the personal data processed about you and a copy of this data (right of access);
  • To request the rectification of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data (right to rectification); please let us know if your data and, if applicable, which of your data we hold have changed so that we can correct or update the relevant data.
  • To request the deletion of your data if there are legitimate grounds for doing so (right to erasure);
  • To request the restriction of the processing of your data, if the legal requirements are met (right to restriction of processing);
  • To receive the data you have provided in a structured, common and machine-readable format, if the legal requirements are met, and to transfer this data to another controller or, if technically feasible, to have it transferred by us (right to data portability); and
  • Not to be subject to a decision based solely on automated processing, unless the legal requirements for this are met. Automated decision-making does not take place at amedes.

You also have the right to object to processing of your data which is carried out to protect the legitimate interests of amedes or third parties for reasons arising from your particular situation in accordance with the statutory provisions (right of objection). If personal data is processed by us for the purpose of direct marketing, you have the right to object to this processing at any time without the need for special reasons.

Insofar as the processing of your data is based on consent, you have the right to revoke your consent at any time without this affecting the lawfulness of the processing of your data carried out on the basis of the consent until revocation.

To exercise your rights, as well as to revoke any declaration of consent, please contact amedes using the contact details listed in section 1.

In addition, you have the right to lodge a complaint with a supervisory authority at any time, without prejudice to other legal remedies.

5. Safety

amedes has implemented appropriate technical and organisational measures to protect your personal data. In particular, in cases where you send personal data to us, amedes offers you the option of transmitting the information in encrypted form. This encryption protects the confidentiality of the data exchange between you and our web server and helps to prevent misuse of the data, e.g. through eavesdropping. We use SSL (Secure Socket Layer) as the encryption technology. This is a recognised and widely used technology for the protection of personal data.