We take privacy seriously
Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.
If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.
medi Canada Inc / médi Canada Inc
QC Canada J3X 1P7
+1 450 583 3317 / +1 800 361 3153
+1 888 583 6827
Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.
The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.
When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.
Server log files
Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us.
- Data and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- the web browser and operating system used
- complete IP address of the computer making the request
- amount of data transmitted
This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.
This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.
A web service of Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure full functionality of our website. Your browser or personal data is transferred to cookiebot.com in this context.
The legal basis for data processing is Art. 6 (1)(f) GDPR and Art. 6 (1)(c) GDPR.
The legitimate interest here is in trouble-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find more information on handling of the transferred data in the Data Protection Statement of cookiebot.com under: www.cookiebot.com/de/privacy-policy/
Google Tag Manager
Google Analytics with anonymisation functionality Part
On our website, we use Google Analytics, a web analysis service by Google Ireland Limited hereinafter referred to as “Google”. Google Analytics uses so-called “Cookies”, which are text files that are saved on your computer that enable an analysis of your use of the website.
The information generated by these cookies, such as time, location and frequency of your visits to the website, including IP address, are transmitted to Google and saved there.
On our website, we use Google Analytics with the “_gat._anonymizeIp” tag. Through this, your IP address will already be truncated by Google within member states of the European Union or in other member states that are party to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google Inc. server in the USA and anonymised there.
Google will use this information for the purpose of evaluating your usage of our website, compiling reports on website activities for us, and carrying out further services relating to website activity and Internet usage. Google may also pass this information on to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Google will not, according to its own account, associate your IP address with any other data held by Google.
If you visit our website from a mobile device (smartphone or tablet), you will need to click this link instead to prevent Google Analytics from tracking you within this site in the future. This is also possible as an alternative to the above browser Add-On. By clicking the link, an opt-out cookie is set in your browser and is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.
If you’ve agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, Google will use your information in conjunction with Google Analytics data to create target audience lists for remarketing purposes across multiple devices. Google Analytics will first collect your Google-authenticated ID on our website, which is linked to your Google account (i.e. personal data). Google Analytics will then temporarily associate your ID with your Google Analytics data to optimise our target audiences.
If you do not agree, you can turn it off via the corresponding settings in the “My Account” section of your Google Account.
Google will transfer data to third parties only on the basis of statutory requirements or as part of contract data processing. Under no circumstances will Google combine your data with other data collected by Google.
In addition, you can prevent Google from collecting and processing the data generated by the cookies, as well as the data related to your use of the webpages, by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies with this opt-out.
We use the provider Vimeo for the integration of videos, among others things. Vimeo is operated by Vimeo, LLC headquartered at 555 West 18th Street, New York, New York 10011.
On some of our webpages, we use plugins of the provider Vimeo. If you access the webpages of our website with such a plugin – for example, our media library – a connection to the Vimeo servers will be established, and the plugin will be displayed. By doing so, the Vimeo server will be informed which of our webpages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g., clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
Further information on data processing and privacy at Vimeo can be found at https://vimeo.com/privacy.
YouTube in Privacy-Enhanced Mode
We use the YouTube embedding function to display and play videos from the provider YouTube (hereinafter “YouTube”), which belongs to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
The privacy-enhanced mode is used here, in which, according to the provider, the storage of user information is only triggered when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider uses YouTube cookies or comparable recognition technologies to collect information about user behaviour. According to information from YouTube, these are used for purposes including the collection of video statistics, the improvement of user-friendliness and the prevention of abusive behaviour. The YouTube server is informed about which of our pages you have visited. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not want your data to be assigned to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles which it then evaluates. Such an evaluation is carried out according to Art. 6 (1)(f) GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
You can object to YouTube’s analysis of user behaviour and targeted advertising by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=en
We operate a Facebook page (“fanpage”) on Facebook, a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Facebook collects and uses data to provide analysis services (“Page Insights”) to page operators in order to offer them insights into how people interact with their pages and the content associated with them. This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices users use, such as IP addresses, the operating system, browser type, language settings and cookie data.
We are jointly responsible with Facebook Ireland Ltd. for the collection and processing of data from visitors to our fanpage. The legal basis is our legitimate interest in this information for advertising purposes, Art. 6 (1)(1)(f) GDPR. That is why we have entered into a shared responsibility agreement with Facebook in relation to the processing of your data in accordance with Art. 26 GDPR. The agreement with Facebook also stipulates in particular which security measures Facebook must observe and that Facebook must comply with the rights of data subjects.
You can find further information on page insights and on how to assert your data subject rights in “Information on page insights”. Click here to view the terms of the contract concluded with Facebook.
We set up a password-protected direct-access to the user data (customer account) stored by us for each customer who registers accordingly. Here you can view data about your completed, open and recently shipped orders and manage your address information, bank details and the newsletter. You undertake to treat the personal access-data confidentially and not to make them accessible to unauthorised third parties. We cannot assume any liability for misused passwords, unless we are responsible for the misuse.
The legal basis for this processing activity is art. 6 (1) (b) GDPR.
We would like to make your visit to our website as pleasant as possible with the function “Stay logged in”. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you need to change your personal data or you wish to place an order. We recommend that you do not use this feature if the computer is used by multiple users. We would like to point out that the “Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.
Login with Auth0
On our website, we use the Auth0 tool provided by Auth0, 10900 NE 8th Street, Bellevue, WA 98004, USA, to manage logins to our system. In the process, data is transmitted to the USA and processed there on our behalf in accordance with the standards of a data processing agreement (Art. 28 GDPR).
Data processing is necessary for our contract with you to be processed.
Please also note the information on data privacy provided by Auth0 at https://auth0.com/privacy
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.
Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.
Data transfers to third countries
If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.
We will store your data,
- if you have consented to the processing thereof, only until you withdraw your consent;
- if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
- if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
- if statutory retention obligations exist, until the end of the retention periods.
Social Buttons of Facebook, Vimeo, LinkedIn
On our website, we use social buttons from social media networks. These are merely integrated as HTML links into the website, meaning that when you call up our website, no connection is established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can press the like or share button, for example.
Collection and storage of personal data; nature, purpose and use
When you enter into a contractual relationship with us, the following information is collected:
For medi vision: date and time of the scan, software version of the app, measurement data and circumferences up to the waist, 3D model (file with anonymised (or randomised) name)
You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.
Right of access:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.
Right to erasure:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.
Right to restrict processing:
You can ask us to restrict the processing of your data if
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
- the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
- you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and that such processing is carried out using automated procedures. If technically feasible, you may request us to transfer your data directly to another representative.
Right to object:
If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right to appeal:
If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.
If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.
All interested parties and visitors to our website can contact us with questions about privacy at: email@example.com