Privacy at a glance

Thank you for your interest in our website. The protection of your privacy is very important to us.

Information on privacy

We take privacy seriously

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.

If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.

Responsible party:

medi Canada Inc / médi Canada Inc
104-1375 Lionel-Boulet, 
Varennes, Québec,
QC Canada J3X 1P7

+1 450 583 3317 / +1 800 361 3153
+1 888 583 6827

Personal data

Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.

When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.

Stored data

Server log files

Server log files

Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us.
These are:

  • Data and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • the web browser and operating system used
  • complete IP address of the computer making the request
  • amount of data transmitted

This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.



When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on your hard drive. The information stored in the cookies allows you to be automatically recognised the next time you visit our website, which will make it easier for you to use the site. The legal basis for the use of cookies is your consent in accordance with Art. 6 (1)(a) GDPR or, for necessary cookies, our legitimate interest in accordance with Art. 6 (1)(f) GDPR. Our legitimate interests are in maintaining the functionality and security of the website, protection against misuse and improving our service.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit, you can also refuse the use of cookies by changing the settings in your browser to “refuse cookies”. The respective procedure can be found in the settings of your browser. If you reject the use of cookies, however, there may be restrictions on the use of some areas of our website.

Withdraw or change your cookie consent and get more information about the functional duration of the individual cookies.


A web service of Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: is reloaded on our website. We use this data to ensure full functionality of our website. Your browser or personal data is transferred to in this context.

The legal basis for data processing is Art. 6 (1)(f) GDPR and Art. 6 (1)(c) GDPR.

The legitimate interest here is in trouble-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find more information on handling of the transferred data in the Data Protection Statement of under:


Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not collect personal data. The tool activates other tags, which may collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, it will continue to persist for all tracking tags implemented with Google Tag Manager. You can find Google’s privacy policy for this tool at:

Google Analytics 4 with anonymisation functionality Part

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, hereinafter “Google”, on our website. Google Analytics 4 uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information collected by means of these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities during those sessions) and to analyse user behaviour across devices.

We use Google Signals. This allows Google Analytics 4 to collect additional information about users who have activated personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

The anonymisation of IP addresses is activated by default with Google Analytics 4. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events may include:

  • Page views
  • First visit to the website
  • Start of the session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links 
  • Internal search queries
  • Interaction with videos
  • Downloaded files
  • Ads seen / clicked
  • Language settings

The following is also recorded:

  • Your approximate location (region)
  • Your IP address (in truncated form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet provider
  • The referrer URL (via which website/advertising medium you came to this website)
  • User ID
  • Interests
  • Demographic data

Google will use this information for the purpose of evaluating your usage of our website, compiling reports on website activities for us, and carrying out further services relating to website activity and Internet usage.

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google. The data will only be passed on to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The data sent by us and linked to cookies are automatically deleted after 14   months. The deletion of data the retention period of which has been reached takes place automatically once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 Sent. 1 lit. a GDPR.

Google also offers an opt-out add-on for the most popular browsers, which gives you more control over what information Google collects about the websites you visit. The add-on indicates to the JavaScript (ga.js) of Google Analytics 4 that no information about the website visit should be transmitted to Google Analytics 4. However, the Google Analytics 4 opt-out browser add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For further information on installing the browser Add-On, please click on the following link:

If you visit our website from a mobile device (smartphone or tablet), you will need to click this link instead to prevent Google Analytics 4 from tracking you within this site in the future. This is also possible as an alternative to the above browser Add-On. By clicking the link, an opt-out cookie is set in your browser and is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.

If you’ve agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, Google will use your information in conjunction with Google Analytics data to create target audience lists for remarketing purposes across multiple devices. Google Analytics 4 will first collect your Google-authenticated ID on our website, which is linked to your Google account (i.e. personal data). Google Analytics will then temporarily associate your ID with your Google Analytics 4 data to optimise our target audiences.

If you do not agree, you can turn it off via the corresponding settings in the “My Account” section of your Google Account.

You can find out more about the Google privacy policy and data protection regarding Google Analytics 4 at: and at

For further information on the use of “cookies” on our website and on revocation, please refer to the last section “Cookies”.

Google Doubleclick

Doubleclick by Google is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were accessed. The cookies contain no personal information. The use of DoubleClick cookies only allows Google and its affiliates to display ads based on previous visits to our or other websites. The information generated by the cookies is transferred by Google to a server in the United States for evaluation and is stored there.

Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google.

For more information about the use of cookies on our site, please see the section "Cookies".

In addition, you can prevent Google from collecting and processing the data generated by the cookies, as well as the data related to your use of the webpages, by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies with this opt-out.



We use the provider Vimeo for the integration of videos, among others things. Vimeo is operated by Vimeo, LLC headquartered at 555 West 18th Street, New York, New York 10011.

On some of our webpages, we use plugins of the provider Vimeo. If you access the webpages of our website with such a plugin – for example, our media library – a connection to the Vimeo servers will be established, and the plugin will be displayed. By doing so, the Vimeo server will be informed which of our webpages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g., clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

Further information on data processing and privacy at Vimeo can be found at

For more information on the use of cookies on our website, please refer to the “Cookies” section.


YouTube in Privacy-Enhanced Mode

We use the YouTube embedding function to display and play videos from the provider YouTube (hereinafter “YouTube”), which belongs to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

The privacy-enhanced mode is used here, in which, according to the provider, the storage of user information is only triggered when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider uses YouTube cookies or comparable recognition technologies to collect information about user behaviour. According to information from YouTube, these are used for purposes including the collection of video statistics, the improvement of user-friendliness and the prevention of abusive behaviour. The YouTube server is informed about which of our pages you have visited. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not want your data to be assigned to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles which it then evaluates. Such an evaluation is carried out according to Art. 6 (1)(f) GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.

You can object to YouTube’s analysis of user behaviour and targeted advertising by clicking on the following link:

For more information about privacy at YouTube, please see their privacy policy:



Facebook fanpage

We operate a Facebook page (“fanpage”) on Facebook, a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Facebook collects and uses data to provide analysis services (“Page Insights”) to page operators in order to offer them insights into how people interact with their pages and the content associated with them. This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices users use, such as IP addresses, the operating system, browser type, language settings and cookie data.

We are jointly responsible with Facebook Ireland Ltd. for the collection and processing of data from visitors to our fanpage. The legal basis is our legitimate interest in this information for advertising purposes, Art. 6 (1)(1)(f) GDPR. That is why we have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR. The agreement with Facebook also stipulates in particular which security measures Facebook must observe and that Facebook must comply with the rights of data subjects.

You can find further information on page insights and on how to assert your data subject rights in “Information on page insights”. Click here to view the terms of the contract concluded with Facebook.

More information

Customer account

Customer account

We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.

The legal basis for this processing activity is art. 6 (1) (b) GDPR.

We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

For more information about the use of cookies on our site, please see the section "Cookies".

Login with Auth0

Login with Auth0

On our website, we use the Auth0 tool provided by Auth0, 10900 NE 8th Street, Bellevue, WA 98004, USA, to manage logins to our system. In the process, data is transmitted to the USA and processed there on our behalf in accordance with the standards of a data processing agreement (Art. 28 GDPR).

Data processing is necessary for our contract with you to be processed.

Please also note the information on data privacy provided by Auth0 at



We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.

Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Data transfers to third countries

Data transfers to third countries

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

Storage period

Storage period

We will store your data,

  • if you have consented to the processing thereof, only until you withdraw your consent;
  • if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
  • if statutory retention obligations exist, until the end of the retention periods.

Social Buttons

Social Buttons of Facebook, Vimeo, LinkedIn

On our website, we use social buttons from social media networks. These are merely integrated as HTML links into the website, meaning that when you call up our website, no connection is established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can press the like or share button, for example.

medi vision

medi vision

Collection and storage of personal data; nature, purpose and use

When you enter into a contractual relationship with us, the following information is collected:

For medi vision: date and time of the scan, software version of the app, measurement data and circumferences up to the waist, 3D model (file with anonymised (or randomised) name)

Your rights

You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.


Right of access:

You can request information from us as to whether and to what extent we process your data.


Right to rectification:

If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.


Right to erasure:

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.


Right to restrict processing:

You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
  • the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
  • you have objected to the processing of the data.

Data portability

Right to data portability:

You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and that such processing is carried out using automated procedures. If technically feasible, you may request us to transfer your data directly to another representative.


Right to object:

If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.


Right to appeal:

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.

Changes to this Privacy Policy

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure that you have the latest version. If substantial changes are made to this privacy statement, we will post them on our website.

All interested parties and visitors to our website can contact us with questions about privacy at: