Privacy policy
1. Person in charge
The m-Beteiligungsgesellschaft mbH, Karl-Liebknecht-Straße 14, 04107 Leipzig („memoresa“, „we“, „us“) is the controller for the processing of your personal data.
2. Informational use of our store and websites
When you access our website, our system automatically collects so-called log files, whereby the following personal data are processed:
- IP address of the requesting computer
- Type of the Internet browser used
- Language of the Internet browser used
- Version of the Internet browser used
- Operating system and its version
- Operating system interface
- Pages accessed
- Date and time of visit
- Time zone difference from Greenwich Mean Time (GMT)
- Access status/http status code
- Amount of data transferred
- Success or error of the loading process
- Referrer
- Websites accessed by the visitor’s system through our website
- Internet service provider of the user
The processing of the above data is necessary for the provision of our website. The processing of this data is carried out in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate interests in offering you our services via our website and protecting our IT infrastructure from attacks. The log files contain your IP address, but IP addresses are not stored by us as long as you do not log in or register on the portal.
For hosting our website, we use the services of Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy,L-1855 Luxembourg (hereinafter: „AWS“). AWS processes your personal data based on our instructions and on the basis of a contract processing agreement. Since a transfer of personal data to third countries (i.e. countries outside the European Union and the European Economic Area), including the USA, cannot be excluded, we have agreed on standard contractual clauses with AWS pursuant to Art 46 (2) lit. c DSGVO. The standard contractual clauses relevant for the relationship between controller and processor are available here. In addition, AWS provides an „Addendum“ to the Order Processing Agreement with additional safeguards for handling requests from government agencies to AWS, which can be found here.
3. Use of Offerings on the Websites
a) Newsletter (via rapidmail)
We offer on our website that you sign up for our newsletter free of charge. For this, we need your e-mail address in addition to your declaration of consent. Other information, such as your name, is voluntary and is used to address you personally. We will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose by clicking on the link provided for this purpose. This is to ensure that only you can subscribe to the newsletter. Your confirmation in this regard must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database. The legal basis for the newsletter dispatch as well as voluntary additional information is Art. 6 (1) lit. a DSGVO. By sending the newsletter registration, you agree to the processing of your data by us. In addition, we store the time (date and time) of transmission of your data to us, as well as your IP address within the scope of your newsletter registration. The processing of this data corresponds to our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO, in order to ensure the security of our systems and to counteract misuse. Your data will be processed exclusively in connection with the sending of newsletters. The purpose of processing your e-mail address is to enable us to send you the newsletter. Further data within the scope of the registration process serve either to address you personally or also to ensure the security of our services and to prevent misuse of the e-mail address used. Your data will only be stored for as long as is necessary to achieve the purpose. Your e-mail address will therefore be stored for the period of your active newsletter subscription if you have given your consent for this. The data that we additionally collect automatically during your subscription (IP address, date and time) will be deleted at the latest when you end your newsletter subscription.
b) OPPOSITION / Unsubscribe from newsletter
You can unsubscribe or cancel our newsletter at any time. You will find the link to do so at the end of each newsletter. By doing so, you revoke your consent or object to any further use of your data for the purpose of sending the newsletter. We use the „rapidmail“ service of rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany (hereinafter „rapidmail“). We have concluded an order processing agreement with rapidmail. With rapidmail, we can evaluate our newsletters. We receive information about openings, clicks, unsubscribes and bounces. The opening rates are recorded using a tracking pixel, which is integrated as a small graphic in the newsletter. Is. If you actively reload external content in your email program, the tracking pixel is loaded and we learn about the opening. Through the links included in the newsletter, we can track whether the link was clicked. This helps us to improve our content and send you newsletters that are as helpful as possible. You can OPPOSE tracking at any time by clicking the separate unsubscribe link provided in each email and unsubscribing from the newsletter.
c) Contacting us by email, phone or fax
You have the option to contact us by email or telephone When we communicate with each other, we process your personal data for this purpose. The data is processed exclusively to handle your contact and to resolve your request. The legal basis for processing your personal data is Art. 6 (1) lit. f DSGVO. The data will be stored until they are no longer necessary to achieve the purpose of the conversation with you and the concern of your contact has been comprehensively clarified. If your contact aims to conclude a contract with us, the additionallegal basis for the processing of your personal data is Art. 6 (1) lit. b DSGVO. This data is stored for as long as it is necessary for the performance of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) lit. c DSGVO). In addition to the data that you voluntarily provide to us, we may receive the time (date and time) of transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) lit. f DSGVO) to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, will be deleted as soon as it is no longer needed, at the latest when the matter of your contact has been comprehensively clarified. You can inform us at any time (see above Number 1) that we should delete the data communicated during the conversation. In this case, as far as permissible, all personal data of the conversation will be deleted and a continuation of the conversation is not possible.
4. Processing of your data in connection with the order of the emergency card
4.1 Printing your emergency card
For the production and provision of your emergency card and digital, the processing of the following of your personal data is required:
- First name, last name
- Email address
- Address (to send you the card and activation code)
- Medication intolerances (e.g. penicillin) (optional)
- Name of your emergency contact
- Phone number of your emergency contact
4.2 Your digital emergency page
On your digital emergency page, you may voluntarily provide the following personal information:
- Diseases (e.g., diabetes, asthma, clotting disorders, cardiac arrhythmias)
- Blood group
- Medications (e.g., insulin, anticoagulants, cortisone)
- Allergies (e.g., pain relievers, antibiotics, contrast media)
- Information on pregnancies, pacemakers, dialysis
- Information on previous illnesses
- Other emergency contacts
- Relevant documents such as vaccination card, organ donor card, implant card, health care proxy and living will
- Emergency notes
4.3 Purposes of processing
We process your personal data for the following purposes:
- We process your email address to send you your order confirmation and an email with a link to activate your digital emergency page after you have ordered your emergency card. In addition, we will contact you via your email address if this becomes necessary in connection with the performance of the contract. If you have given us consent to send you our newsletter, we will use your personal data to send you our newsletter.
- We need your address to process your order; in particular, to send you the emergency card including activation code and to issue your invoice.
- In addition, we process your name, incompatibilities as well as the name and telephone number of your emergency contact for printing this information on your personalized emergency card.
- For the rest, we process/store your personal data to provide your digital emergency page via QR code. You can voluntarily add or delete your information there at any time. We link your personalized digital emergency page to a QR code that medical professionals can read in an emergency to view all relevant information. In doing so, you yourself determine which information should be accessible via the QR code on your emergency card.
4.4. legal basis
The processing of your personal data is carried out for fulfillment of the contract with you, if you yourself as a natural person are our contractual partner (Art. 6 para. 1 lit. b DSGVO). Information about your intolerances/allergies, blood group, diseases, pregnancies, pacemakers, dialysis and vaccinations, etc. is health data and therefore special category personal data within the meaning of Art. 9 (1) DSGVO. By ordering your emergency card and by activating/filling out your digital emergency page, you expressly consent to us processing your data. We therefore process your health data on the basis of your consent (Art. 6 para. 1 lit. aDSGVO in conjunction with Art. 9 para. 2 lit. a DSGVO). You have the right to revoke your consent at any time. The lawfulness of the processing until the revocation is not affected by this. In order to comply with trade and tax law obligations, we store relevant business documents(e.g. invoices), which may contain personal data, for the duration of the statutory period of 10 years from the end of the calendar year in which the invoice was issued. The legal basis for the storage of your personal data is Art. 6 para. 1 p. 1 lit. c DSGVO in conjunction with § 257 HGB and § 147 AO).We process the personal data (first name, last name, telephone number) of your emergency contacts to protect your vital interests (Art. 6 para. 1 lit. d DSGVO); furthermore, due toour legitimate interest (Art. 6 para. 1 lit. f DSGVO) to offer you the emergency card and emergency page with details of an emergency contact.
4.5 Information according to Art. 14 DSGVO
If a memoresa emergency card customer deposits you as an emergency contact, we process the following of your personal data:
- First name, last name
- Phone number
We print your personal data on our customer’s emergency card so that first responders can contact you in case of our customer’s emergency. Furthermore, your personal data will be published on our customer’s digital emergency page. The processing of your personal data serves the protection of vital interests (Art. 6Abs. 1 lit. d DSGVO) of our customer; furthermore due to our legitimate interests(Art. 6 Abs. 1 lit. f DSGVO) to offer our customer the emergency card and emergency page with details of an emergency contact. Your data will be stored until they are no longer required to achieve the purpose, in particular to ensure the use of emergency card as well as the digital emergency page. Your data will also be deleted if you are removed as an emergency contact by our customer/client.
4.6 Recipients
Unless and to the extent that we do not print our emergency cards ourselves, we use the service of GERMANCARD Technologies GmbH, Ottostr. 5, 50170 Kerpen, Germany, (hereinafter „GERMANCARD“) to print the emergency cards. We have concluded an order processing agreement with GERMANCARD.
4.7 Information about joint responsibility
About the joint responsibility of the m-operating company and the cooperation partner according to Art. 26 para. 2 sentence 2 of the General Data Protection Regulation (DSGVO).We and the memoresa cooperation partner from whom the emergency card was ordered (hereinafter: cooperation partner)(hereinafter: „We“ or „Responsible Parties“) are jointly responsible for the processing of your personal data and have entered into a corresponding agreement according to Art. 26 DSGVO. In the following we inform you about the essential content of this agreement. We are cooperating in order to make the emergency cards available to end customers as simply and efficiently as possible. Within the framework of the cooperation, the controllers access jointly used systems with contact data (name, e-mail address if applicable, address if applicable), data on medication incompatibilities, and the name and telephone number of the emergency contact provided by the end customer. Access for both responsible parties is technically limited to the extent necessary to fulfill the obligations arising from the cooperation. The parties have divided the main responsibilities in data processing as follows:
- The cooperation partner is responsible in particular for the inclusion of the end customer’s data in the IT system provided to the cooperation partner by memoresa.
- We are responsible in particular for
- the issuance of the emergency card (itself or through a commissioned printer) and the dispatch or the initiation of the dispatch to the respective end customer or the pharmacy of the respective end customer;
- providing an Internet link/QR code on the emergency card that can be used to retrieve the information on the emergency page in emergency situations;
- Providing an activation code for the end customer to change the emergency information stored on the emergency page.
- The responsible parties shall inform each other without undue delay, in particular about the assertion of data subject rights, breaches of personal data protection and requests from data protection supervisory authorities.
memoresa is the central contact point for the assertion of your data subject rights. You can nevertheless in principle assert your rights under the GDPR against a controller of your choice.
4.8 Place and duration of processing
All your data is stored on servers in Germany. The data is stored until it is no longer required to achieve the purpose, in particular to ensure the use of Emergency Card as well as the digital emergency page.
5. Use of our platform/portal
a. Overview of legal basis
All data managed under this clause is used for the purpose of managing your profile and providing related functions, such as editing your profile, processing your deposited contracts and accounts, trusted person details, etc. The following legal bases are relevant for the processing of your customer account data:
- Art. 6 para. 1 p. 1 lit. b DSGVO within the framework of our customer relationship (management of your account; your profile with us; your documents, orders, etc.);
- Art. 6 para. 1 p. 1 lit. f DSGVO in cases where we process your information, for example, for security reasons or other functionalities (legitimate interests);
- Art. 6 para. 1 p. 1 lit. a DSGVO in cases where we obtain consent from you for data processing; possibly in combination with Art. 9 para. 2 lit. a DSGVO if we process special categories of personal data;
- Art. 6 para. 1 p. 1 lit. c DSGVO, if we are obliged to process your data to comply with legal requirements, for example, in the case of retention obligations of invoices or other legally regulated or official processes (requirements from HGB; AO; possibly orders from authorities, etc.);
- Art. 9 para 2 lit. c DSGVO, provided that the data are processed to protect vital interests and you are unable to give your consent (eg in an emergency situation when retrieving your public emergency page);
- Art. 9 (2) lit. e DSGVO, if you have obviously made your personal data public (e.g., if you publish your emergency page and have the QR code and URL to the page created; or also if you order the emergency page stickers).
b. Registration
You can register on our portal. There are several ways to do this:
- Create your own account (with email address and password that you choose);
- Log-In with Google;
- Log-In with Apple;
- Log-In with LinkedIn;
If you register by email, after entering your email address and chosen password, you will receive an email from us with a link to confirm your registration. The link is only valid for a certain period of time. After you have confirmed your registration, you will be able to log in to us with your email address and password in the future.
If you choose the option Log-In with Apple, you log in with your „Apple ID“ and transfer the name stored at Apple. You can choose yourself if you want to log in with your own email address or let Apple hide your E-Mal address. You can also find more information about logging in with Apple at: https://support.apple.com/de-de/HT210318 .
If you choose the Log-In with Google option, you will sign in to our website using your existing Google account and thus not create a standalone log-in to our website. Google will ask you to give your consent for Google to send your name, email address, language preferences and profile picture to memoresa.de. You can also find more information about logging in with Google at: https://support.google.com/accounts/answer/112802 .
If you select the Log-In with LinkedIn option, you will log in to our website using your existing LinkedIn account and thus not create a standalone log-in to our website. A window will then open with a message that we are receiving your name and photo from LinkedIn and your primary email address associated with your LinkedIn account. You can also find more information about logging in with LinkedIn at: https://www.linkedin.com/help/linkedin/answer/a522690 .
When you submit your login/registration, we store your IP address and the date and time of your registration along with the data you provide.
The registration data for your profile will be stored until you delete your profile or inform us (item 1) that the data should be deleted. If you do not use our free portal services for a period of three years after registering (e.g. do not upload any documents, deposit emergency data or carry out any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated. The legal basis for the processing of your personal data, is Art. 6 para 1 lit. b DSGVO.
c. Your user profile with us
In your user profile, you can add or change details at any time. This includes the following information:
- Email address (mandatory field; especially for log-in)
- First name and last name
- Address
- Date of birth
- Birthplace
- Phone number
- Profile picture
With the exception of the e-mail address, the other information is voluntary. The data will remain stored by us until you delete your profile or inform us (item 1) that the data should be deleted. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b DSGVO.
If you do not use our free portal offers for a period of three years after registration (e.g., do not upload any documents, deposit emergency data, or perform any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated. The legal basis for the processing of your personal data, is Art. 6 para 1 lit. b DSGVO.
d. Power of attorney
You can issue us a transmortal power of attorney so that we can take care of your affairs. The following data are mandatory for the creation of the power of attorney:
- First name and last name
- Street and house number
- Date of birth
- Birthplace
- Phone number
- Email address
The Power of Attorney will only be used when we settle your estate as you have left it with us. The power of attorney will not be used for any other purpose. Your deposited document will remain stored with us until you delete it. The legal basis for processing your personal data for the purposes of creating and storing the transmortal power of attorney is Art. 6 para. 1 lit. b DSGVO.
e. Areas
In our portal you will find several areas where you can take actions:
- Digital estate
- Digital order
- Digital Emergency Page
- Favorites
Under „Digital Order“ you can store details of contracts, accounts and other information. This includes, for example: Details of finances, communications, memberships, social media, entrepreneurial world, insurance, utilities, housing and living. You can either select the respective contractual partners from our suggestions or, if they are not available, add content yourself. In some cases, minimum information is required, such as your e-mail address with which you are registered with the contractual partner and the customer number. You can voluntarily enter further information to keep track of your data. For example, you can add monthly costs or annual costs. You also have the option of uploading documents, e.g. invoices or other documents that help to identify the contractual relationship with your contract partner. You can also add or edit other voluntary information for each action. All information is voluntary and can be edited or deleted at any time.
Under „Digital estate“ you can specify a trusted person, deposit powers of attorney, provide details about insurance, deposit online access, create and manage your assets, create subscriptions, create real estate, deposit details about your funeral (burial order, planning, death benefit insurance), deposit your last words, provide details about vehicles/mobility, apartment and house, employer, any liabilities or debts, and deposit a will. Your deposited documents will remain with us until you delete them.
Under „Emergency page“ you can deposit emergency contacts and emergency documents, create a personal first aid page, deposit dispositions and specify insurance policies. For example, you can store a vaccination card, organ donor card or disability card.
On the first aid page, you can enter information about your blood group, any pregnancy, illnesses, pre-existing conditions, allergies, medication, etc. In the digital emergency kit area, you can also store living wills, health care proxies or guardianship directives, life insurance policies, occupational disability insurance policies and other insurance policies.
All information is voluntary and can be edited or deleted at any time.
You can „publish“ (share over the Internet) important emergency information via a QR code created just for you. This information includes the following personally identifiable information (if you choose to voluntarily provide/publish this information):
- Blood group
- Pregnancy
- Diabetes
- Dialysis
- Hemophilia
- Pacemaker
- intolerances
- Pre-existing conditions
- Medical notes
- Allergies
- Medication
- Emergency contacts
- Emergency documents (health care proxy, living will, vaccination card, organ donor card)
Caution : These data are special categories of personal data according to Art. 9 (1) DSGVO, e.g. health data. This information is sensitive. Please share this data with such persons you trust and for whom this information is intended. Your deposited and published information will remain stored or published by us until you block the page again (i.e. the information will then no longer be available online) or until you delete the information. The legal basis for the processing of your personal data, unless it concerns special categories of personal data (e.g. health data), is Art. 6 para. 1l it. B DSGVO, as well as, in the event that you deposit special categories of personal data with us pursuant to Art. 9 (1) DSGVO, Art. 6 (1) lit. a DSGVO in conjunction with. Art. 9 (2) lit. a DSGVO (consent). You can withdraw your consent to the processing of your particularly sensitive personal data at any time by deleting the stored documents. We do not check or view the documents uploaded by you, but only store them for you. We are therefore unable to identify if and when special categories of personal data may be contained in the documents.
Your deposited information will remain stored with us until you delete it. If you do not use our free portal services for a period of three years after registering (e.g., do not upload any documents, deposit emergency data, or perform any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you has ended. The specific privacy information for the emergency card can be found at: www.dienotfallkarte.de/datenschutz .
f. Vaccination Certificate
You can deposit your COVID-19 vaccination certificate in the portal. The portal will then display the QR code and your vaccination status. You can display further data under „further details“, e.g. the date of birth and date of vaccination. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b DSGVO, as well as, for special categories according to Art. 9 para. 1 DSGVO, Art. 6 para. 1 lit. a DSGVO in conjunction with. Art. 9 (2) lit. a DSGVO (consent). You can withdraw your consent to the processing of your particularly sensitive personal data at any time by deleting the stored documents. We do not check whether the vaccination certificate you have deposited was issued to you, or whether it was issued to other persons, if applicable. In the latter case, we ask you to ensure that the person whose certificate you are depositing in the portal is informed by you in advance and has consented to the deposit of the information with us.
Your deposited information will remain stored with us until you delete it. If you do not use our free portal services for a period of three years after registering (e.g. do not upload any documents, deposit emergency data or carry out any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated.
g. 3G proof at work
If your employer performs 3G verification at the workplace through memoresa, you can digitally provide your QR code and proof of vaccination along with your Personal ID to your employer through your employer’s Company Profile. Your employer receives your first and last name, your personnel number and the status „OK“ or „Warning“ (depending on the vaccination proof) via the Company Profile. Your employer will not learn from us which specific proof was provided (e.g. vaccination or recovery). The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a in conjunction with. Art. 9 para. 2 lit. a DSGVO. You can stop the transmission of information to your employer at any time in the portal by no longer sharing your status or deleting the information from the portal. Your deposited information remains stored with us until you delete it again. If you do not use our free portal services for a period of three years after registering (e.g., do not upload any documents, deposit emergency data, or perform any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated.
h. Overview, scan paper folders
Contracts can also be entered and documents deposited via your Overview. You will also find matters already created listed here. In addition, you can instruct us to have a paper folder scanned for you. If you want us to scan a paper folder, we will process your personal address data to send you a box for the folder, if necessary also to return the documents. We also process your contact and payment data to process payment. The documents you send with the folder will be scanned for you by our Leipzig service provider and stored for you in the portal. If you have chosen to have the documents destroyed, we will destroy the contents of the folder for you. If you have selected that we should return your folder to you, you will receive the folder back with all its contents. In order to send you your order, we will pass on your address data to our shipping or logistics service provider for the purpose of delivery. We also process the data required in each case in order to reverse our contract after a revocation or return for any other reason or to check claims. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b DSGVO. The documents scanned for you remain stored for you in your memoresa account until you delete the data.
Your deposited information will remain stored with us until you delete it. If you do not use our free portal services for a period of three years after registration (e.g. do not upload any documents, deposit emergency data or perform any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated.
i. Sub-accounts
If you use a paid version of our portal, you can create sub-accounts to your main user profile. Sub-accounts can be used, for example, to deposit the records of children, other relatives or even pets and to manage their affairs through the portal. The data processing and data storage in sub-accounts correspond to the descriptions in Number 4. When creating sub-accounts, we would like to point out that you should only deposit the data of third parties there if you are acting as a legal representative or authorized agent for the third party or if the third party has given you their consent to do so. It is in our legitimate interest and part of our business model that you can voluntarily manage third party matters through sub-accounts. The legal basis for processing your personal data in connection with sub-accounts is Art. 6 (1) lit. b DSGVO. The legal basis for the processing of third party personal data is Art. 6 (1) lit. f DSGVO and in connection with the processing of special categories of personal data Art. 6 (1) lit. a in conjunction with. Art. 9 para. 1 lit. a DSGVO (consent).
Your deposited information remains stored with us until you delete it again. If you do not use our free portal services for a period of three years after registering (e.g. do not upload any documents, store emergency data or carry out any other activities), we will – after notifying you accordingly – delete your free user account. If you use a paid version of our portal, we will delete your data and your user account when the contract with you is terminated.
j. Orders
If you initiate an order through our portal by using
- changing from the freemium version to the paid comfort or premium version;
- having a folder scanned;
- order an emergency sticker;
- order an emergency card;
- order an immune card;
- or make any other orders;
we process the order data you provide, your address and contact data, and your billing and payment data to process the order. Legal basis for the processing of your personal data is Art. Art. 6 para. 1 lit. c DSGVO in conjunction with supplementary legal requirements, such as HGB/AO. Your personal data related to an order will be stored for a period of 10 years to comply with legal requirements.
k. Information on contacts / deposited persons
You can deposit one or more contacts on our portal. This person will be informed about this by e-mail and can also register on our platform, for example, to accept your request for sharing documents. For each deposited contact you can specify which of your accounts, contracts and other data should be transferred and which information the person you trust should receive. Please make sure that the person you deposit in the portal is informed accordingly by you in advance. It is in our legitimate interest and part of our business model that you can voluntarily share matters with your contacts and that we inform these contacts accordingly. The legal basis for processing the personal data of your contacts is Art. 6 (1) lit. f DSGVO.
l. Feedback form
You can contact us electronically via our Feedback form, for example to inform us of requests, suggestions for improvement or error messages. If you use this option, you transmit the title and content of your message to us. We can also assign your message to your profile on our portal. If you provide us with additional personal data in your message, we will process it exclusively for contacting/contacting you in the context of improving our offer. The processing of your data is carried out for the fulfillment of the (usage) contract with (Art. 6 para. 1 p. 1 lit. b DSGVO).
m. Data transfers
Data from you or information about you will be transmitted or released to third parties in the following cases:
- If you deposit a trusted person, the trusted person will receive an email with the information that you are deposited with us;
- If you want us to file documents with a probate court/register of wills on your behalf, we will transmit your information to the respective probate court;
- If we are to carry out the actions provided for by you on your behalf or on behalf of your heirs;
- If you initiate an order where the transmission of your personal data is required for the order processing of our cooperation partner (eg Immunkarte)
The legal basis for the transmission of your data is Art. 6 para. 1 lit. b DSGVO or, when it comes to the transmission of special categories of personal data (eg health data), Art. 6 para. 1 lit. a in conjunction with. Art. 9 para. 2 lit. a DSGVO.
n. Data sources
We usually receive your personal data directly from you. If we do not collect the data directly from you, the following data sources come into question:
- For log-in: Google, LinkedIn, Apple (as described above in section 4.b)
- memoresa sub-account;
- memoresa partner account;
- probate courts;
- register of wills;
- Persons of trust/emergency contacts named by you, if applicable;
- QR code of a vaccination certificate;
We will store the information you have provided to us under this Item 4 as long as you do not delete your profile with us. If you make changes to your information, the old information will be deleted and only the updated data will be stored. Furthermore, we only store your data in order to fulfill our contractual or legal obligations (e.g. tax obligations) (Art. 6 para. 1 lit. c DSGVO). In this case, we block your data to the extent that it is only processed for the necessary purposes. You can delete or modify your customer account with us at any time. You will find the functions for changing your details or closing your account in your profile.
6. Contact form, contact by e-mail or telephone
You can contact us at any time by contact form, e-mail or telephone. We process your personal data transmitted in the course of correspondence (e.g. your name, telephone number, e-mail address, address) in order to clarify your request. Your data is processed to fulfill the (usage) contract with you if you yourself are our contractual partner as a natural person (Art. 6 (1) p. 1 lit. b DSGVO); otherwise to protect our legitimate interests in offering our services and apps and the legitimate interests of our contractual partners (e.g. the company in which you work) in using the services and apps (Art. 6 (1) p. 1 lit. f DSGVO). In this case, we store your personal data for as long as it is required to clarify the request and/or to conclude, implement or terminate the contract.
7. Social Media
a) Icon links to social networks
On our website, we use small icons, each of which refers to our web presence on third-party platforms (Facebook, Twitter, LinkedIn). In each case, these are hyperlinks, so no data is transferred from you automatically, but only when you click on the icons and a new tab opens in your browser with the website of the third-party provider.
b) Facebook Fanpage
We operate on the social media platform Facebook (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (hereinafter: „Facebook„), a fan page that we link to on our company page via the Facebook icon. As long as you do not click on the link, Facebook does not receive any data from you. If you click on the link, for example to view our corporate presence on Facebook or to „like“ our page, Facebook will receive data from you (which data Facebook receives also depends on whether you are logged in to Facebook with your user profile while you click on the page or not). While Facebook uses this data under its own responsibility to create profiles, among other things, we can only see aggregated data on our company homepage, i.e. statistics that no longer have any personal reference. These are called „page insights.“ More information about Page Insights can be found at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Due to the requirements of the DSGVO, we have entered into an agreement with Facebook provided by Facebook, which regulates the joint responsibility for our Fan Page. You can find this agreement in German at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. It follows that Facebook is primarily responsible for the aggregated Insight data. In addition, Facebook will comply with all obligations under the GDPR with respect to the processing of Insights Data (including, without limitation, Articles 12, 13 GDPR, Articles 15-22 GDPR and Articles 32-34 GDPR). If you send us a request regarding our Facebook fan page, we will inform Facebook in a timely manner. Facebook will respond to the request in accordance with our agreement. Our legitimate interest in processing personal data lies in the use and linking of different communication channels. The processing is based on the following legal grounds Art. 6 para. 1 p. 1 lit. A and f DSGVO (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Facebook’s data policy at the following link: https://www.facebook.com/policy.php.
We have entered into contracts with Facebook for data transfers to the US, including the standard contractual clauses. You can find out more here https://www.facebook.com/legal/technology_terms. Facebook is still certified under the Privacy Shield; however, we do not base data transfers to the US on this. Information on this can be found at: https://www.facebook.com/about/privacyshield and https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.
c) LinkedIn
We operate a website on the social media portal LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). We share some responsibility with LinkedIn for data processing that takes place on our LinkedIn page (https://www.linkedin.com/company/memoresa). We process personal data via LinkedIn when we create or comment on postings and report on our company. The legal basis for the data processing is your consent pursuant to Art. 6 (1) lit. a DSGVO, if you have given us such consent (e.g. for the publication of photos or videos) and/or our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, e.g. because the reporting or interaction on the social media portal serves to publicize our company or our activities. The storage period depends on how long we need to maintain the data processing to achieve our purposes. If you revoke your consent to us and there is no other basis for the data processing, we will delete your personal data under the conditions of Art. 17 DSGVO. We have with LinkedIn partly a commissioned processing (https://legal.linkedin.com/dpa/DE) and partly, at least with regard to the „Insight Data“ (only visible to us as statistics), which we can view on our profile, a joint responsibility (more here: https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn’s privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy?trk=lithograph_footer-privacy-policy Since LinkedIn is a company whose parent company is in the USA, it is generally not excluded that a data transfer to the USA or other third countries takes place. For any data transfer, we rely on EU standard contractual clauses. You can find more information on this at: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
d) XING
We have a company page on the social media portal XING (New York SE, Dammtorstraße 29-32, 20354 Hamburg, Germany). We process personal data via XING when we create or comment on postings and report on our company. The legal basis for data processing is your consent pursuant to Art. 6 (1) a DSGVO, if you have given us such consent (e.g. for the publication of photos or videos) and/or our legitimate interests pursuant to Art. 6 (1) f DSGVO, e.g. because the reporting or interaction on the social media portal serves to publicize our company or our activities. The storage period depends on how long we need to maintain the data processing to achieve our purposes. If you revoke your consent to us and there is no other basis for data processing, we will delete your personal data under the conditions of Art. 17 DSGVO. You can find XING’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.
e) Instagram
Promoter of the sweepstakes is us. Facebook is not associated with our Sweepstakes and it is not sponsored, endorsed or organized by Facebook in any way; Facebook is not the contact for it and cannot be held liable. Terms of participation: Participation is by replying to our 24h story on the sweepstakes. Eligible are our followers who are at least 18 years old and have responded to our story. Multiple participation is not permitted. There is only one winner. A voucher for the Toni-Box or Toni-Box accessories will be raffled. Prizes in kind cannot be redeemed for cash. Promotion period: Duration of the story: 24h. The winner will be determined after 24 hours by drawing lots among the answers to the story sent to us. The winner will be randomly selected after the 24 hours and will be contacted by us. The winner must get back to us via a personal message on Instagram within seven days after the winner has been published, otherwise the prize will be forfeited. Data protection: Your personal data will be processed by us in accordance with the statutory provisions and used for participation in the draw for the competition. The purpose of the processing is the implementation of the sweepstakes. The legal basis is Art. 6 para. 1 lit. b DSGVO (for the implementation of pre-contractual measures or for the performance of the contract). Your data will only be processed for the determination and notification of the winner and for the transmission of the prize. We use and store the information about the winner for the notification, determination of the age and the transmission of the prize. In addition, personal data is only stored for the purpose of complying with statutory retention obligations (commercial and tax regulations). You can find our comprehensive data protection declaration with further information on your data subject rights at any time at: https://memoresa.de/de/datenschutz/.
8. Processing of your personal data in sweepstakes
If you participate in a sweepstakes from us, your personal data will be used by us for participation in the draw for the sweepstakes. The purpose of the processing of your personal data is the implementation of the sweepstakes. In this respect, the legal basis is Art. 6 (1) lit. b DSGVO. Your data will only be processed for the determination and notification of the winner as well as for the transmission of the prize. The comments under our competition posting are public on the platform Facebook or Instagram of the Meta Platform Irelands LTd, 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland and will not be deleted by us. However, you can remove your comment yourself at any time. To announce the winner, we will publish the winner’s username on our Instagram profile in a post/in the Stories or on our Facebook profile in a post/in the Stories so that this person can contact us within seven days. We will then request your date of birth to determine if you are at least 18 years old. We will use and store the winner’s information for the purposes of notification, age verification and prize submission. The winner’s data will continue to be stored for the duration of the subscription won. In addition, personal data is only stored for compliance with statutory retention obligations (commercial and tax regulations).
9. Your rights
You can assert your following rights against us at any time.
9.1 Right to information
You have the right to receive information from us (Art. 15 DSGVO) about the processing of your personal data.
9.2 Right of rectification
You have the right to request that we correct (Art. 16 DSGVO) any personal data concerning you that is inaccurate or incomplete.
9.3 Right to object
If the processing is based on a legitimate interest of m-Betriebsgesellschaft mbH or a third party or is in the public interest or is carried out in the exercise of official authority, you have the right to object to the processing of your data on grounds relating to your particular situation. In case of objection, we ask you to inform us of your reasons for objecting to the data processing. In addition, you have the right to object to data processing for direct marketing purposes without giving reasons. This also applies to profiling, insofar as it is related to direct advertising..
9.4 Right to erasure
You have the right to request the deletion of your data if the conditions set out in Art. 17 DSGVO are met. According to this, you can, for example, demand the deletion of your data insofar as it is no longer necessary for the purposes for which it was collected. In addition, you can demand deletion if we process your data on the basis of your consent and you revoke this consent.
9.5 Right to restriction of processing
You have the right to request the restriction of the processing of your data if the conditions of Art. 18 DSGVO are met. This is the case, for example, if you dispute the accuracy of your data. For the duration of the verification of the accuracy of the data, you can then request the restriction of processing.
9.6 Right to data portability
If the data processing is based on consent or the performance of a contract and if it is also carried out using automated processing, you have the right to receive your data in a structured, common and machine-readable format and to transfer it to another data processor (Article 20 DSGVO).
9.7 Right of withdrawal
If the data processing is based on consent, you have the right to revoke the consent with effect for the future at any time free of charge.
9.8 Right of appeal
You also have the right to complain about our processing of your data to a supervisory authority (e.g. the Saxon Data Protection Commissioner, Devrientstraße 5, 01067 Dresden).
10. Information about cookies on our website
10.1 Cookies
Please note the following: you can yourself ensure that no cookies are stored on your computer at all, or that the storage of only certain cookies is allowed. You can select this in your Internet browser settings. You can also view and delete the stored cookies there. If you block all cookies, you may not be able to use all the features of our website. We use cookies on our website. Cookies are text files that are sent from our web server to your browser during your visit to our website and are stored on your computer for later retrieval. A cookie therefore enables your internet browser to be identified when you visit the website again. There are session cookies, which are those that delete themselves when you close your browser, and there are persistent cookies, which are stored on your hard drive until their preset expiration date is reached or until they are actively removed by you. We use our own cookies to ensure the functionality of our website.
Some elements of our website require that your internet browser is recognized after a page change. In the overview you can understand for what purposes your data is collected and over what period of time it is stored:
hubspotutk: tracks the visitor ID, duration: 13 months.
__hstc: stores time of website visit, duration: 13 months
__hssc: tracks sessions for HubSpot software, duration: 30 minutes.
__hssrc: is set when HubSpot software changes the session cookie, duration: until the browser session is closed.
complianz_consent_status:stores the cookie selection, Duration: 365 days.
pll_language: stores language settings, duration: 1 year.
cfduid: serves security settings, hashes/anonymizes IP addresses, duration: 30 days.
For the processing of personal data in cookies that we set on our website to ensure the functionality of our website and our offer, the legal basis is Art. 6 (1) lit. f DSGVO, provided that personal data are contained in the cookies. We also use cookies that are basically not necessary, but helpful for example, to ensure the functionality of our website and to collect and analyze statistics about visits to our website. In the overview you can understand for which purposes in this case your data is collected and over what period it is stored:
cmplz_stats: stores cookie selection, statistics, duration: 365 days.
cmplz_all: stores the cookie selection, marketing, duration: 365 days.
complianz_policy_id: stores cookie selection, duration: 365 days For the processing of personal data in cookies that are not necessary to ensure the functionality of our website, we obtain your consent. Therefore, the legal basis is Art. 6 (1) lit. a DSGVO.
Possibility of objection and removal.
As communicated in the introduction of this section, you can enable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored by your Internet browser can be deleted there at any time. If cookies are restricted or disabled for our website, it may not be possible to use all functionalities. We use cookies from so-called „third-party providers“ on our website. This means that in the course of your visit to our website, data from in your web browser is transferred to the third party’s web server and stored there. The processing operation triggered on our website is therefore a transmission. We do not receive your personal data.
10.2 Google Analytics
On our website, the analysis service Google Analytics of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: „Google Analytics„) is implemented. Google Analytics sets cookies that store the following information:
- Type of Internet browser used
- version of the Internet browser
- The operating system you are using,
- Referrer (previously visited website)
- Your shortened IP address
- Time of the server request
Cookie name, purpose and storage period
_ga: used to distinguish users to generate statistical data about website usage; duration: 2 years.
_gat: limits the request rate for Google Analytics; duration: until the browser session is terminated
_gid: used to distinguish users to generate statistical data about website usage; duration: 24 hours.
We use a feature of Google Analytics that anonymizes your IP address before storing or processing it. As a rule, your IP address is still shortened within the European Union/EEA and only then transferred, for example, to Google servers in the USA. The processing of your information is pseudonymous and we will not merge it with other personal data from you. We are only shown statistics via the tool, which we can use to optimize our website and offers. Before we set the cookies, we obtain your consent for this via our cookie consent banner (Art. 6 (1) lit. a DSGVO). The cookies are then set if you allow a statistical analysis. You can prevent the collection of data generated by the cookie and related to your use of the website (including your (anonymized) IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can prevent Google cookies from being stored either directly in your browser settings yourself, or prevent the processing of your data by clicking on the following link and bringing about an „opt-out“: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable. In doing so, an „opt-out cookie“ will be set, which will prevent a collection of your user data on this website in the future, unless the opt-out cookie is deleted. Google’s privacy policy can be found at the following link: https://policies.google.com/privacy?hl=de. Google is still certified under the Privacy Shield, but we still cannot rely on it for data transfer. We set the cookies with your consent and therefore also process your data on the basis of consent (Art. 6 para. 1 p. 1 lit. a DSGVO) as well as on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f DSGVO). You can revoke your consent at any time by deleting the cookies from your browser. Information on the Privacy Shield can be found at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI and https://policies.google.com/privacy/frameworks?hl=de&gl=en.
10.3 Hotjar
This website uses the web analytics service of Hotjar Limited („Hotjar“) based on the consent of website visitors. Hotjar uses „cookies“, which are text files placed on your computer, to help the website analyze how users use the site. In addition, Hotjar will use this information to evaluate your use of the website and to compile reports on website activity.
11. Other Notices
Our privacy information can be found at: https://memoresa.de/de/datenschutz/
Updated: February 2023