Privacy Policy

The protection of your privacy as well as the security of all patient and business data during the processing of personal data is an important concern for us, which we consider in our processes. Here we inform you in detail about how we handle your data.

Controller according to Art. 4 para. 7 EU-General Data Protection Regulation (GDPR)

herpa tech GmbH
Unterer Hellweg 3
32584 Löhne
Phone: +49 (57 32) 911 75 80

Data protection officer of the controller

The data protection officer can be reached at:

1. Rights of the data subject (Art. 15. GDPR)

In the following, we will inform you about your data subject rights. You can exercise these rights at any time and therefore contact us directly. If you request these rights from us, we will examine them in detail, considering the associated legal requirements and conditions. If necessary, we will request further information from you. We will explain the results of our examination and our procedure for fulfilling your request to you in detail. In the process, it is possible that we will not be able to fully comply with your requests in the way you would like.
This should not prevent you from claiming your rights from us or from asking us about them. We will be happy to answer any questions you may have.

a) Right of access (Art. 15 GDPR

In accordance with the law, you have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of processing, if applicable, recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge a reasonable administrative fee for making the following copies.

b) Right of rectification (Art. 16 GDPR)

You have the right to request us to correct any inaccurate data we have stored about you. This also includes the right to have incomplete personal data completed.

c) Right to erasure (Art. 17 GDPR)

You have the right to request us to delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" pursuant to Article 17 (2) of the GDPR, to forward your request to delete all links to this data and copies or replications of this data to other controllers of this published personal data, considering available technology and implementation costs.

d) Right to restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict the processing of data that we have stored about you. After that, processing of this data is only possible with your consent or for a few legally defined purposes.

e) Right to object to processing (Art. 21 GDPR)

Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection via the contact channels listed above.

f) Right to revoke consent under data protection law (Art. 7 GDPR)

If you have given your consent to the processing of your data, you may revoke it at any time in accordance with Article 7 (3) of the GDPR. Such revocation affects the permissibility of processing your personal data after you have expressed it to us.

g) Right to data portability (Art. 20 GDPR)

You have the right to receive from us personal data that you have provided to us in a structured, common and machine-readable format for the purpose of transferring it to another controller. At your request and taking into account the available technical possibilities, this also includes direct transfer from us to the other responsible party.

h) Right of appeal to a supervisory authority (Art. 13 GDPR)

You have the right to lodge a complaint about our processing of data relating to you with a data protection supervisory authority at any time. The competent supervisory authority is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, Germany.

i) Automated decision-making including profiling (Art. 22 GDPR)

You have the right to obtain information about the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

2. legal basis for the processing of personal data (Art. 6 GDPR)

(1) Insofar as we obtain the consent of the data subject for processing operations involving personal data, this shall be based on the legal basis of Art. 6 (1) a of the EU General Data Protection Regulation (GDPR).

(2) When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

(3) Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR-serves as the legal basis.

(4) In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR shall serve as the legal basis.

(5) If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.

3. information about the collection of personal data

(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behavior.

(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

Collection of personal data when visiting our website

In the case of mere informational use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR):

  • IP-Address
  • Hostname
  • Date & Time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes (referrer)
  • The specific pages of our website that you called up
  • Browser: Type, version and set language
  • Operating system: type and version
  • With JavaScript enabled moreover:
  • Screen resolution
  • Color depth
  • Browser window size
  • Installed browser plugins

4. Data deletion and storage duration

(1) The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage expires.

(2) Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject.

(3) Data shall also be blocked or deleted if a storage period prescribed by the standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

5. Further functions & offers of our company website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must usually provide additional personal data that we use to provide the respective service and for which the data processing principles apply. Mandatory data is marked with an asterisk. Information in fields not marked in this way is purely voluntary.

(2) When you contact the service provider by e-mail, your e-mail address and, if you so indicate, your name, telephone number and [...] will be stored by us to answer your questions.

(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.

(4) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.

(5) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

6. e-mail-based information services

1. newsletter / press distribution list

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

(3) Only your e-mail address is required for sending the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

7. Cookies, Web Analytics & Third-Party Services

Cookies are small files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective.

The legal basis for the use of locally deployed web analysis tools is Art. 6 para. 1 p. 1 lit. f GDPR, i.e., the protection of our legitimate interests in consideration of the interests of our website visitors. Our interest is the analysis of the use of our website by our website visitors, to improve our offer and to make it more interesting for you as a user. If the analysis tool used also serves other purposes or we use it for other interests, we will inform you about this directly in the explanations for the respective analysis tool.

The legal basis for the use of third-party providers to perform web analytics is based on Art. 6 para. 1 p. 1 lit. a.

8. Technologies used


a) Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

b) Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

c) Restriction of Processing
The marking of stored personal data with the aim of limiting their processing in the future.

d) Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

e) Pseudonymisation
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f) Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

g) Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h) Consent
The data subject any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

Version: 2022-01-20

Find out more about material identification with RFID