In order to document existing data protection structures, a so-called dynamic data protection manual was drawn up and, once the initialization phase was complete, implemented. Within the scope of an iterative process, the manual will be issued in new versions as it is continually revised to reflect the changing circumstances in the company.
The manual has been drawn up in such a way as to be compatible with a data protection audit, to which it is subject by law.
The current German Federal Data Protection Act (BDSG) provides that new DP systems, with which personal data is processed, cannot be put to use until the DPO has carried out a so-called preliminary check. On an ongoing basis, therefore, and with the interaction of others involved at the company, the DPO checks the requirements under data protection law of such DP systems.
If you have any queries or suggestions concerning data protection, please contact:
|Stefan Ahlhaus||Robert Niedermeier|
|Tel.+49 (0)171 2440099|
|Fax +49 (0)89 66002036|
List of procedures for KARL STORZ GmbH & Co. KG
BDSG stipulates in §4g that the data protection official shall make the following information under §4e available to anyone in an appropriate manner:
1. Information on the controller (§4e sentence 1, Nos. 1-3 BDSG)
1.1 Name of the controller :
KARL STORZ GmbH & Co. KG
Dr. h. c. mult. Sybill Storz
1.3 Responsible for data processing:
1.4 Address of the controller:
2. Information on the automated processing procedures
(§4e sentence 1, Nos. 4-8 BDSG)
2.1 Purpose of collecting, processing or using data:
The objects of the company are the development, manufacture and sale of its own or other medical instruments and devices.
Data is collected, processed and used to attain the above-mentioned objects, taking into account the statutory regulations.
2.2 Description of the group of data subjects and the appurtenant data or categories of data:
Customer, employee data as well as data from suppliers, provided that it is necessary to fulfill the purposes stated under 2.1.
2.3 Recipients or categories of recipients to whom the data may be transferred:
Dealers in medical devices, medical equipment, hospitals and physicians, in order to fulfill the purposes stated under 2.1.
2.4 Standard periods for the erasure of data:
German law has enacted many different preservation obligations and periods. At the end of these periods, the relevant data is erased as a matter of routine. Data unaffected by this is erased when the purposes stated under 2.1 no longer apply.
2.5 Planned data transfer to third states:
Data is only transmitted to third countries in accordance with the law and/or with the consent of the data subject concerned.