Privacy policy

Data Privacy policy - valid from 24.06.2018

Compliance with the European data protection regulations is very important to AUROSAN GmbH (hereinafter "we"). As part of our business contact, we would like to inform you about how we process your personal data and what contact options there are for questions about data protection. Our privacy policy and our terms and conditions can also be found at

AUROSAN GmbH, as the responsible, has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via our Internet pages. Nevertheless, Internet-based data transmission can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.


1. Data processing to fulfill the contract concluded between you and us (Art. 6 Para. 1 lit. b of the GDPR)
Data processing for the fulfillment of the contract concluded between you and us (Article 6 (1) (b) of the DS-BER)) Responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection legal character is AUROSAN GmbH, Frankenstr. 231, D-45134 Essen, Germany; Tel .: +49 (0) 201 21961-701, E-Mail: service [at], Website:

In order to fulfill the existing or an emerging contractual relationship between us (while always applying our General Terms and Conditions), to provide services owed and to send you contract documents, we as well as third parties or processors commissioned by us will process the following data from you, provided you do so at the time of contracting or in the course of the business contact: -personal information (name, address, telephone, fax number, e-mail address, homepage), bank details (IBAN, bank, account holder) and payment information (payment transaction data, payment history) - Information about the services purchased (articles with batches, quantities, date of receipt, related device data, training and further training certificates), qualifications, your range of services to third parties, association memberships, -the purchase of samples and service materials.


2. Data processing based on our legitimate interests (Article 6 (1) (f) of the DS-GVO) - Information on products and services
Our goal is to establish, maintain and evaluate the customer relationship with you and to provide you only with relevant and optimized information about our products and services. For this purpose, we use your customer, contact, payment, reference and contract history with us. If you also provide us with information about your infrastructure and resources (company data, equipment & tooling, employee data and qualification, training plans, range of
services, quality management ("QM"), methods, etc.), we will also use these for the above described purposes. Furthermore, we use our own market research information about the nature and duration of our contractual relationship. We also want to measure and evaluate interest in certain products or services for other customer groups. In addition, we use the data described under 1. and 2.1 in order to translate products and services of interest to you in an analytically derived order and to be able to offer them to you based on the results. In addition, we use data from external sources and connect them with your data (data processing). We use reference features and resource information to provide you with product or service recommendations for business-optimized processes and methods, taking into account QM requirements. In order to avoid duplication, we compare your customer data with our contact database.


3. Data use based on your consent (Article 6 (1) (a) of the DS-GVO)
Data use based on your consent (Article 6 (1) (a) of the DS-GVO) In the case of a promotional approach for product or service information beyond the existing business relationship, we will only contact you subject to the mailing via the communication channels in which you have consented. We use your information for the following purposes: -Quality Assurance: To continuously improve our services, products and services to you, we conduct surveys on your satisfaction, recommendations, experiences and needs; - New offers: If your contract with us ends, or if we include new products or services in our portfolio, we will contact you for an offer if we assume an interest on your part; -General and personalized advertising; -Billing and remittance also by fax or email depending on your preference; -Sample shipment according to your request by letter, email, internet contact form or telephone - If you have given us a SEPA direct debit mandate, we will use your bank details and collect outstanding amounts in accordance with the terms of our contract.


4. Obligation to provide the data
The provision of company name, name, address (each, for invoice and delivery) and fax or email, qualification, entitlement to purchase is mandatory in order for a contract to be concluded. All other information is voluntary.


5. Receivers of data and data sources

5.1 Categories of recipients of data
To the extent permitted by law (as described in 1., 2. and 3. above), we provide personal information to Aurosan Group companies and external service providers: - Companies of the AUROSAN Group to carry out your contract and for the reporting; - Distributors and service providers for specific agreement, conclusion, execution, and for product shipping, and after termination of the contract for commission purposes. These include, in particular, public authorities, parcel and postal service
providers as well as medical device manufacturers or specialized service providers in the context of repairs or QM-related notifications of devices and other medical devices and to drugs, in accordance with the applicable Medical Device Law, or the (German) Medical Device Operators Guideline, or in accordance with the reporting obligations resulting from the German Medicines Act (AMG und its Guidelines); - If the delivery of a product is based on the submission of a prescription, we pass on the data for billing purposes to a data center commissioned by us or to the responsible health insurance company. If we have received the data from a doctor, it is his / her responsibility to inform the patients that their personal data have been forwarded to us as part of the order processing. - leasing companies, credit bureaus and scoring providers for credit information, financing decisions and credit risk assessment; - credit institutions and providers of payment services for settlement and settlement of payments; - IT service provider to maintain our IT and communications infrastructure. - Public bodies only in justified cases (eg social security funds, health insurances, tax authorities, supervisory authorities); - debt collection service providers and lawyers to collect claims and enforce claims in court. If, in the collection case, personal data (customer and contact details, payment and claim data) are transferred to a collection service provider, we will inform you in advance of the intended transfer.

5.2 Data sources
We process personal data that we have received from you as part of our business relationship. As far as it is necessary for the provision of our services, we process personal data, which we legitimately gain from publicly available sources (trade, association or association register, press, internet) or which we receive legitimately from other companies of the AUROSAN Group or other third parties ( eg credit agency or address service provider).

5.3 Data insight into personal data of third parties through order processing
Data access to personal data of third parties through order processing Should you give us access to personal data of third parties within the framework of our services (e.g. by not having deleted patient data in a device to be serviced, via screen linking via TeamViewer or another CLOUD service of your choice to your PC, via patient recipes or as part of QM support service), as a contractor, we will process this data only within the purpose and time frame of our contract work and as directed by you as the client. As contract taker, we are taking appropriate technical and organizational measures to adequately protect the data of our clients thus meeting the legal requirements. Data secrecy as well as potential professional confidentiality obligations will be respected and the data will be corrected or deleted according to the client's written instructions. As contractor, we as contracting authority will hand over to you all personal data of third parties obtained from you before, processing results as well as databases that are related to the contractual relationship, immediately after fulfillment of the contract or as requested, or after your prior approval, as client destroy such data in compliance with applicable data protection law. The deletion log will be submitted on request. A right of retention is excluded. Documentations serving as proof of orderly and proper data processing must be kept
by us as contractor in accordance with the applicable retention periods beyond the end of the contract.

5.4 Data transmission through the use of our websites, FTP servers or web shops

5.4.1 General. Use of websites and webshops
The use of our web pages is usually possible without providing personal data. As far as personal data (eg name, address or e-mail addresses) are collected on our websites or webshops, this is always done on a voluntary basis. These data will not be disclosed to third parties without your explicit consent. If you send us inquiries via a contact form, your details from the inquiry form will be sent in an encrypted format to us and will be stored with us including the contact details you provided there for the purpose of processing the request and in case of follow-up questions. We will not share this information without your consent. Server-Log Files: When using our websites or webshops, certain information is collected and automatically being stored in so-called server log files, which your browser automatically sends to us. This information includes: browser type / browser version, operating system used, referrer URL, host name of the accessing computer, time of server request. These data cannot be related back to distinct persons. A merge of this data with other data sources will not be done by us. We reserve the right to check this data retrospectively, if we become aware of indications for illegal use.

5.4.2 Cookies
Some of our internet pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies, or may allow the use of cookies only case by case, or the acceptance of cookies for certain cases or generally exclude and activate the automatic deletion of cookies when closing the browser. Disabling or disallowing the use of cookies may limit the functionality of the Websites.

5.4.3 Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). Use includes the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices. Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the respective website. The information generated by the cookie about your use of our web pages is usually transmitted to a Google server in the US and there saved. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand and within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. On behalf of the
operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. In these purposes, our legitimate interest lies in the data processing. The legal basis for the use of Google Analytics is § 15 para. 3 TMG or Art. 6 para. 1 lit. f DSGVO. The data sent by us and linked to cookies, user IDs (eg user ID) or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month. For more information about Terms of Use and Privacy, please visit or

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do so, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by using the browser add-on ( Opt-out cookies prevent the future collection of your data when visiting our websites. To prevent Universal Analytics tracking across devices, you must opt-out on all systems you use.

5.4.4 Privacy Policy for Use and Use of Facebook
We have integrated on our website components of the company Facebook. Facebook is a social network. A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Each visit to one of the individual pages of this website, which is operated by the Responsible and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned automatically by the respective Facebook Component causes a representation of the corresponding Facebook component of Facebook to download. An overview of all Facebook plug-ins can be found at As part of this technical process, Facebook receives information about which specific sub-website of our website is visited by the person concerned. If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website the data subject and duration of the respective stay on our website, which specific sub-website has been visited. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the person concerned makes a comment, Facebook assigns this information to the user personal data of the person concerned and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website. The data policy published by Facebook, which is available at, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject. In addition, different applications are available, which make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook

5.4.7 Links to Third-Party Sites Links to other
Third-party websites refer to web content that we considered relevant at the time of hyperlinking. These linkings themselves do not cause transfer personal data without
your consent. For the content and the accuracy or completeness of the content of hyperlinked third-parties`websites, we assume no reponsibility and no liability.

5.4.8 FTP-Server
For certain services, we set up an FTP server on your behalf, through which we exchange data with you. This data will not be disclosed to third parties.

5.4.9 Subscription to our newsletter and newsletter trackingThe AUROSAN website gives users the opportunity to subscribe to our company newsletter. The transmitted personal data to the data controller are those from the input mask used when the newsletter is ordered. AUROSAN informs its customers and business partners at regular intervals by way of a newsletter about company offers and news. The newsletter of our company can only be received by the requiring person if (1) this person has a valid email address and (2) he/she registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by the requiring person for the first time using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address has authorized the receipt of the newsletter. When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to check the (possible) misuse of an affected person's e-mail address at a later date and therefore serves as legal safeguards for the controller. The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller's website, or to inform the controller in a different way. Newsletter tracking The newsletters of AUROSAN contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, the AUROSAN can detect if and when an e-mail was opened by an affected person and which links in the e-mail were called by the person concerned. Such personal data collected via the counting pixels contained in the newsletters will
be stored and evaluated by the controller in order to optimize the delivery of newsletters and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Affected persons are at any time entitled to revoke the separate declaration of consent made via the double-opt-in procedure. After revocation, this personal data will be deleted by the controller. A deregistration from the receipt of the newsletter, will be by AUROSAN automatically interpreted as a revocation.

5.5 Transfer of data to a third country
Data transfers to countries outside the European Union and the European Economic Area ("Third Countries") may arise in the context of the management, development and operation of IT systems as well as international shipments. The following must be given: - The transmission is basically permissible because a legal permission requirement is fulfilled, or because you, for example, have consented to the data transmission through a contract, and - the specific conditions for transfer to a third country are met. In doing so, we ensure that your data is adequately protected in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries.


6. Opposition to advertising Mails
The use of our contact data published in the context of our imprint obligation for the transmission of not expressly requested advertising and information materials is hereby contradicted. We expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam e-mails.


7. Data Protection Officer
Data Protection Officer of AUROSAN GmbH is Ms. Juana Soler Lluesma. You can reach her at:
Aurosan GmbH - Data Protection Officer
Frankenstrasse 231
D-45134 Essen
Or by email: service [at]


8. Storage duration and criteria for determining the duration
We will retain your information for the duration of the existing contract and after the contract has been terminated with you for the duration of the statutory periods under financial and regulatory regulations, quality management guidelines and medical and pharmaceutical legislation. If statutory retention periods exist, we are obliged to save the data until the expiration of these periods and only then to delete them. For promotional purposes we store your data until you object to a use, you revoke your consent, or a promotion is no longer legally permitted. We will store your other data as long as we need it to fulfill the specific purpose (for
example, to fulfill the contract or to process it) and delete it after the purpose is fulfilled.


9. Information about your rights as a data subject
The processing of your data is performed under the responsibility of AUROSAN GmbH (Frankenstr. 231, 45134 Essen), unless stated otherwise. You may request information about the data stored about you, and you may request correction in case of errors in writing at any time. Furthermore, you may demand in writing the limitation of the processing, the transferability of the data provided to us by you or the deletion of your data - if they are no longer needed or their deletion does not withstand other legal regulations. In addition, you have the right at any time to object in writing to the use of your data based on public or legitimate interests. As far as we process your data on the basis of your consent, you can revoke this consent at any time with effect for the future. From the receipt of your written withdrawal, we will no longer process your data for the purposes stated in the context of the revoked consent. Your revocation or an opposition to advertising should be addressed in writing to: AUROSAN GmbH, Frankenstr. 231, 45134 Essen, or by email to: service [at]


10. Right to complain to the supervisory authority
You can also contact a supervisory authority at any time with a complaint. For us, the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, PO Box 20 04 44, 40102 Dusseldorf, represents the supervisory body. Alternatively, you can go to your local regulatory authority.