Informationen zur aktuellen SARS-CoV-2 Situation: Aktuelles   |   News regarding the current SARS-CoV-2 Situation: News

Data Protection Notice for Clients and Interested Parties.
In accordance with Art. 13, 14 and 21 General Data Protection Regulation (GDPR)

The following information provides an overview of how we process your data and your right with regards to this data.

1. Who is responsible for processing my data and whom can I contact with questions?

Responsible organization::

Use-Lab GmbH

Represented by the managing director Torsten Gruchmann

Am Campus 2

48565 Steinfurt

Tel: +49 (0) 2551 962 483

Fax: +49 (0) 2551 962 635


We have an ext. data protection officer. His contact information is:

Nils Möllers

Keyed GmbH

Tel: +49 (02505) 63 9797

Fax: +49 (02505) 63 9777

2. What data and sources do we use?

We process personal data that we have received from you in context of our business relationship. To the extent necessary to provide our services, we also process personal data that we have legitimately received from third parties with your permission or received to preserve our justified interests.

Relevant personal data includes details like your name, address and other contact data. In addition, this data may include order data, data gathered while fulfilling our contractual obligations, advertising and sales data, documentation data (in particular consultation minutes), register data, data about your use of our digital media (in particular, times at which you have visited our website or opened our newsletter, which pages you've viewed on our website, etc.) as well as other comparable data. When necessary, we also work with personal data from publicly available sources (in particular, records of debtors, land registers, commercial and association registers, the press, media) to which we have gained access in a lawful manner and which we are allowed to process.

3. To what end and on what legal basis are we processing your personal data?

We process personal data in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

a) Based on your consent (Art. 6 para. 1 lit. a) GDPR)

If you have given us your consent to process personal data for specific purposes (in particular the forwarding of data and the evaluation of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the DSGVO, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

b) To fulfil contractual obligations (Art. 6 para. 1 lit. b) DSGVO)

The processing of personal data is carried out to execute our contracts with you and the execution of your orders, as well as all necessary activities in connection with this and also pre-contractual measures. The purposes of the data processing are primarily based on the specific content of the contract.

c) Within the framework of legitimate interests (Art. 6 para. 1 lit. f) GDPR)

As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. These are in particular:

  • Examination and optimisation of procedures for the analysis of requirements and direct customer contact;
  • advertising or market and opinion research, unless you have objected to the use of your data in this regard;
  • assertion of legal claims and defence in the event of legal disputes;
  • guaranteeing IT security;
  • Measures for business management and further development of services and products.

4. Who receives your data?

Your personal data will be given to those who require it in order for us to fulfill our contractual and legal obligations. External processors (Art. 28 DSGVO) whom we have engaged may also receive your Data for the purposes given. These include, among others, IT service providers, logistics, printing services, telecommunications, collection, advice and consulting and sales and marketing and address research. We may only disclose information about you if we are legally required to do so, if you have given your consent, or if we are authorized to.

Under these requirements, recipients of personal data might be, for example:

  • Relevant authorities (in particular notaries and courts)
  • Other recipients of data might be any units for which you have given your consent to the transfer of data.

5. For how long will my data be stored?

We process and store your personal data as long as it is necessary for the performance of our contractual obligations, which includes the initiation and completion of a contract. We are also obligated to uphold various statutory retention and documentation requirements; these time limits are up to ten years in duration. Finally, how long we store your data depends on statutes of limitation, which are generally three years, but in some cases may be up to thirty years.

Use-Lab GmbH must take into account the retention periods of the Medical Devices Ordinance, as the clients are subject to this ordinance. In detail, manufacturers are subject to at least the following retention periods:

"Manufacturers shall keep at the disposal of the competent authorities the technical documentation, the EU declaration of conformity and, where appropriate, a copy of relevant certificates issued in accordance with Article 56, including any amendments and supplements, for at least ten years after the last product covered by the EU declaration of conformity has been placed on the market. In the case of implantable products, this period shall be at least 15 years from the date on which the last product was placed on the market", Article 10 para. 8 MDR (Medical Device Directive).

6. Is data transferred to a third country or to an international organization?

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is required for the execution of your orders, prescribed by law, or if you have given us your consent.

7. What are your data protection rights?

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the person responsible:

  1. Right to information (Art. 15 GDPR)
  2. Right of rectification (Art. 16 GDPR)
  3. Right of cancellation (Art. 17 GDPR)
  4. Right to restrict processing (Art. 18 GDPR)
  5. the right to data transferability (Art. 20 GDPR)
  6. the right to object (Art. 21 GDPR)

*The full description of the rights of data subjects can be found at:

Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the DPA. With regard to the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply.

The supervisory authority with which the complaint was lodged will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy in accordance with Article 78 GDPR. They may also contact the competent data protection supervisory authority (right of appeal under Article 77 GDPR in conjunction with Article 19 BDSG):

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Cavalry tr. 2-4

40213 Düsseldorf

Phone:   +49 (0) 211/38424-0

Fax:   +49 (0) 211/38424-10

8.What data are you obligated to provide us with?

Within the scope of our business relationship, you only need to provide personal data which is necessary for the initiation and execution of a business relationship and the performance of the associated contractual obligations or which we are legally obligated to collect. As a rule, we will not be able to enter into any contract or execute the order without these data or we may no longer be able to carry out an existing contract and would have to terminate it.

9.Is automated decision-making used out or is profiling carried out?

We do not employ fully automated decision making (in accordance with Art. 22 GDPR) as basis for entering into business relationships or for maintaining these. Your data will not be used to create any profile.