Compliance with data protection regulations is very important to GPC Medical Ltd (hereinafter referred to as "GPC Medical", "we" or "us"). We would thus like to inform you about the processing of your personal data, in particular about the purposes of the respective data processing as well as the processed data categories, subdivided according to individual services or forms of use, and about the rights to which you are entitled.
With regard to the related terminology, such as "personal data" or "processing", we refer to the relevant definitions in Art.4 of the General Data Protection Regulation (GDPR).
GPC Medical Ltd.
GPC Square, M Block
DDA LSC, Vikas Puri,
New Delhi – 110018(INDIA).
Email: firstname.lastname@example.org, email@example.com
We will be happy to answer them. Upon request, we will also make corrections, additions, or deletions to your personal data, as well as comply with your other data subject rights.
We take appropriate technical and organisational measures in accordance with Art.24, 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to personal data, as well as access to, input, disclosure, ensuring availability and segregation of personal data.
We also have procedures in place to ensure the exercise of data subjects' rights, deletion of personal data and response to threats to personal data.
Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server. Third-party security measures include in particular IP masking (pseudonymisation of your IP address).
If we disclose personal data to third parties and companies - including group companies - in the course of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of:
If we commission so-called "processors" with the processing of personal data we do so on the basis of a "processing agreement" and thereby secure the necessary influence and control powers with regard to the processing and use of personal data, in accordance with Article 28 of the GDPR. 5.
Our main operations are based in India and our offices are placed across the globe for example the USA, Malaysia, and Colombia. Your personal information is generally processed, stored and used in global data centres. We take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the EU and the EEA.
Where we need to transfer your data outside the EU and the EEA, we will use one of the following safeguards:
In particular, we process the following categories of data:
We collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art.6 Par.1 lit. f GDPR. The access data includes the path of the web site accessed, associated files, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider as well as other browser header data. In particular, the processing of your IP address as a personal data is necessary for the communication between your browser and our server.
Log file information is stored for a period of 6 months for security reasons (e.g., to clarify acts of abuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified. As a matter of principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c GDPR.
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When calling up the social networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.
We process your personal data insofar as you communicate them within the social networks and platforms, e.g., by writing posts on our online presences or sending us messages. In addition, Facebook may, among other things, provide statistics and insights (e.g., total page views, likes, page activity, post interactions, video views, post reach, comments, shared content, replies, etc.) that help us gain insight into the types of actions you take on our online presences. This enables us, among other things, to better understand your interests and preferences and can, for example, increase the attractiveness of posts or our performance presentation or choose the right time to publish them.
Please note that your personal data may also be processed by the respective operator outside the European Union or the European Economic Area. As a result, risks may arise for you, in particular the enforcement of rights may become more difficult.
If you click on the button of the respective operator, you will be forwarded to our respective online presence in a separate browser window and can share or subscribe to our news there, among other things - provided you are logged in to your user account. The button establishes a direct connection between your browser and the server of the respective operator. The respective operator thereby receives the information that you have visited our web site with your IP address. The respective operator may collect further personal data as soon as you use their offers. In addition, it is then possible for the respective operator to assign your visit to our web site - provided you are logged into your user account - to you and your user account.
In addition, your personal data may be processed for market research and advertising purposes. This means that profiles can be created from your usage behaviour and the preferences and interests derived from it. Such profiles can be used, for example, to place suitable advertisements within our online presence or on other online presences or web sites on the basis of the interests determined. Cookies are placed and stored on your terminal device, with the help of which personal data on user behaviour can be collected and bundled for further processing - to determine your interests. The collection and bundling of this personal data can - especially if you are logged into your user account - also be realised across several end devices used by you.
The processing of your personal data is based on our legitimate interests in effective information and presentation of services and direct communication with you in relation to our online offer in accordance with Art. 6 (1) f of the GDPR.
If you wish to request information or exercise other rights to which you are entitled, we ask you to first contact the respective operator directly. The background to this is that, in principle, only the respective operators have access to your personal data and can provide you with the relevant information and, if necessary, take further measures. However, should you require assistance in exercising the rights to which you are entitled, you can also contact us at any time.
When contacting us (via contact form, telephone, fax, post or e-mail) or when you send us your Feedback or when requesting our Catalogue or a Quote, your personal data will be processed in order to handle your enquiry and its processing in accordance with Art. 6 Para. 1 lit. b and lit. f of the GDPR. As a rule, we delete enquiries 3 months after their receipt, at the latest, however, if they have been answered. In the case of legal storage obligations that must be observed, the deletion takes place after their expiry.
If you register as a vendor or distributor, we will request mandatory and, where applicable, business data and data for our Vetting obligations in accordance with our registration form for the purposes stated. The entry of your data is encrypted so that third parties cannot read your data when it is entered.
The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR and in the case of Vetting obligations according to Art. 6 para. 1 lit. c GDPR.
Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
As a registered user or vendor or distributor, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. When creating a profile, you can submit personal data. You have choices about the information on your profile. You don't have to provide additional information on your profile; however, profile information helps you to get more from our Services. It's your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR and in the case of Vetting obligations (applicable only to vendors) according to Art. 6 para. 1 lit. c GDPR.
Your data from the form will be transferred to us after you press the "Submit" button. Your data will be kept until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. The legal basis for the use is our legitimate interest is the effective organization of our business.
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 para. 1 lit. b GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 para. 1 lit. a GDPR. The legal basis for data processing after a rejection is Art. 6 para. 1 lit. f GDPR.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
By subscribing to our newsletter, you agree to receive it and to the procedures described. We send e-mails and other (electronic) notifications with promotional information (hereinafter "newsletter") only with your consent or on the basis of legal permission. If the contents of a newsletter are specifically described in the registration, they are decisive for the consent. In addition, our newsletters contain information about our products, offers, promotions and our company. The newsletter is sent by us or, if applicable, by a shipping service provider commissioned by us.
Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your (personal) data stored with the dispatch service provider are logged.
To register for the newsletter, it is sufficient to enter your e-mail address. The dispatch of the newsletter and the measurement of its success are based on your consent in accordance with Art.6 Para.1 lit. a Art.7 GDPR. The logging of the registration process is based on our legitimate interests pursuant to Art.6 Para.1 lit. f GDPR and serves as proof of consent to receive the newsletter.
You can revoke your consent to our newsletter at any time. You will find a link to unsubscribe at the end of each newsletter. Your (personal) data will be deleted in the event of a revocation.
We process data of our contractual and business partners, e.g., customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer enquiries.
We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioural marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.
We use content or service offers from third-party providers within our online offer. This is done on the basis of our legitimate interests (interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR or on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). The prerequisite for this is that the third-party providers perceive your IP address, as without the IP address they would not be able to send the content to your browser. The IP address is thus required for the display of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to analyse information such as visitor traffic on the web site. The pseudonymous information may also be stored in cookies on your device and may contain, among other things, technical information about the browser and operating system, referring web sites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.
We have integrated YouTube components within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In the process, YouTube or the operating company Google receives information about which sub-page within our online offers has been called up by the respective user. In addition, further information such as the IP address, the browser used, the operating system as well as technical device information, date and duration of the visit are forwarded. If the user is logged in to YouTube with the same device at the same time as visiting our online offers, YouTube recognises the user when a single page containing a YouTube video is called up. This takes place regardless of whether the data subject clicks on a YouTube video or not. This information can be collected by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "Privacy Mode". We always use the "Privacy Mode", if this is possible.
The cookies of Google Analytics are used to collect visitor sessions and behavioural data for analysis reports. This enables us to obtain information about the use of our offers on different devices ("cross device") and to improve the user-friendliness of our offers with the results obtained. Pseudonymised user profiles are used for this purpose, which do not receive any personal data such as names or e-mail addresses, and such data are not transmitted to Google. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity for website operators. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics with activated IP anonymisation (integration of the anonymizeIP function). This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other Google data. We would like to point out that the use of IP anonymisation does not result in fundamental anonymisation, as further usage data is nevertheless collected.
We integrate Google`s "reCAPTCHA" function to be able to recognise whether entries (e.g., in online forms) are made by humans and not by automatically acting machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies as well as results of manual recognition processes.
We use the Google Maps service on our website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. f) GDPR.
Instead of deleting your personal data, we will, if necessary, anonymise it in a way that irreversibly excludes the possibility of restoring the personal data in the future.
According to the legal requirements, data is stored for 6 years (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc. books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
You have the right to revoke your consent to the processing of your personal data in accordance with Article 7 (3) of the GDPR at any time with effect for the future. Processing that took place before the revocation therefore remains lawful.
Pursuant to Article 15 of the GDPR, you may request information about your personal data processed by us.
Pursuant to Article 16 of the GDPR, you may request the immediate correction of inaccurate or incomplete personal data stored by us.
Pursuant to Art. 17 of the GDPR, you may request the deletion of your personal data stored by us in accordance with the conditions specified therein, unless legally prescribed retention periods prevent immediate deletion (cf. Art. 17(3) of the GDPR) and/or another case of Art. 17(3) of the GDPR exists and/or a new purpose justifies further processing.
Pursuant to Article 18 (1) of the GDPR, you may request the restriction of data processing if one or more conditions pursuant to Article 18 (1) of the GDPR (a) to (d) apply.
Pursuant to Article 20 (1) of the GDPR, you may receive the personal data processed by us in a structured, common and machine-readable format and transfer this data to another controller without hindrance from us.
Furthermore, you may object to the processing of your personal data pursuant to Art.21 (1) of the GDPR. In the event of an objection, we will stop processing your personal data. However, the right to object only applies in the event of special circumstances arising from your personal situation. In addition, compelling legitimate grounds which justify the processing may prevail. In addition, certain processing purposes may conflict with your right to object.
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with the competent supervisory authority (cf. Art. 77 GDPR) if you believe that the processing of your data violates data protection law. In this context, however, we ask you to first address a possible complaint to us. We will then try to remedy the situation as quickly and as best as possible.
If you wish to assert your above rights, please contact us.
Databases or data sets that include personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.