Fresenius Group Overview

Data Protection

  • Data Protection

We appreciate your interest in Fresenius SE & Co. KGaA. Protecting your privacy is important to us. We would like to inform you on how we collect personal data, what types of information we collect, and explain to you how that information is used. We are pleased to provide you with the following information. In addition to our website privacy policy, this also includes our B2B privacy policy and our privacy policy for the exercise of your rights according to the General Data Protection Regulation (e.g. information requests). You can view the complete texts by clicking on the respective plus symbols.

  • Data Protection Statement Website

    (Last updated on March 2019)

    We appreciate your interest in Fresenius SE & Co. KGaA (“Fresenius”). Protecting your privacy is important to us. We would like to inform you on how we collect personal data, what types of information we collect, and explain to you how that information is used.

    We also inform you that our websites include links to external sites which are not covered by this Data Protection Statement. Also, some of our Fresenius subsidiaries’ local websites may include different data protection statements. Your visit to such websites is subject to the respective data protection statement.
     

    1. Responsible Person

    The Controller responsible for the processing of your personal data in relation to the use of this website and its functionalities is:

     

    Fresenius SE & Co. KGaA
    Else-Kröner-Straße 1
    61352 Bad Homburg
    Phone: +49 6172 686 0
    Fax: +49 6172 686 2628
    E-Mail: pr-fre@fresenius.com

     

    You can also reach out directly to our Data Protection Officer via:

     

    Fresenius SE & Co. KGaA
    Data Protection Officer
    Else-Kröner-Straße 1
    61352 Bad Homburg
    Germany
    E-mail: dataprotectionofficer@fresenius.com

    2. Processing of your personal data

    We process your personal data for the following purposes and on the basis of the following legal bases:

    When visiting our website

    As with most websites, we collect data of your visit to our site. We do this in order to be able to present the website optimized to the device you are using and with all its functions or to store your preferences for your current or future browsing sessions. The following internet protocol data is routinely collected during visits to our websites: your IP address, the website that directed you to our site, the pages visited on our website, your web browser type, and the date and length of your visit. Your IP address will be processed in a fully anonymized manner by deleting the last three figures. That way we are no longer able to identify you as an individual person. We process this data based on statutory provisions which allow the processing (1) because it is required to fulfil the agreement on the use of or website (Art. 6 sec. 1 lit. b) GDPR) and (2) we have a legitimate interest in ensuring the functionality and fault-free operation of our website and in being able to offer a service tailored to the user which is not overridden by your interests, rights and freedoms (Art. 6 sec. 1 lit. f) GDPR). We will delete the IP address within no more than one month. For web analytics purposes, data will be stored on the Matomo (formerly Piwik) servers for three years and will be completely deleted afterwards.

    When you actively provide information when contacting us

    We will collect and process data you actively provided to us for instance when filling in online forms when contacting us by means of communication such as e-mail, telephone or mail. In case of online forms, the purpose for which you provide us with your personal data can be found on the form itself, generally the purpose will be to communicate with you.

    If you contact us via e-mail, phone, fax or an online contact form provided on our website, we process personal data as far as provided by you: your name, company, profession, address data, e-mail address, phone number, fax number, content and type of your request and possible further information provided by you for the purpose of responding to your inquiry. We do this based on your prior given consent (Art. 6 sec. 1 lit. a) GDPR) or, in order to execute a contract you are party to (Art. 6 sec. 1 lit. b) GDRP), or based on our legitimate interest in communicating with you and answer your inquiry, which is not overridden by your interests, rights or freedoms since you contacted us yourself (Art. 6 sec. 1 lit. f) GDPR). We will not use the information as a basis for contacting you further for marketing purposes, unless you have given us your explicit consent to do so.

    Your contact details will be stored after the inquiry has been completed, in order to be able to react to follow up inquiries, if these arise. Details provided on online forms are always collected using a secure connection to protect personal information from manipulation or unauthorized access. Please be aware that regular e-mail traffic is not secure.

    When you activate Activity Feeds

    We implemented activity feeds of social media providers on our website (in our case namely those of Facebook, Twitter, Instagram, YouTube, LinkedIn and Xing). These activity feeds are deactivated by default. If you choose to use these activity feeds, you will be asked for your consent regarding the respective transfer of your data. The transfer of data takes place in order to enable you to use and connect with the services of these social media providers. Your consent provides the legal basis for this transfer of your personal data by Fresenius (Art. 6 sec. 1 lit. a) GDPR). In addition, if you are currently logged in to a social network of one of the listed providers, your activity may be linked to your user account by the respective social media provider at the same time. If you activate the activity feeds of social media providers your web browser will connect to the servers of the respective providers and send your specific user data. The transmitted data may encompass: date and time of your visit on our website, URL of the website you are on, URL of the website you visited before, used browser, used operating system, and your IP-Address.

    Fresenius has no influence on the scope or the kind of data that will be submitted by activating the activity feeds. Besides, further data processing operations by the respective social media providers could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and processed, the purpose your data may be used for, as well as your respective rights and configuration options in order to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s privacy policy.

     

    Facebook
    Twitter
    YouTube
    Instagram
    LinkedIn
    Xing

     

    All processing of personal data in relation to the activity feed is carried out by and in responsibility of these providers. Fresenius is not responsible for such processing of personal data.

    As part of the activity feed, we incorporate videos from YouTube on our website from time to time. YouTube, as the majority of websites, uses cookies in order to collect user specific data on its website for, amongst other things, recording video statistics, prevent fraud, and improve the user-friendliness. By starting the respective video, further data processing operations could be triggered by YouTube simultaneously, on which we do not have any influence. For more information about privacy on YouTube, see Google‘s privacy policy.

    3. Recipients of your personal data

    We share your data solely with other entities within the Fresenius Group. The data will be stored and hosted by Fresenius Netcare GmbH, Else-Kröner-Straße 1, 61352 Bad Homburg, Germany.

    In order to provide our website we make use of external service providers (“Processors”), such as hosting service providers, who thereby get access to your personal data. All Processors are carefully chosen by us and regularly checked. These processors may only process personal data for the purposes determined by us and may only process data in accordance with this Data Protection Statement and applicable data protection laws.

    We store your data in cloud. This means that your personal data may be processed by cloud service providers like Microsoft and stored in different countries within the European Union. We require these providers to implement similar data protection measures as we take based upon contractual arrangements.

    In order to be able to handle your inquiries, we will forward your inquiry, including your personal data as provided by you, to your local country contact. This may lead to your personal data being transferred to a third country outside of the European Union, which may not provide a similar level of data protection. With regard to those countries we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union. These safeguards are: Standard Contractual Clauses that have been issued by the European Commission or commiseration in the US-Privacy Shield. Where no safeguards are provided we will ask you for your consent.

    We will not disclose your personal data to any governmental authority, unless required by law. Our employees, agencies, and retailers are obliged to respect the confidentiality and protection of your personal data.

    4. Cookies

    Our website uses cookies. Cookies are small text files that are stored locally on your computer by your web browser. Before cookies are used by us, you will be asked whether you agree to this. You can delete cookies at any time, even if they have already been used. Please follow the instructions of your browser provider for the settings.  

    What cookies do we use and why
    Session and functional cookies

    For a functioning and individualized browsing experience, we use so called "session cookies" which will help to identify you while using our website, in order to make the visit of our website more convenient. These "session cookies" will be deleted automatically and immediately after you close our website. These session cookies cannot be deselected because they are necessary for the proper use of the website.

    We also use a functional "cookie notifier" cookie, which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from then on; if you decide to refuse our cookies, your decision will be stored for one month. During this time the cookies information banner will not be shown again.

    We use these cookies based on our legitimate interest to provide an optimized and functional website, which is not overridden by your interests, rights and freedoms (Art. 6 sec. 1 lit. f) GDPR).

    Analytical cookies

    Moreover, we use "analytical cookies" to analyze and improve how our website works. These cookies collect pseudonymous non-user-specific information only. These cookies track for instance the time of the visit of the website, how often visitors use a page of our website, which pages visitors go to most often, how long they stay on which site, the websites that directed the visitor to our website and if they get error messages from our pages. In addition to this, the country of origin, the browser and the operating software of the visitor are tracked. These cookies collect information in a way that cannot be used to identify a single user of our website. Whenever we use tracking cookies, your data will be immediately anonymized right after collection.

    Our website uses Matomo (formerly Piwik) an open source web analytics tool. The cookie collects anonymized analytical data of the use of our website, through which we know the usage of the website and are able to optimize our website accordingly. The information generated by the cookie about your use of the website (including your IP address anonymized prior to its storage) will be stored on the server of our in-house service provider, Fresenius NetCare GmbH, Else-Kröner-Straße 1, 61352 Bad Homburg, Germany. The anonymized IP-address that is transmitted will not be merged with other data collected by us. Those data will be stored for five years. If you decide to set a “do-not-track” preference in your web browser or on your mobile device, your visit will not be tracked.

    We use tracking cookies based on our legitimate interest to provide an optimized and functional website, which is not overridden by your interests, rights and freedoms (Art. 6 sec. 1 lit. f) GDPR).

    How to manage cookies:

    Whether you allow the use of cookies is your choice, you may enable or disable the use of cookies by websites such as ours at any time by selecting the respective browser settings. Also, you can delete already set cookies at your own discretion at any time. However, please note that if you choose not to accept the use of cookies you may not be able to experience the full functionality of this website.

    If you give your full consent to the use of the above-mentioned cookies, this decision will be stored until you revoke your consent to the use of cookies. We will also ask you for your consent again after one year.

    If you refuse to use the cookie completely, we will ask you for your consent again after one month.

    If you make specific decisions for or against certain types of cookies as part of the cookie settings, this will be stored for a period of 12 months and we will ask you again for your consent.

    In order to refuse the use of cookies, you will need to manage the settings of your web browser or on your mobile device. More information on how to do this can be found here, depending on the web browser you are using:

     

    Chrome
    Firefox
    Internet Explorer
    Safari

     

    If you choose to delete cookies, you might have to confirm certain dialogs once again in order to use all functionalities of this website. Please note that your cookie settings are always related to the web browser you are using and the settings are of no effect if you use a different web browser upon your next use of this website.

    You can revoke your consent to the use of cookies at each and any time in the cookie settings

    5. Your rights as a data subject

    Right to access

    You have the right to obtain from Fresenius confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data.

    Right to rectification

    You have the right to request from Fresenius the rectification of inaccurate personal data concerning you.

    Right to erasure

    You have the right to request from Fresenius the erasure of personal data concerning you under the prerequisites put up in Art. 17 GDPR. These prerequisites inter alia provide a right to erasure, if data is not necessary for the purpose it was collected for, in case of an unlawful processing of personal data, if the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Fresenius is subject, or if you have withdrawn your consent and there is no other legal ground for the processing.

    Right to restriction of processing

    You have the right to request from Fresenius the restriction of processing if the prerequisites of Art. 18 GDPR apply. This right exists inter alia, if the accuracy is contested by you, for a period enabling Fresenius to verify the accuracy of personal data, if the processing is unlawful and you contest erasure and demand restriction of their use instead.

    Right to data portability

    You have the right to receive your personal data, which you have provided to Fresenius, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Fresenius under the prerequisites of Art. 20 GDPR.

    Right to object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e) or lit. f) of Art. 6 sec. 1 GDPR. In this case, Fresenius shall no longer process personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

    To enforce any of the aforementioned rights, please contact us through one of the communication channels mentioned above.

    Right to lodge a complaint

    You have the right to lodge a complaint with a responsible supervisory authority.

    Our communications department or Data Protection Officer would be ready to answer any questions regarding our Data Protection Statement. Please refer to the contact information given above.

     

    © 2000 - 2019 Fresenius SE & Co. KGaA

     

    Else-Kröner-Straße 1
    61352 Bad Homburg
    Germany
    Phone: +49 6172 686 0
    Fax: +49 6172 686 2628
    E-mail: pr-fre@fresenius.com

     

    Fresenius SE & Co. KGaA
    Data Protection Officer
    Else-Kröner-Straße 1
    61352 Bad Homburg
    Germany
    E-mail: dataprotectionofficer@fresenius.com

     

    FSE_Data Protection Statement Website.pdf

  • Privacy Notice Business Partner

    The processing of personal data is subject to the EU General Data Protection Regulation (“GDPR”). This data protection information informs you about how Fresenius SE & Co. KGaA ("we" or "Fresenius") processes personal data of yours ("you") as clients, vendors and prospects. 

     

    By “personal data” we mean any information related to you. 

     

    By “processing” we mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

     

    With this data protection information, we explain to you in detail: 

     

    • Who is responsible for processing your personal data, and who you can contact if you have questions or complaints (section 1)
    • How we collect your data, what data we collect and for what purposes we process this personal data (sections 2.1 and 2.2)
    • The legal basis on which we base this (Section 2.3)
    • To whom we may transfer your data (Sections 3 and 4)
    • How long we store your data (section 5) 
    • How you can update, correct or even delete this data and exercise other rights in relation to your data (section 6).

     

    1    Controller and Contact

    1.1    Controller

    The controller and responsible entity for processing of personal data is:

     

    Fresenius SE & Co. KGaA, 
    Else-Kroener-Straße 1, 
    61352 Bad Homburg vor der Höhe, 
    Germany
    E-mail: pr-fre@fresenius.com

    1.2    Data protection officer

    We have designated a data protection officer. You may contact our data protection officer for all requests and questions concerning your personal data via:

     

    Fresenius SE & Co. KGaA
    Data Protection Officer
    Else-Kröner-Straße 1
    61352 Bad Homburg
    Germany
    E-mail: dataprotectionofficer@fresenius.com

    2    Processing of Personal Data

    2.1    How we collect your data

    We process personal data you provide to us when you contact us in any way, order our products and services or enter into a contract for the supply of goods and services with us. 

    We also process personal data about you, your role in your company and the role of other officers and representatives, owners and shareholders of your company and your company’s affiliates that is published in publicly accessible trade registers, websites, blogs, print media and data that is published by competent authorities and trade associations. 

    We also process personal data related to your company, other officers and representatives, owners and shareholders of your company and your company’s affiliates that is provided to us by service providers under a contract or competent authorities (rating agencies, financial solvency and risk information, financial service institutions, government or supranational agencies, in particular tender authorities or procurement agencies).   

    Such personal data may include your company’s name, your name, contact information, the names of the officers and representatives of your company and the affiliates of your company, your company’s bank accounts, the profession and qualifications of your company’s officers and representatives, professional identifiers, organisational details, affiliation details of your company, certifications and quality statements issued by your company’s officers, representatives or auditors, names of shareholders of your company and of the affiliates of your company and percentage of shares held, details related to public filings, trade registers and professional boards, details related published transactions of your company including tenders and financial arrangement, previous interactions with Fresenius (and any of our subsidiaries).

    2.2    Purposes of Processing

    We process these data for the purposes of assessing a potential business relationship or maintaining our business relationship with you, this general purpose in particular includes: 

    • the manufacturing, provision and delivery of products and services;
    • the procurement of products and services from you;
    • a potential investment in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius affiliate 
    • the exchange of information related to existing contracts or possible contracts with you;
    • the fulfilment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products);
    • the management of our relationship with you or the company you are working for (e.g. customer relationship management, supplier management, investor relations management); 
    • marketing (e.g., informing you about products and services or related information);
    • the assessment whether you are a suitable contact for specific business needs, e.g., when we look for an expert in a certain field or specific products
    • vendor assessment and qualification, e.g. whether you and your organization meets certain quality and certification requirements
    • collection of payments due to us including the refinancing of debts
    • the assessment of your company’s financial solvency and credit risk.
    2.3    Legal Basis for Processing

    We process your personal data on one of the following legal bases:

    • If the processing of your personal data is necessary in order to carry out the contract concluded between you and us. (Art. 6 para 1 lit.b GDPR)
    • If the processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to. E.g., laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements might require us to process certain of your personal data. (Art. 6 para 1 lit.c GDPR)
    • Since processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protec-tion of personal data, in particular where the data subject is a child. (Art. 6 para 1 lit.f GDPR) These legitimate interests are:
      • Fulfilling our contract with the company you are working for, including the enforcement of any rights we may have under such contract;
      • Gather information on knowledge management related to internal processes, products and services
      • Development, optimization and improvement of our products and services
      • Optimization of internal communication
      • Optimization of administration
      • Carrying out research work
      • Organizational management
      • Risk Management: Safeguarding against e.g. financial / reputational risks
      • Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors; and
      • Complying with legal requirements outside the EEA
    • Since you have been informed about the intended processing of your personal data, and have given us your consent. (Art. 6 para 1 lit.a GDPR) You can always withdraw your consent. You can withdraw your consent to all processing, or for individual purposes of your choosing. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal. You can withdraw your consent by sending an email to datenschutz@fresenius.com.

    3    Possible recipients or categories of recipients of your personal data

    We may transmit your personal data in parts or as a whole to other entities. 
    Recipients are: 

    • Other group companies if such a transfer of personal data is required for the specific purpose;
    • Service providers who process personal data on our behalf but have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes;
    • IT-service providers who host the data or provide maintenance services;
    • Authorities, who we are obliged to provide your personal data to, e.g., tax and customs authorities, regulatory authorities and their delegated bodies, financial market authorities; public registers, and 
    • Auditors or similar external consultants like lawyers or tax advisers.

    4    International Data Transfers

    In order to fulfill the above-mentioned purposes, we may transfer your personal data to recipients outside Germany. 

    Your personal data may be transmitted internationally to countries in which the Fresenius Group operates, e.g. within an international project.  

    If your personal data is transferred to recipients within the European Economic Area, data protection complies with European requirements.

    We may transfer your personal data in parts or as a whole to recipients in third countries, which are not Member States of the European Union, or international organisations which process your personal data for the purposes listed above. 

    The European Commission has determined an adequate level of data protection (adequacy decision pursuant to Art. 45 (3) GDPR) to be in place that matches the level of data protection within the European Union for the following countries / international organisations in which Fresenius entities are established: Argentina, Canada, New Zealand, Switzerland or Uruguay.

    With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union. 

    These safeguards are:

    • Standard Contractual Clauses that have been issued by the European Commission.
    • Commiseration in the EU-US-Privacy Shield

    You can obtain a copy of these Standard Contractual Clauses here or by requesting a copy from us. 

    5    Retention Period

    We, generally, store your personal data for one of the following time periods:

    • In line with applicable laws, as long as we have a duty for data retention;
    • If there isn’t any mandatory record retention provision appliable, we keep your personal data for the term of the contractual relationship with you or the company you are working for;
    • In derogation thereof, we keep your personal data as long as we have a legitimate interest to process your personal data outside of such a contractual relationship. The exact period depends on the company you are working for and your position in the company.

    If longer retention periods apply beyond the time periods listed above (e.g., because we are obliged to store the data for tax audit purposes) we aim also includes that the data will be blocked and will be archived until the end of the respective retention period and then erased. Your data will be blocked for processing for any purposes other than archiving and will be kept until the end of the respective retention period.

    6    Your rights and your personal data 

    Depending on the situation, you have the following rights with respect to your personal data: 

    6.1    Right of access

    You have the right to request from us information on which personal data about you we process at any time. (Art. 15 GDPR)

    6.2    Right to rectification of incorrect data

    If data about you is inaccurate, you have the right to obtain from us recti-fication of such data without undue delay. (Art. 16 GDPR)

    6.3    Right to erasure 

    Under specific requirements you may have the right to request from us the erasure of your personal data. In particular you may ask us to erase personal data, if (i) it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the personal data has been unlawfully processed, (iii) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, (iv) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject or (v) you withdraw your consent on which the processing is based and there is no other legal ground for the processing. (Art. 17 GDPR) 

    6.4    Right to restriction of processing 

    You have the right to obtain from us restriction of processing, where one of the following applies: (i) The accuracy of the personal data is contested by you, processing will be restricted for a period enabling us to verify the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) we no longer need the personal data for the purposes of the processing, but are required by you to keep them for the establishment, exercise or defence of legal claims or (iv) you have objected to processing pursuant to Art. 21(1) GDPR and the verification whether our legitimate interests override yours is pending. (Art. 18 GDPR)


    6.5    Right to data portability

    You have the right to receive a copy the personal data about you, which you have provided to us, in a structured, commonly used and machine-readable format. (Art. 20 GDPR) 

    6.6    Right to object

    Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e) or f) of Art 6 para. 1 GDPR. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.  

    In all of the above cases, please use the contact form or send your request to the postal or email address stated above.

    6.7    Right to lodge a complaint

    You also have the right to lodge a complaint with a supervisory authority. The responsible supervisory authority for Fresenius is:

     

    Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
    Gustav-Stresemann-Ring 1
    65189 Wiesbaden

    7    Requirements to provide Personal Data

    You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the company you are working for. E.g., we might require your contact details if you are our business contact at a supplier. If you fail to provide your personal data, we might not be able to enter into the respective contractual relationship.

    8    Automated Decision Making

    An automated decision making (Art. 22 para. 1, 2 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. This is also necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

    9    Further information for specific situations and contact

    We might process your personal data in different contexts, e.g., when you visit our website or when you receive benefits as a healthcare professional. Please see the respective specific information on the processing of your personal data in these situations.

    If you have any questions on data protection at Fresenius, please contact us at dataprotection@fresenius.com.

     

    FSE_Privacy Notice Business Partner.pdf