Skip to main content

We appreciate your interest in Fresenius SE & Co. KGaA. Protecting your privacy is important to us. We would like to inform you on how we collect personal data, what types of information we collect, and explain to you how that information is used. We are pleased to provide you with the following information. In addition to our website privacy policy, this also includes our B2B privacy policy and our privacy policy for the exercise of your rights according to the General Data Protection Regulation (e.g. information requests). You can view the complete texts by clicking on the respective plus symbols  

(June 2022)

We appreciate your interest in Fresenius. Protecting your privacy is important to us and we want you to feel secure when visiting our websites. In the following, we would like to explain which data we collect via our website https://fresenius.com and what happens with this data. However, our website may contain links to websites that are not covered by this data protection notice.

The processing of personal data is subject to the EU General Data Protection Regulation (GDPR) and the Telecommunications Telemedia Data Protection Act (TTDSG). This data protection notice informs you about how your personal data and information is processed in your terminal equipment (e.g. laptop or smartphone) when using this website and what data is involved.

"Personal data" means all information about you as data subject.
"Processing" means any operation performed upon personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With this data protection notice, we explain to you in detail, in particular: 

  • who is responsible for the processing of your personal data and whom you can contact if you have questions or wish to make a complaint (Section 1)
  • how we collect your data, what data we collect, for what purposes we process these personal data, which legal bases we rely on in this regard and how long we store your personal data (Section 2)
  • what kind of cookies will be used (Section 3)
  • to whom we may transfer your personal data (Section 4)
  • how you can update, correct or even delete your personal data and exercise other rights in relation to your personal data (Section 5) and
  • in which other situations your personal data may be processed and how you can contact us (Section 6).
     
1. Controller and contact details

The controller responsible for the processing of your personal data is: 
Fresenius SE & Co. KGaA, Else-Kröner-Strasse 1, 61352 Bad Homburg, Germany
E-mail: pr-fre@fresenius.com


According to the GDPR, we are obliged to provide you with the contact details of the data protection officer. You can contact the data protection officer by sending a letter to the postal address of the controller for the attention of the Data Protection Department or by e-mail via dataprotection@fresenius.com. 

 

2. Processing of personal data

We process your personal data for the following purposes and on the basis of the following legal grounds:

 

2.1 Recording of technical characteristics when visiting the website

We collect information about your visit to our website, as we do with most other websites. When you visit our website, the web server temporarily records

  • the domain name or IP address of your computer,
  • the file request of the client (file name and URL),
  • the http response code,
  • the website from which you are visiting us,
  • which Internet browser and which operating system you are using,
  • the nature of their device,
  • the date of her visit,
  • as well as how long you've been here.

Your IP address is only recorded anonymously - shortened by the last block of numbers (octet). The logging of data is necessary for navigation through the pages and use of essential functions (§ 25 II No. 2 TTDSG, Art. 6 I b) GDPR). In addition, the data is used for the purpose of detecting and tracking abuse on the basis of the legitimate interests of data security and the functionality of the service (Art. 6 I f) GDPR, § 25 II No. 2 TTDSG). In particular, no overriding interest of the data subject is opposed to a use for the defense against attempted attacks on our web server to ensure proper use. The data will neither be used for the creation of individual profiles nor passed on to third parties and will be deleted after seven days at the latest.

 

2.2 When you actively provide information when contacting us 

We will collect and process data you actively provided to us for instance when filling in online forms when contacting us by means of communication such as e-mail, telephone or mail. In case of online forms, the purpose for which you provide us with your personal data can be found on the form itself, generally the purpose will be to communicate with you.        

If you contact us via e-mail, phone, fax or an online contact form provided on our website, we process personal data as far as provided by you: your name, company, profession, address data, e-mail address, phone number, fax number, content and type of your request and possible further information provided by you for the purpose of responding to your inquiry. We do this based on your prior given consent (Art. 6 sec. 1 lit. a) GDPR) or, in order to execute a contract you are party to (Art. 6 sec. 1 lit. b) GDRP), or based on our legitimate interest in communicating with you and answer your inquiry, which is not overridden by your interests, rights or freedoms since you contacted us yourself (Art. 6 sec. 1 lit. f) GDPR). We will not use the information as a basis for contacting you further for marketing purposes, unless you have given us your explicit consent to do so. Your contact data will be stored for up to six months after completion of the request or survey, unless there is a legal obligation to store the data longer.. Details provided on online forms are always collected using a secure connection to protect personal information from manipulation or unauthorized access. Please be aware that regular e-mail traffic is not secure.

 

2.3 When you activate Activity Feeds

We implemented activity feeds of social media providers on our website (in our case namely those of Facebook, Twitter, Instagram, YouTube, LinkedIn and Xing). These activity feeds are deactivated by default. Via the cookie settings you can give your consent to data processing, for example, by means of cookies, the use of local storage, and other transmission of your data. For this purpose, please activate the category "Services from other companies (autonomous third-party providers)". The processing of data takes place in order to enable you to use and connect with the services of these social media providers. Your consent provides the legal basis for this transfer of your personal data by Fresenius (Art. 6 sec. 1 lit. a) GDPR). In addition, if you are currently logged in to a social network of one of the listed providers, your activity may be linked to your user account by the respective social media provider at the same time. If you activate the activity feeds of social media providers your web browser will connect to the servers of the respective providers and send your specific user data. The transmitted data may in particular include: date and time of your visit on our website, URL of the website you are on, URL of the website you visited before, used browser, used operating system, and your IP-Address.

When using Local Storage, data is stored locally in the cache of your computer. This data also exists after closing the browser window or closing the program and can therefore be read out. In contrast to cookies, which are partly deleted after a usage session or after a given period of time, the data in the local storage are only deleted by actively emptying the cache.

Fresenius has no influence on the scope or the kind of data that will be submitted by activating the activity feeds. Besides, further data processing operations by the respective social media providers could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and processed, the purpose your data may be used for, as well as your respective rights and configuration options in order to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s privacy policy:
 

Facebook
Twitter
YouTube
Google about Youtube
Instagram
LinkedIn
Xing

All processing of personal data in relation to the activity feed is carried out by and in responsibility of these providers. Fresenius is not responsible for such processing of personal data.

 

3. Usage of cookies

When you visit a website, it may retrieve or store information about your browser. This usually takes the form of cookies and similar technologies. These are small text files that are stored locally on your computer by your web browser. This can be information about you, your settings or your device. In most cases, the information is used to ensure that the website functions as expected. This information does not normally identify you directly. However, it can provide you with a more personalized web experience. Because we respect your right to privacy, you can choose not to allow certain types of cookies. We would like to give you the choice of which cookies you allow via the cookie settings. You can access these settings again at any time to manage your preferences. However, blocking certain types of cookies may result in a compromised experience with the website and services we provide. You can delete cookies at any time, even if they have already been used. Via the query that appears when you visit our website and the cookie settings, you have the option of fully agreeing to or rejecting cookies, as well as setting specific preferences. Detailed information and explanations on the different types of cookies can also be found in the cookie settings. We store your consent for one year and your rejection for one month. Cookies that are necessary to provide the web service (see explanation below) cannot be rejected.

Please note that your cookie settings always refer to the Internet browser used. If you use a different Internet browser, you must make this setting again. How you can adjust the use of cookies browser-based, see the descriptions of your respective Internet browser:

Chrome
Firefox
Internet Explorer
Safari

 

Required cookies
These cookies are necessary for you to navigate the pages and use essential functions. They enable basic functions, such as access to secure areas or setting your privacy preferences. The legal basis for these cookies is § 25 II Nr. 2 TTDSG, Art 6 I b) GDPR. If you block these cookies via your browser settings, some or all of these functions may not work properly.
 

Host

Name

Type

Duration

fresenius.com

OptanonAlertBoxClosed

Third party

1 year

fresenius.com

OptanonConsent

Third party

1 year

 

Functional Cookies
These cookies are used to provide them with additional functionality, such as chat or form filling. The provision of personal functionalities enables an improved user experience. The legal basis for these cookies is Art 6 I a) GDPR. If you block these cookies via your browser settings, some or all of these optional functions may not work properly.
 

Host

Name

Type

Duration

fresenius.com

SSESSXXXXXXXXXXXXX

First supplier

1 month

 

Services from other companies (autonomous third-party providers)
On our pages, third-party services are integrated which provide their services on their own responsibility. When visiting our pages, data is collected by means of cookies or similar technologies and transmitted to third parties, partly for Fresenius' own purposes. To what extent, for what purposes and on what legal basis data is processed for the third party's own purposes, please refer to the third party's privacy policy. You can find information on the third party providers who are responsible for their own data in the data protection information.

 

Host

Name

Type

Duration

youtube.com

YSC

Third party

Session

youtube.com

CONSENT

Third party

2 years

youtube.com

__Secure-YEC

Third party

6 months

youtube.com

PREF

Third party

8 months

youtube.com

VISITOR_INFO1_LIVE

Third party

6 months

twitter.com

personalization_id

Third party

2 years

twitter.com

guest_id

Third party

2 years

twitter.com

ct0

Third party

2 years

twitter.com

gt

Third party

2,5 hours

 

 

4.1 Possible recipients of personal data

In order to fulfill the aforementioned purposes, we may share your personal data in whole or in part with other group companies and/or service providers.
In addition, the following categories of recipients may receive your personal data:

  • authorities, courts, parties to a legal dispute or their designees to whom we are required to provide your personal data by applicable law, regulation, legal process or enforceable governmental order, e.g., tax and customs authorities, regulatory authorities and their designees, financial market regulators, public registries;
  • auditors or external consultants such as lawyers, tax advisors, insurers or banks, and
  • another company in the event of a change of ownership, merger, acquisition or disposal of assets. 

 

4.2 International data transfer

In order to fulfill the aforementioned purposes, we may transfer your personal data to recipients outside Germany. Transfers within the European Economic Area (EEA) always take place in accordance with the uniform EEA data protection level.

Transfers to third countries are always carried out in compliance with the supplementary requirements of Art. 44 et seq. GDPR.

Your personal data may be transferred to certain third countries for which an adequacy decision of the EU Commission determines that an adequate level of protection exists in accordance with the uniform EEA data protection level. The full list of these countries is available here. 

In general, EU standard contractual clauses (“SCC”) are concluded with the recipient for transfers to other third countries. The SCC have been issued by the EU Commission to safeguard such international data transfers and a copy can be requested via dataprotection@fresenius.com.

Ultimately, personal data may be transferred on the basis of an exceptional circumstance under Art. 49 GDPR.

 

5. Your rights 

According to the GDPR you are entitled to various rights. You have the right to access your personal data (Art. 15 GDPR, Section 34 et seq. BDSG), to correct incorrect personal data (Art. 16 GDPR), to delete your personal data under certain circumstances (Art. 17 GDPR, §§ 34 ff. BDSG) and to restrict the processing of your personal data under certain circumstances (Art. 18 GDPR).

 

Right to object on a case-by-case basis
In case the processing is based on Art. 6 I e) or f) GDPR including profiling based on those provisions, you have the right to object to the processing of your personal data on grounds relating to your particular situation (Art. 21 I GDPR).

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR (Art. 77 GDPR in conjunction with Section 19 BDSG). The responsible data protection authority for Fresenius is "Der Hessische Beauftragte für Datenschutz und Informationsfreiheit", Postfach 3163, 65021 Wiesbaden. The right of appeal is without prejudice to any other administrative or judicial remedy.

 

6. Further information on data processing in other contexts and our contact details

We may process your personal data in various other contexts, for example, when you visit our website https://karriere.fresenius.de. For the processing of your personal data in these situations, please refer to the specific information in each case. If you have any questions about data protection at Fresenius, please contact dataprotection@fresenius.com.
 

The processing of personal data is subject to the EU General Data Protection Regulation (GDPR). This data protection notice informs you about how Fresenius SE & Co. KGaA, Fresenius Netcare GmbH, Hyginus Publisher GmbH, Fresenius Versicherungsvermittlungs GmbH, Fresenius Management SE, Fresenius Immobilien-Verwaltungs-GmbH, Fresenius Immobilien-Verwaltungs-GmbH & Co. Friedberg KG, Fresenius Immobilien-Verwaltungs-GmbH & Co. Schweinfurt KG, Fresenius Immobilien-Verwaltungs-GmbH & Co. St. Wendel KG, ("we" or "Fresenius") personal data of you as a business partner business partners, visitors and recipients of public relations work ("you") and what data is involved.

By “personal data” we mean any information related to you.

By “processing” we mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

With this data protection notice, we explain to you in detail, among other things,

•    who is responsible for processing your personal data, and who you can contact if you have questions or complaints (section 1)
•    how we collect your data, what data we collect and for what purposes we process this personal data (sections 2.1 and 2.2)
•    the legal basis on which we base this (section 2.3)
•    to whom we may transfer your data (sections 3 and 4)
•    how long we store your data (section 5) 
•    why we have a compelling need to know your personal data (section 6)
•    how you can update, correct or even delete this data and exercise other rights in relation to your data (section 7) and
•    give you further information for specific situations and contacts (section 8).

1.    Controller and Contact
1.1 Responsible

The Fresenius company with which you have concluded a contract or are in the process of negotiating a contract and/or whose premises you visit and/or who is in contact with you in the context of public relations work is the data controller under the GDPR, as this company uses your personal data in the context of the respective relationship with you. The address and name of this Fresenius company can be found in the documents available to you.

1.2 Data protection officer

According to the GDPR, we are obliged to provide you with a data protection officer. This person can be contacted at the address of the responsible person for the attention of the data protection department or by e-mail: dataprotectionofficer@fresenius.com

2.    Processing of personal data
2.1 How we collect your data and what data we process    

We process personal data that you provide to us when you order our products and services, enter into a contract for the supply of goods and services with us, visit a premises or contact us in any way. In addition, personal data about you is collected when you log on to or use a system or application provided by us.

We also process personal data about you, your function in your company and as well as personal data of other executives and representatives, owners and shareholders of your company and the affiliated companies or your political mandate, which are published in predominantly publicly accessible commercial registers, websites, blogs and print media. This also includes other data sources that are publicly accessible or accessible to certain groups, in particular those made available by competent authorities and business associations.

We also process personal data relating to your company, you, other officers and agents, owners and shareholders of your company and affiliates, or your political mandate that is provided to us by service providers under contract, by other Fresenius companies or by competent authorities (including credit rating agencies, credit and risk information providers, financial services providers, governmental or international agencies or similar organizations, in particular tendering authorities or procurement authorities).

Such personal data may include your company name, your name, contact information, the names of your company's officers and agents and your company's affiliates, your company's bank accounts and payment information, the occupation and qualifications of your company's officers and agents, professional identifiers, organizational data, your company's affiliation data, certifications and quality statements, The information may include the bank account and payment information of your company, the occupation and qualifications of your company's officers and agents, professional identifiers, organizational data, affiliation data of your company, certifications and quality statements issued by your company's officers, agents or auditors, the names of your company's shareholders and your company's affiliates and the amount of ownership, information about public filings, trade registries and professional associations, as well as information about your company's disclosed transactions, including proposals and financing arrangements and past interactions with Fresenius and/or any of our affiliates.

Your personal data, such as names, email addresses, organisational details, may also be processed by us in connection with the use of Microsoft 365 Services. Microsoft 365 Services also creates internal analytics through aggregated reporting based on a use of your personal usage data. We also process your personal data in connection with the use of other company systems and devices. In particular, we process IT application data (e.g., system identifiers, single sign-on identifiers, system and device passwords), instant messaging, video conferencing and other messaging account data, network IDs and infrastructure information, geographic location information (such as GPS data, WI-FI access points, cell tower access points, IP addresses), workflow data (roles, activities), system and device logs, internet usage data (e.g. which web pages were visited and when), video recordings and content generated by you are processed. In addition, video and audio recordings made in connection with the use of MS Teams/ Skype and in the context of operational video surveillance also contain contextual information on ethnic origin, religion or health.

2.2. Purposes of Processing 

We process this data for the purpose of initiating, maintaining and/or terminating as well as assessing a (possible) business relationship with you. This general purpose includes in particular:

•    the manufacture, provision and supply of products and services;
•    the procurement of products and services from you;
•    a potential investment in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or an affiliate of Fresenius and/or an outside company;
•    the exchange of information about existing contracts or possible contracts with you;
•    the exchange/processing of business documents by means of the use of various Microsoft 365 Services. In principle, all Microsoft 365 services used have the overriding purpose of promoting communication and collaboration with external parties;
•    create internal analytics for Fresenius' own use using Microsoft 365 services, such as MyAnalytics;
•    the fulfilment of compliance requirements (e.g. conflict checks, business partner checks, sanctions list checks, money laundering identifications and controls, the verification of regulatory requirements for supply chains, customs and export requirements, traceability requirements for products);
•    managing our relationship/communication with you or the company you work for (e.g. customer relationship management, supplier management, investor relations management);
•    marketing (e.g. information about products and services or related information);
•    assessing whether you are a suitable contact for specific business requirements, e.g. if we are looking for an expert in a particular area or for specific products;
•    business partner assessment and qualification, e.g. whether you and your company meet certain quality and certification requirements;
•    implementation and evaluation of the payment and accounting system, together with the collection of payments due to us, including the refinancing of receivables;
•    assessing the financial solvency and credit risk of your company;
•    organizing, securing and improving internal processes including communication, administration and IT (e.g. infrastructure and workplace management);
•    organizing events for our company or if Fresenius provides the infrastructure for them (premises, IT infrastructure)
•    crisis management for hazard prevention and response;
•    in the area of communications management and information technology, the authorization of visitors for access to systems and applications and for access authorization/logging (authentication), e.g. when entering a building, a parking garage or a specific room, in particular by means of an access card or a key; location management, i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data for the maintenance of the IT infrastructure in order to ensure IT support and for troubleshooting; security management, i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data for the maintenance of the IT infrastructure in order to ensure IT support and for troubleshooting; security management, i.e. making room reservations, room management/planning i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data to maintain the IT infrastructure in order to ensure IT support and to identify and rectify errors; the security analysis, as well as the prevention of cyberattacks and the improvement of information security, including IT security.

2.3 Legal bases for processing

We process your personal data on one of the following legal bases:

•    if the processing of your personal data is necessary for the performance of the contract concluded between you and us (Art. 6 I b) GDPR).
•    if the processing of your personal data is necessary for us to comply with national and/or international legal obligations (e.g. employment laws, tax laws, social security laws, occupational health and safety laws, financial market laws, drug control laws, medical device laws, environmental laws, criminal and administrative offences laws, and commercial and corporate obligations), regulatory requirements (e.g. tax authorities, employment agencies, social security institutions) and public interests to which we are subject, and to provide evidence thereof (Art. 6 I c) or e) GDPR).
•    Since the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 I f) GDPR), unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. These legitimate interests are:

o    fulfilling our contract with the company you work for, including enforcing any rights we have under that contract;
o    gathering information/knowledge management related to internal processes, products and services;
o    development, optimization and improvement of our products and services;
o    optimization of the administration;
o    conducting research;
o    organizational management;
o    risk management: hedging against e.g. financial/reputation risks;
o    internal Audit: performing internal audit procedures within the Group;
o    maintaining IT infrastructure, IT security, ensuring IT support, and identifying and resolving errors; and
o    compliance with and evidence of compliance with internal policies, national and international industry standards and legal obligations outside the EEA;
o    detection, investigation and prosecution of criminal offences and misdemeanours;
o    video surveillance and hazard prevention (especially building and facility security measures).

•    If you have been informed about the intended processing of your personal data and have given us your consent (Art. 6 I a) GDPR). You can revoke your consent at any time. You can withdraw your consent to the processing or for individual purposes of your choice. The withdrawal of consent does not affect the lawfulness of the processing based on your consent before the withdrawal. You can revoke your consent by sending an E-Mail to dataprotection@fresenius.com. 

3. Possible recipients or categories of recipients of your personal data 

In order to fulfil the above purposes, we may need to share some or all of your personal data with other companies. Recipients are:

•    other group companies, if such transfer of personal data is necessary for the respective purpose;
•    service providers who process personal data on our behalf but must follow our instructions for processing; these service providers are not permitted to use your personal data for purposes other than ours;
•    authorities, courts, parties to a dispute or their designees to whom we are required to disclose your personal information pursuant to applicable law, regulation, legal process or enforceable governmental order, such as tax and customs authorities, regulatory authorities and their designees, financial market regulators, public registries;
•    auditors or external consultants such as lawyers, tax advisors, insurers or banks, and
•    another company in the event of a change of ownership, merger, acquisition or disposal of assets. 

4. International Data Transfers

In order to fulfill the above-mentioned purposes, we may transfer your personal data to recipients outside Germany. For example, your personal data may be shared with other Fresenius Group companies in international projects in order to contact colleagues.

Your personal data may therefore be transferred internationally to countries in which the Fresenius Group operates. If your personal data is transferred to recipients within the European Economic Area, the data protection complies with European requirements.

If your data is transferred to recipients located outside the European Economic Area, we will ensure appropriate data protection. This data protection then also complies with the European data protection requirements. The transfer of personal data to recipients located outside the European Economic Area is carried out in compliance with the supplementary requirements of Art. 44 et seq. GDPR.

As a rule, corresponding contracts are concluded with these recipients, which include the EU standard contractual clauses (SCC) issued by the EU Commission to safeguard such international data transfers. The EU SCC used can be viewed here:

•    Clause Set I - Data transfers between controllers: https://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:181:0019:0031:DE:PDF;
•    Clause Set II - Data transfers between controllers: https://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:385:0074:0084:DE:PDF;
•    Clause Set III - Data transfers between controllers and processors: https://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF.

Your personal data may also be transferred to recipients in countries for which the European Union has already decided that the European data protection requirements are complied with. As of today, these are, for example, Argentina, Canada, New Zealand, Switzerland and Uruguay. A complete list of countries with adequacy decisions can be found on the following page of the Hessian data protection authority: https://datenschutz.hessen.de/datenschutz/internationales/angemessenheitsbeschlüsse.

Finally, personal data may be transferred on the basis of an exception under Art. 49 GDPR.

5. How long we store your personal data

As a rule, we store your personal data for one of the following periods:

•    In accordance with applicable laws, for as long as we are subject to a retention obligation;
•    Unless a mandatory record retention provision applies, we will retain your personal data for the duration of the contractual relationship with you or the company for which you work;
•    In accordance with applicable law, as long as we have a legitimate interest outside of a contractual relationship;
•    Preservation of evidence for the assertion, exercise or defence of legal claims within the framework of the statutory limitation provisions. According to §§ 195 ff. BGB, these limitation periods can be up to 30 years, with the regular limitation period being three years.
The exact period depends on the company you work for and your position in the company. In the case of longer retention periods (e.g. because we are obliged to store the data for the company audit), the aim is for the data to be blocked and archived until the end of the respective retention period and then deleted. Your data will be blocked for purposes other than archiving and kept until the end of the respective retention period.

6. Mandatory provision of personal data

You may need to provide us with your personal data to fulfil a contract with you or the company you work for. For example, we may need your contact details if you are our business contact with a supplier. If you do not provide your personal data, we may not be able to enter into the relevant contractual relationship.

7. Your rights 

You have various rights under the GDPR. You have the right to access your personal data (Art. 15 GDPR, §§ 34 ff. BDSG), to correct incorrect personal data (Art. 16 GDPR), to delete your personal data under certain circumstances (Art. 17 GDPR, §§ 34 BDSG), to restrict the processing of the data under certain conditions (Art. 18 GDPR) and the right to receive personal data provided to us in a structured, commonly used, machine-readable format for the purpose of transferring it to another business partner or organisation (Art. 20 GDPR).


right to object on a case-by-case basis
According to Art. 21 I GDPR, data processing based on Art. 6 I e), f) GDPR, as well as profiling based on this provision, may be objected to for reasons arising from the particular situation of the data subject. The respective objection can be made form-free and is to be addressed to the controller.


You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). The data protection authority responsible for Fresenius is "Der Hessische Beauftragte für Datenschutz und Informationsfreiheit", Postfach 3163, 65021 Wiesbaden. The right of appeal is without prejudice to any other administrative or judicial remedy. 

8. Further information for special situations and contact persons

We may process your personal data in various other contexts, for example when you visit our website. For the processing of your personal data in these situations, please refer to the specific information in each case.

If you have any questions about data protection at Fresenius, please contact dataprotection@fresenius.com. 

 

f you contact us with a request regarding your rights as a data subject under the General Data Protection Regulation ("GDPR") of the European Union, Fresenius SE & Co. KGaA (“we” or “Fresenius”) will process certain personal data. 

By “personal data” we mean any information related to you. 

By “processing” we mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We take the protection of your personal data very seriously. All processing of personal data by us is governed by the GDPR. This Data Protection Information informs you about how we process your personal data.

1    Controller and contact

1.1    Controller: 

The controller and responsible entity for processing of personal data is:

Fresenius SE & Co. KGaA, 
Else-Kroener-Straße 1, 
61352 Bad Homburg vor der Höhe, 
Germany
E-mail: pr-fre@fresenius.com

1.2    Data protection officer

We have designated a data protection officer. You can contact the data protection officer for all requests and questions concerning your personal data via:

Fresenius SE & Co. KGaA
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius.com

2    Processing of personal data

2.1    How we collect your data

We process personal data you provide to us when you fill in the mandatory fields in the contact formula for data subject requests or you send to us directly via email. Furthermore we process personal data you provide to us when you fill in optional fields which are optional details. We may also process personal data you provide to us in cases of requests, e.g. we need to verify your identity.

2.2    Purposes of Processing

We process the personal data you provided to us (the exact data depends on what information you include in your request, typically, it will be your name, contact information, information on in what kind of a relationship you are with Fresenius and the request itself) for the purpose of handling and responding to your request.

2.3    Legal Basis for Processing

We process your personal data on one of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to. (Art. 6 para. 1 lit. c GDPR) We are legally obliged to respond to your request and to process your personal data accordingly.

3    Possible recipients or categories of recipients of your personal data

We may transmit your personal data in parts or as a whole to other entities. This largely depends on the scope of your request, in particular, which entities you interacted with. E.g., if you are a customer of a particular Fresenius entity, we will forward the request to such entity, in order to collect the necessary information to respond to it. 

Recipients are: 

  • Other group companies if such a transfer of personal data is required for the specific purpose; 
  • Service providers who process personal data on our behalf but have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes;
  • Authorities, who we are obliged to provide your personal data to, e.g., data protection authorities; and 
  • Auditors or similar external consultants like lawyers or tax advisers.

4    International data transfers

In order to fulfill the above-mentioned purpose, we may transfer your personal data to recipients outside Germany. 

Your personal data may be transmitted internationally to countries in which the Fresenius Group operates, depending on the scope of your request. If your personal data is transferred to recipients within the European Economic Area, data protection complies with European requirements. We may transfer your personal data in parts or as a whole to recipients in third countries, which are not Member States of the European Union, or international organisations which process your personal data for the purpose listed above. 

The European Commission has determined an adequate level of data protection (adequacy decision pursuant to Art. 45 (3) GDPR) to be in place that matches the level of data protection within the European Union for the following countries / international organisations in which Fresenius entities are established: Argentina, Canada, New Zealand, Switzerland or Uruguay.

With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union. 

These safeguards are:

  • Standard Contractual Clauses that have been issued by the European Commission.
  • Commiseration in the EU-US-Privacy Shield (you can find more information on the framework here)

You can obtain a copy of these Standard Contractual Clauses by requesting a copy from us.

5    Retention period

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e. we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after 4 years), your data will be erased entirely.

If longer retention periods apply beyond the time periods listed above (e.g., because we are obliged to store the data for tax audit purposes) we aim also includes that the data will be blocked and will be archived until the end of the respective retention period and then erased. Your data will be blocked for processing for any purposes other than archiving and will be kept until the end of the respective retention period. 

6    Your rights and your personal data 

You have the following rights with respect to your personal data: 

6.1    Right of access

You have the right to request from us information on which personal data about you we process at any time. (Art. 15 GDPR)

6.2    Right to rectification of incorrect data

If data about you is inaccurate, you have the right to obtain from us rectification of such data without undue delay. (Art. 16 GDPR)

6.3    Right to erasure 

Under specific requirements you have the right to request from us the erasure of your personal data. In particular you may ask us to erase personal data, if (i) it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the personal data has been unlawfully processed, (iii) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, (iv) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject or (v) you withdraw your consent on which the processing is based and there is no other legal ground for the processing. (Art. 17 GDPR)

6.4    Right to restriction of processing 

You have the right to obtain from us restriction of processing, where one of the following applies: (i) The accuracy of the personal data is contested by you, processing will be restricted for a period enabling us to verify the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) we no longer need the personal data for the purposes of the processing, but are required by you to keep them for the establishment, exercise or defence of legal claims or (iv) you have objected to processing pursuant to Art. 21(1) GDPR and the verification whether our legitimate interests override yours is pending. (Art. 18 GDPR)

6.5    Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. (Art. 20 GDPR)

In all of the above cases, please use the contact form or send your request to the postal or email address stated above.

6.6    Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority. The responsible supervisory authority for Fresenius is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden

7    Requirements to provide personal data

If you fail to provide your personal data, we might not be able to respond to or properly process your request.

8    Further information for specific situations and contact

This data protection information informs you exclusively about the processing of personal data when making a data subject request. Please be aware that we also might process your personal data in different contexts, e.g., when you visit our website or when you receive benefits as a healthcare professional. Please see the respective specific information on the processing of your personal data in these situations. 

If you have any questions on data protection at Fresenius, please contact us at dataprotection@fresenius.com.

FSE_Data Protection Information for Data Subjects Making a Data Subject Request.pdf