Data protection
1. Controller and Data Protection Officer
QUIRIS Healthcare GmbH & Co. KG
Isselhorster Str. 260
33334 Gütersloh
Germany
Data Protection Officer:
QUIRIS Healthcare GmbH & Co. KG
Data Protection Officer
Isselhorster Str. 260
33334 Gütersloh
Germany
Email: datenschutz(at)quiris(dot)de
2. General information on data processing
We generally process personal data only insofar as it is necessary to provide a functional website, our content and services, and to process orders.
Processing is carried out on the basis of the GDPR, the BDSG, and the Telecommunications-Digital Services Data Protection Act (TDDDG).
3. Collection and storage of personal data
When you access our website www.elasten.de, information is automatically sent to our server by your device's browser. This information is temporarily stored in log files. This includes: IP address, date and time of access, name and URL of the retrieved file, browser used, and operating system.
This data is technically necessary to provide the website and ensure system security.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest). Log files are usually deleted after 7 days, unless a security-related retention is required.
Our website is operated via the Shopify platform. The provider is Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify processes personal data on our behalf in accordance with Art. 28 GDPR. Data transfers to third countries (in particular Canada and the USA) may occur. Canada has an adequacy decision from the EU Commission. Insofar as data is transferred to the USA, this is done on the basis of suitable guarantees (e.g., EU standard contractual clauses).
4. Data collection for orders
When you order through our online shop, we collect the following data: salutation, first name, last name, address, email address, payment information and, if applicable, telephone number.
We process this data for contract fulfillment, delivery of goods, and communication.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).
We store billing-relevant data due to commercial and tax law requirements.
5. Payment service providers
For payment processing, we pass on personal data to the respective payment service providers. Depending on the chosen payment method, processing is carried out by:
- PayPal (Europe) S.à r.l. et Cie, S.C.A.
- Klarna Bank AB (publ)
- Stripe Payments Europe, Ltd.
- Credit card providers
In particular, name, email address, invoice amount, and payment data are transmitted. The payment service providers act as independent controllers within the meaning of the GDPR. Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment). Further information can be found in the data protection notices of the respective providers.
6. Shipping service providers
For the purpose of delivery, we transmit data (name, address, email) to the shipping service provider, usually DHL Paket GmbH, Charles-de-Gaulle-Straße 20, 53113 Bonn.
Legal basis: Art. 6 para. 1 lit. b GDPR.
7. Newsletter & Email Marketing
You can subscribe to our newsletter to receive regular information about products, promotions, and offers from QUIRIS Healthcare.
a) Registration
Registration takes place via a double opt-in procedure: After registration, you will receive an email in which you must confirm your registration.
b) Data Processing
The following are collected: name, email address, time of registration, and IP address. This data is used exclusively for sending the newsletter. The newsletter is sent via the Shopify platform (Shopify International Ltd., Ireland), which acts as a processor in accordance with Art. 28 GDPR. A transfer to third countries may occur (see section "Data transfer to third countries").
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
c) Withdrawal
You can withdraw your consent at any time - e.g., via the unsubscribe link in the newsletter or by email to datenschutz(at)quiris(dot)de. We will delete your data after withdrawal, unless there are legal retention obligations.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enable and optimize the use of our website. To manage consents, we use the consent management tool "GDPR Backpack" (Consentmo Ltd.). Consent data (time, selection, IP address) is stored to fulfill legal proof obligations in accordance with Art. 7 GDPR.
a) Necessary Cookies
These are necessary for the operation of the website (e.g., shopping cart, checkout). The storage and access to information on your device are based on Section 25 (2) TDDDG (necessary). The subsequent processing of personal data is based on Art. 6 (1) lit. b GDPR (contract/order) or Art. 6 (1) lit. f GDPR (legitimate interest), depending on the purpose.
b) Statistics and Marketing Cookies
We only use analysis and marketing tools with your express consent.
Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Withdrawal: possible at any time via the cookie/consent banner.
9. Analysis and Marketing Tools
a) Google Analytics
We use Google Analytics, a web analysis service of Google Ireland Ltd. Google uses cookies to enable an analysis of the use of the website. The IP address is anonymized (IP masking). A data processing agreement has been concluded in accordance with Art. 28 GDPR. The storage period for user and event data is 14 months.
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR.
b) Google Ads & Conversion Tracking
We use Google Ads Conversion Tracking to measure the success of our advertising. When you click on a Google ad, a cookie is set which expires automatically after 30 days.
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR.
Current information on the General Data Protection Regulation (GDPR), how Google specifically protects and processes your data, can be found at business.safety.google/privacy/. To revoke on all domains of the processing company, visit safety.google/privacy/privacycontrols/.
c) Meta (Facebook) Pixel
We use the Facebook Pixel from Meta Platforms Ireland Ltd. to measure conversions and for retargeting. We are jointly responsible with Meta Platforms Ireland Ltd. for data collection in accordance with Art. 26 GDPR. The corresponding agreement can be found at: https://www.facebook.com/legal/controller_addendum
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR.
d) Newsletter Tracking
Our newsletters may contain tracking pixels, which we use to measure open and click rates. Open rates, click behavior, and interactions are evaluated here. This allows user profiles to be created to better tailor content to your interests.
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR.
10. Order Processing and Recipients
We use service providers (e.g., hosting, shop and IT service providers, newsletter and marketing service providers, payment, shipping) who process data on our behalf as processors according to Art. 28 GDPR. Corresponding contracts exist with these service providers. The main processors include Shopify (hosting and newsletter), Consentmo ("GDPR Backpack") and, if applicable, IT and marketing service providers.
Insofar as service providers act as their own controllers (e.g., payment service providers), their data protection notices apply.
11. Storage period
We only store personal data for as long as is necessary to fulfill the respective purposes or as legal retention obligations exist (e.g., tax and commercial law periods of up to 10 years).
12. Your Rights (Data Subject Rights)
You have - provided the legal requirements are met - the following rights: Information (Art. 15 GDPR), Rectification (Art. 16 GDPR), Erasure (Art. 17 GDPR), Restriction of Processing (Art. 18 GDPR), Data Portability (Art. 20 GDPR) and OBJECTION to processing (Art. 21 GDPR).
If processing is based on your consent, you can withdraw this at any time with effect for the future (Art. 7 para. 3 GDPR).
To exercise your rights, simply send a message to datenschutz(at)quiris(dot)de.
13. Right to complain to the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) is responsible for us.
14. Data Transfer to Third Countries
Some recipients (e.g., providers of analysis and marketing tools) may also transfer personal data to countries outside the EU/EEA (e.g., USA). In these cases, the transfer only takes place if the requirements of Art. 44 ff. GDPR are met, e.g., on the basis of EU standard contractual clauses and, if applicable, additional protective measures or - where applicable - on the basis of an adequacy decision (e.g., EU-US Data Privacy Framework).
15. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy from time to time to comply with changed legal or technical conditions. The current version can always be found on our website.
