1. Name and Contact Information for the Party Responsible for Processing Data

This information on data protection applies to data processed by:

RHÖN-Innovations GmbH
Schlossplatz 1
97616 Bad Neustadt / Saale
Tel.: +49 9771 65-12250
Fax: +49 9771 99-1736

2. Processing Personal Data, Type and Purpose of its Use

a) General Information

This webpage can be visited without having to register. Personal data are generally only processed with your consent. An exception hereto applies where it is not possible to obtain prior consent due to circumstances and/or statutory provisions permit the data to be processed. Personal data in the sense of Art. 4, No. 1, EU General Data Protection Regulation (GDPR), means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The following informs you as a user of this webpage about the type, scope and purpose of collecting and using your data.

b) Legal Basis for Processing Personal Data

Art. 6, Subsection (1), Lit. a), GDPR, serves as the legal basis as far as consent by the person concerned is to be given for the processing of the personal data. Art.6, Subsection (1), Lit. b), GDPR, serves as the legal basis for processing personal data which is necessary for the performance of a contract to which you are a contractual party.

This also applies to processing which is necessary to take steps prior to entering into a contract, e.g. in the preparation of contracts, such as hiring staff. Art. 6, Subsection (1), Lit c), GDPR, serves as the legal basis for processing personal data which is necessary for compliance with a legal obligation to which RHÖN-Innovations GmbH is subject. Art. 6, Subsection (1), Lit f), GDPR, serves as the legal basis for processing personal data which is necessary for the purposes of a legitimate interest pursued by RHÖN-Innovations GmbH or by a third party and if your interests, fundamental rights and freedoms do not override the former interest.

c) Erasure of Data and General Storage Period

Your personal data are erased or blocked as soon as the purpose for storing the data no longer exists. The data can be stored for a longer period if this was envisaged by European or national legislation in European Union regulations, laws or other regulations to which RHÖN-Innovations GmbH is subject. Data are also blocked or erased if a storage period which is prescribed by the above norms expires unless it is necessary to retain the data in order to enter into or perform a contract.

d) Data Processing When Visiting this Webpage

No server log files or IP addresses are stored when you visit this webpage.

e) Data Processing in Connection with E-Mail

It is possible to contact us in a non-encrypted manner via the e-mail addresses provided on the webpage. Your personal data which are transmitted with the e-mail are stored in this case. You will receive the information that non-encrypted communication via e-mail does not generally provide a secure method for transmitting data via the internet. Please do not send sensitive data, such as medical data, to RHÖN-Innovations GmbH via e-mail. We strongly advise you to use the postal service or the telephone for this.

Personal data are only collected when and to the extent that you provide the data voluntarily. The data are only passed on to third parties without your consent if RHOEN-Innovations GmbH is obliged to do so by law (Art. 6, Subsection (1), Lit. c), GDPR). Another legal basis for processing data transmitted via e‑mail is Art. 6, Subsection (1), Lit. f), GDPR. If the e-mail contact is geared towards entering into a contract, another legal basis for processing the data is Art. 6, Subsection (1), Lit. b), GDPR.

The data are erased as soon as they are no longer required for achieving the purpose of their collection. This is the case for the personal data transmitted via e-mail when the respective conversation with the user is finished. The conversation is finished when it can be derived from the circumstances that the subject matter concerned is completely clarified.

Messages are stored for as long as they are required for the respective matter to be processed.

3. Passing on Data

We do not pass your personal data on to third parties for purposes other than those listed below. We only pass your personal data on to third parties if:

·  You have given your explicit consent thereto pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (a), GDPR;

·  Passing on the data is necessary pursuant to Art. 6, Subsection (1), Sentence 1, Lit. f), GDPR, for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection that we do not pass on your data;

·  There is a legal obligation for passing on the data pursuant to Art. 6, Subsection (1), Sentence 1, Lit. c), GDPR; and

·  This is permitted by law and necessary for processing contractual relationships with you pursuant to Art. 6, Subsection (1), Sentence 1, Lit. b), GDPR.

4. Cookies

Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit a website.
Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.

This website uses the session cookie SRVNAME.This is technically necessary to maintain the general functionality of the website. It assigns the user to a server and recognizes possible errors on certain servers. This enables the website to assign the user to a server without errors.

5. External Service

For the purpose of data processing, the external service provider Insignio CRM GmbH, Ludwig-Erhard-Straße 14, 34131 Kassel, Germany, is used, which processes the data strictly in accordance with instructions within the scope of commissioned processing pursuant to Art. 28 DS-GVO. The service provider Insignio CRM GmbH uses the subcontractors Interlutions GmbH, Neusser Str. 27-29, 50670 Cologne and Leaseweb Deutschland GmbH, Kleyerstraße 75-87, 60326 Frankfurt am Main to process the data. The subcontractors are obligated in accordance with the requirements of the order processing agreement between RHÖN-KLINIKUM AG and Insignio CRM GmbH.

6. Rights of Affected Persons

You have the right:

a) Pursuant to Art. 15, GDPR, to obtain access to your personal data which RHÖN-Innovations GmbH has processed. You can request access, in particular, to the purposes for processing the data, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the envisaged storage period, the existence of a right to request rectification, erasure and/or restriction of the data processing or objection thereto, the existence of a right to lodge a complaint, the source of your data if not collected from RHÖN-Innovations GmbH as well as the existence of automated decision-making, including profiling, and as necessary meaningful information to their details;

b) Pursuant to Art. 16, GDPR, to obtain without undue delay rectification or completion of your personal data stored at RHÖN-Innovations GmbH;

c) Pursuant to Art. 17, GDPR, to obtain the erasure of your personal data stored at RHÖN‑Innovations GmbH unless the data processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

d) Pursuant to Art. 18, GDPR, to obtain the restriction of processing your personal data if you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data, RHÖN-Innovations GmbH no longer needs the data but you require the data for the establishment, exercise or defence of legal claims or you have objected to the data being processed pursuant to Art. 21, GDPR;

e) Pursuant to Art. 20, GDPR, to receive your personal data which you provided to RHÖN‑Innovations GmbH in a structured, commonly used and machine-readable format or to transmit said data to another party responsible for processing data;

f) Pursuant to Art. 7, Subsection (3), GDPR, to withdraw at any time your consent once given to RHÖN-Innovations GmbH. This results in the fact that RHÖN-Innovations GmbH is no longer permitted in the future to continue to process the data which were the basis for the consent; and

g) Pursuant to Art. 77, GDPR, to lodge a complaint with the competent supervisory authority. The data protection supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA – Bavarian Data Protection Authority), Promenade 27, 91522 Ansbach, Germany.

Should you wish to make use of any of your rights as an affected person as stated in a) to f), it is sufficient to send a letter to the adress of cipher 1 or e‑mail to the adress:

7. Right to Object

If your personal data are processed based on legitimate interests pursuant to Art. 6, Subsection (1), Sentence 1, Lit. (f), GDPR, you have the right pursuant to Art. 21, GDPR, to object to the processing of your personal data on grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case you have a general right to object, which right shall be granted by RHÖN-Innovations GmbH without the need for details of a particular situation.

Should you wish to make use of your right of withdrawal or your right to object, it is sufficient to send a letter to the adress of cipher 1 or E-Mail to the adress:

8. Data Security

This webpage uses Transport Layer Security together with AES 256 Bit encryption. You can see that this webpage is encrypted from the closed image of the key and/or lock in the status line at the bottom of your browser.

9. Existence of Automated Decision-Making / Profiling

Automated decision-making or profiling in the sense of Art. 22, GDPR, does not take place.

10. Validity und Modification of this Data Protection Declaration

This data protection declaration is currently valid as of 9th September 2020. It may become necessary to modify this data protection declaration when the webpage is updated or if statutory stipulations are changed. You can view and print the current data protection declaration under