Data protection

Data protection statement under the EU General Data Protection Regulation


The following information provides an overview about our processing of personal data and our customers’ rights under data protection law. What specific data are processed and how they are used largely depends on the specific services that are utilized.


Please also share the information with current and future authorized representatives and those with financial authority, as well as any others obligated under business relationships with us.


I. Controller for data protection and Data Protection Officer

The controller is:
plus medica GmbH & Co. KG
Willstätterstraße 13
40549 Düsseldorf
Phone: +49 211/ 54 59 08 80


You can reach our Data Protection Officer at:
plus medica GmbH & Co. KG
Willstätterstraße 13
40549 Düsseldorf
Phone: +49 211/ 54 59 08 80


II. Sources and data used


1. Personal data
We process personal data which we receive from our customers in the course of our business relationship. Where necessary, we also process personal data which we have lawfully received from other companies or other third parties (e.g., to carry out orders, satisfy agreements, or based on consent given). In addition, we process personal data which we have lawfully received from publicly available sources (e.g., land registers, commercial registers, business registers, press, media, Internet) and are permitted to process.

Relevant personal data may include:
Name, address and other contact information (telephone, e-mail address), date of birth, place of birth, sex, nationality, marital status, legal competence, professional group key, type of partner (dependent/independent), residential status (rent/own, identification information, authentication information, taxpayer ID, SCHUFA score.

In addition to the data named above, other personal data may be collected, processed, and stored when concluding agreements and using our products or services.


Such data essentially include:

2. Anonymized data
For statistical analysis purposes information is collected, stored, and utilized when visiting this website regarding your IP address, time and date of access, the previously visited website (referrer URL), the type and version of browser used, and operating system version. This collected data are anonymized and used exclusively to optimize our website as well as analyzed for statistical purposes. We reserve the right to create pseudonymized usage profiles.


3. Cookies and access data
Cookies are text files that are stored on your hard drive for a certain length of time when visiting a website or accessing a service (such as a plug-in). If you visit the website again, the cookie notifies the server that there was already a connection with that PC, along with other data stored in the cookie (such as a unique cookie ID). The server can exploit the information so obtained. Cookies are intended to control ad displays or improve navigation on the website.

We use cookies on our website to optimize presentation and so that we can offer certain services (including from third parties, see item 5). You can restrict or prevent the use of cookies through your browser settings. Please note that some of the website functions will then be limited or no longer be available.

By using our website you give your consent for the collection, processing, and utilization of your data in the described manner and for the named purpose, including by the indicated third-party providers.


4. Third-party services and content
It is possible for third-party content to be integrated, for instance videos on YouTube, map information from Google Maps, or graphics from other websites.

This always requires that the providers of that content (referred to hereinafter as “third-party providers”) perceive the user’s IP address since without the IP address the content cannot be sent to the particular user’s browser. The IP address is therefore required for presentation of this content. We have no control over whether the third-party providers store your IP address and other information (e.g., for statistical purposes). Please see the data protection information of the various listed third-party providers for this information.

Third-party providers may be replaced over the course of time; likewise, third-party providers may be removed or added. The respective published version of the data protection statement applies at all times.


a) Facebook/LinkedIn/XING
We refer by hyperlink to the content of our Facebook profiles on the Facebook social network (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA).

You can identify our links to content concerning the Facebook service by the corresponding label. When you click the link a connection is established between your browser and the Facebook server. This gives Facebook the information that you visited our site with your IP address. If you click the Like button on the Facebook site while logged in with your Facebook account, the relevant content on our website becomes linked to your Facebook profile and matched to your account. According to information from Facebook, only an anonymized IP address is stored in Germany. Additional information can be found in Facebook’s data protection statement (

If you do not want Facebook to be able to match the visit to our Facebook page to your Facebook user account, please log out of your Facebook user account beforehand.

More information on Facebook’s collection and use of the data, your related rights, ways to protect your privacy can be found in Facebook’s data protection information at

There are also various tools by third-party producers that can block Facebook content using a browser add-on. More information is available online at (click on “Facebook Blocker”).


III. Purpose of data processing and legal basis
We process the personal data named above in conformance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Data Protection Law (BDSG):


1. To satisfy contractual obligations (GDPR Art. 6 [1] [b])
Personal data are processed in order to provide goods and services in connection with implementing our agreements with our customers or to carry out pre-contractual steps in response to inquiries by our customers.

The purpose of the data processing depends on the concrete contractual conditions concerning goods and services, and may include needs analysis, consulting, and performing contractually agreed services, among other things. Further details on the purpose of the data processing can also be found in the particular contractual documents and terms and conditions.


2. In the course of weighing different interests (GDPR Art. 6 [1] [f])
If necessary, we also process data beyond actual fulfillment of the agreement in order to preserve our justified interests or those of third parties. For example:

- Consultations from and exchange of data with information bureaus
- Procedures for needs analysis and direct customer messaging
- Advertising or market and opinion research, unless the customer objects
- Asserting claims and defense in legal disputes
- Ensuring IT security and IT operations in our company
- Preventing criminal activity
- Building and plant security measures (e.g., access controls)
- Steps to enforce property rights
- Steps for business control and further development of services and products
- Risk control in the corporate group


3. Based on consent given (GDPR Art. 6 [1] [a])
Where we have been given consent to process personal data for certain purposes (e.g., sharing data within the corporate group), the lawfulness of such processing is based on the consent. Once given, consent may be revoked at any time. This also applies to revoking statements of consent given to us before the EU General Data Protection Regulation took effect, i.e., before May 24, 2018. Note that the revocation is only effective for the future. It does not affect processing that occurred before the revocation. A status summary of consent statements given to us can be requested at any time.


4. Based on legal requirements (GDPR Art. 6 [1] [c]) or in the public interest (GDPR Art. 6 [1] [e])
We also process personal data where required by law. This includes such requirements as age and identity verification, fraud and money laundering prevention, fulfilling tax controlling and reporting requirements, and evaluating and controlling risks in our own company.


IV. Data access and sharing
Within our company, offices have access to data that need it in order to satisfy our contractual and legal obligations. Service providers and agents we use may also receive data for these purposes if they conform to our written data protection instructions. These are largely companies in the categories listed below.

We fundamentally treat the data we collect as confidential. We will share information about our customers and their data only if legal regulations require it, the customer has given consent, or commissioned processors we hire guarantee compliance and conformity with the specifications of the EU General Data Protection Regulation/the German Data Protection Law.

On these conditions recipients of personal data may, for instance, include:

- Public offices and institutions such as financial regulatory agencies if there is a legal or regulatory requirement

- Affiliated enterprises, comparable institutions, and commissioned processors with whom we share personal data to conduct the business relationship with our customers. Specifically: support/maintenance of data processing/IT applications, archiving, document processing, call-center services, compliance services, controlling, data screening, data destruction, purchasing/procurement, collection, customer management, lettershops, marketing, media technology, reporting, research, risk controlling, billing, telephony, website management, financial auditing services, payment processing.

Data recipients may also include offices for which we have received consent to share data.


V. Sending data to third countries or international organizations
Data are transmitted to countries outside the EU or EEA (so-called third countries) only when this is necessary in order to carry out orders we receive, when it is legally required (e.g., tax reporting requirements), when we were given consent, or as part of commissioned data processing. If service providers are used in the third country, they are required to conform to the level of data protection in Europe through agreement of the EU standard contracting clauses in addition to written instructions.


VI. Length of data storage
We process and store personal data as long as necessary for fulfillment of our contractual and legal obligations. That may be a period of several years in case of long-term obligations.

If the data are no longer needed for fulfilling contractual or legal obligations, they are regularly deleted unless it is necessary to continue processing them for a limited time for the following purposes:

- To satisfy storage requirements under commercial or tax law, for instance the commercial code, fiscal code, money laundering law, etc. The storage and documentation periods specified there range from two to ten years.

- To preserve evidence within the bounds of time limitation regulations. Under Sections 195ff. of the German Civil Code, these limitation periods can be as long as 30 years, though the regular limitation period is three years.


VII. Data protection rights of data subjects
Each data subject has a right of information under GDPR Art. 15, the right of correction under GDPR Art. 16, the right of deletion under GDPR Art. 17, the right to restrict processing under GDPR Art. 18, the right to object under GDPR Art. 21, and the right of data portability under GDPR Art. 20. The rights of information and deletion are governed by the limitations set forth in BDSG Sections 34 and 35. In addition there is a right to file grievances with a data protection authority (GDPR Art. 77 in conjunction with BDSG Section 19).

Once given to us, consent to process personal data may be revoked at any time. This also applies to revoking statements of consent given to us before the EU General Data Protection Regulation took effect, i.e., before May 24, 2018. Note that the revocation is only effective for the future. It does not affect processing that occurred before the revocation.


VIII. Duty to make data available
As part of a business relationship, the customer must make the personal data available which we need to begin and implement a business relationship and meet the associated contractual obligations, or which we are legally required to collect. Without such data we must reserve the right to decline to conclude the agreement and carry out an order, or to stop implementing and possibly terminate an existing agreement.

Particularly under legal regulations to combat money laundering, there may be a requirement to identify our customers and business partners before establishing a business relationship, for instance using the personal ID card, and to collect and record the name, date and place of birth, nationality, and home address. To satisfy this type of legal obligation, our customers are required by Section 4 (6) of the Money Laundering Act to make the necessary information and documents available to us and to promptly notify us of any changes occurring in the course of the business relationship.


IX. Automated decision-making
Pursuant to GDPR Art. 22 we fundamentally do not use a fully automated decision-making process when establishing and implementing the business relationship. If we use such methods in an individual case, we will give separate notice in advance where required by law.


X. Profiling
We process data in a partially automated process with the goal of rating certain personal aspects (profiling). For instance, we use profiling in the following cases:

- Based on legal requirements, for instance to combat money laundering and fraud. Data analysis may also be performed in the process (including payment transactions); such steps also serve to protect our customers.

- We use analysis instruments to provide targeted information about products and for consulting. These allow communication and advertising appropriate for the need, including market and opinion research.


XI. Right of objection under GDPR Art. 21

1. Right of objection for an individual case
You have the right to object, due to reasons resulting from your special situation, to the processing of personal data relating to you that is performed on the basis of GDPR Art. 6 (1) (e) (Data processing in the public interest) and GDPR Art. 6 (1) (f) (Data processing on the basis of weighing different interests); this also applies to profiling based on this provision within the meaning of GDPR Art. 4 (4).

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons requiring protection for the processing that outweigh your interests, rights, and freedoms, or unless the processing serves the purpose of asserting, exercising, or defending legal rights and claims.


2. Right of objection to data processing for advertising purposes
In individual cases we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to the processing for direct advertising purposes, we will no longer process your personal data for those purposes.

The objection does not require a specific form and should be lodged by telephone if possible at telephone number 0211/ 58 58 81-180, or alternatively may be filed in our offices.


This website uses cookies.

We use cookies on our website. Some cookies are necessary, while other unnecessary cookies help us to improve our online services and to operate them economically (for example, the web analysis tool Matomo). By clicking on the "Accept" button, you consent to the use of both necessary and unnecessary cookies. By clicking on the "Accept only necessary cookies" button, you refuse to use unnecessary cookies. You have the option of accessing these settings at any time and deselecting cookies subsequently at any time. You will find more detailed information in our data protection declaration.

Cookies are small text files that are used by websites to make the user experience more efficient.
According to law, we may store cookies on your device if they are absolutely necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
You can change or revoke your consent at any time from the cookie statement on our website.
Read our privacy policy to learn more about who we are, how you can contact us and how we process personal information.

Your consent applies to the following domains:

Your current status: Use only necessary cookies.


Change your consent

The Cookie declaration was last updated on 12.11.2019 by Cookiebot:

Necessary (1)

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

CookieConsentCookiebotStores the user's consent status for cookies on the current domain.1 YearHTTP Cookie

Marketing (6)

Marketing-Cookies werden verwendet, um Besuchern auf Webseiten zu folgen. Die Absicht ist, Anzeigen zu zeigen, die relevant und ansprechend für den einzelnen Benutzer sind und daher wertvoller für Publisher und werbetreibende Drittparteien sind.

yt-remote-cast-installedYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.SessionHTML Local Storage
yt-remote-connected-devicesYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.PersistentHTML Local Storage
yt-remote-device-idYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.PersistentHTML Local Storage
yt-remote-fast-check-periodYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.SessionHTML Local Storage
yt-remote-session-appYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.SessionHTML Local Storage
yt-remote-session-nameYouTubeSaves user settings when retrieving a Youtube video integrated on other websites.SessionHTML Local Storage




XII. Webanalyse durch Matomo (ehemals Piwik)

1. Umfang der Verarbeitung von personenbezogenen Daten
Wir nutzen auf unserer Website das Open-Source-Software-Tool Matomo (, einen Dienst des Anbieters InnoCraft Ltd., 150 Willis St, 6011 Wellington, Neuseeland, zur Analyse des Surfverhaltens unserer Nutzer. Die Software setzt ein Cookie auf dem Rechner der Nutzer. Bei Cookies handelt es sich um kleine Textdateien, die lokal im Zwischenspeicher des Internet-Browsers des Seitenbesuchers gespeichert werden. Werden Einzelseiten unserer Website aufgerufen, so werden folgende Daten gespeichert:

  • Zwei Bytes der IP-Adresse des aufrufenden Systems des Nutzers
  • Die aufgerufene Webseite
  • Die Website, von der der Nutzer auf die aufgerufene Webseite gelangt ist (Referrer)
  • Die Unterseiten, die von der aufgerufenen Webseite aus aufgerufen werden
  • Die Verweildauer auf der Webseite
  • Die Häufigkeit des Aufrufs der Webseite

Die Software läuft dabei ausschließlich auf den Servern unserer Webseite. Eine Speicherung der anonymisierten personenbezogenen Daten der Nutzer findet nur dort statt. Eine Weitergabe der im Matomo-Cookie gespeicherten Informationen über die Benutzung dieser Seite an Dritte erfolgt nicht. Cookies von Matomo verbleiben auf Ihrem Endgerät, bis Sie eine Löschung vornehmen.

Die Software ist so eingestellt, dass die IP-Adressen nicht vollständig gespeichert werden, sondern 2 Bytes der IP-Adresse maskiert werden (Bsp.: Auf diese Weise ist eine Zuordnung der gekürzten IP-Adresse zum aufrufenden Rechner nicht mehr möglich.

2. Rechts­grundlage für die Verarbeitung personenbezogener Daten
Rechts­grundlage für die Verarbeitung der personenbezogenen Daten der Nutzer ist Art. 6 Abs. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung
Die Verarbeitung der personenbezogenen Daten der Nutzer ermöglicht es uns, eine Analyse des Surfverhaltens unserer Nutzer vorzunehmen. Wir sind durch die Auswertung der gewonnenen Daten in der Lage, Informationen über die Nutzung der einzelnen Komponenten unserer Webseite zusammenzustellen. Dies hilft uns dabei unsere Website und deren Nutzer­freundlichkeit stetig zu verbessern und auch unser Marketing (hierunter auch Werbung) zu optimieren. In diesen Zwecken liegt auch unser berechtigtes Interesse in der Verarbeitung der Daten nach Art. 6 Abs. 1 lit. f DSGVO. Durch die Anonymisierung der IP-Adresse wird dem Interesse der Nutzer an deren Schutz personenbezogener Daten hinreichend Rechnung getragen.

4. Dauer der Speicherung
Die Daten werden gelöscht, sobald sie für unsere Aufzeichnungs­zwecke nicht mehr benötigt werden. Dies ist der Fall nach 180 Tagen.

5. Widerspruchs- und Beseitigungs­möglichkeit
Auf dem Rechner des Nutzers werden Cookies gespeichert und von diesem an unserer Seite übermittelt. Sie als Nutzer haben daher auch die volle Kontrolle über die Verwendung von Cookies. Durch eine Änderung der Einstellungen in Ihrem Internetbrowser können Sie die Übertragung von Cookies deaktivieren oder einschränken. Bereits gespeicherte Cookies können jederzeit gelöscht werden. Dies kann auch automatisiert erfolgen. Werden Cookies für unsere Website deaktiviert, können möglicherweise nicht mehr alle Funktionen der Website vollumfänglich genutzt werden.

Es besteht die Möglichkeit eines Opt-Out aus dem Analyse­verfahren. Hierzu müssen Sie dem entsprechenden Link folgen. Auf diese Weise wird ein weiterer Cookie auf ihrem System gesetzt (Opt-Out-Cookie), der unserem System signalisiert die Daten des Nutzers nicht zu speichern. Löscht der Nutzer den entsprechenden Cookie zwischenzeitlich absichtlich oder unabsichtlich vom eigenen System, so muss er den Opt-Out-Cookie erneut setzten.


Zusätzlich verfügen die meisten modernen Browser über eine sogenannte „Do Not Track“- Option. Hierdurch wird den Webseiten mitgeteilt, Ihre Nutzeraktivität nicht zu verfolgen.

Nähere Informationen zu den Privatsphäreeinstellungen der Matomo Software finden Sie unter folgendem Link: