Data protection statement
(Last updated on March 2022)
We appreciate your interest in Fresenius SE & Co. KGaA (“Fresenius”). Protecting your privacy is important to us. We would like to inform you on how we collect personal data, what types of information we collect, and explain to you how that information is used.
We also inform you that our websites include links to external sites which are not covered by this Data Protection Statement. Also, some of our Fresenius subsidiaries’ local websites may include different data protection statements. Your visit to such websites is subject to the respective data protection statement.
The processing of personal data is subject to the EU General Data Protection Regulation (GDPR) and the Telecommunications Telemedia Data Protection Act (TTDSG). This data protection notice informs you about how your personal data and information is processed in your terminal equipment (e.g. laptop or smartphone) when using these websites and what data is involved.
The Controller responsible for the processing of your personal data in relation to the use of this website and its functionalities is:
Fresenius SE & Co. KGaA
61352 Bad Homburg
Phone: +49 6172 686 0
Fax: +49 6172 686 2628
You can also reach out directly to our Data Protection Officer via:
Fresenius SE & Co. KGaA
Data Protection Officer
61352 Bad Homburg
Processing of your personal data
We process your personal data for the following purposes and on the basis of the following legal bases:
Recording of technical characteristics when visiting the website
We collect information about your visit to our website, as we do with most other websites. When you visit our website, the web server temporarily records
- the domain name or IP address of your computer,
- the file request of the client (file name and URL),
- the http response code,
- the website from which you are visiting us,
- which Internet browser and which operating system you are using,
- the nature of their device,
- the date of her visit,
- as well as how long you've been here.
Your IP address is only recorded anonymously - shortened by the last block of numbers (octet). The logging of data is necessary for navigation through the pages and use of essential functions (§ 25 II No. 2 TTDSG, Art. 6 I b) GDPR). In addition, the data is used for the purpose of detecting and tracking abuse on the basis of the legitimate interests of data security and the functionality of the service (Art. 6 I f) GDPR, § 25 II No. 2 TTDSG). In particular, no overriding interest of the data subject is opposed to a use for the defense against attempted attacks on our web server to ensure proper use. The data will neither be used for the creation of individual profiles nor passed on to third parties and will be deleted after seven days at the latest.
When you actively provide information when contacting us
We will collect and process data you actively provided to us for instance when filling in online forms when contacting us by means of communication such as e-mail, telephone or mail. In case of online forms, the purpose for which you provide us with your personal data can be found on the form itself, generally the purpose will be to communicate with you.
If you contact us via e-mail, phone, fax or an online contact form provided on our website, we process personal data as far as provided by you: your name, company, profession, address data, e-mail address, phone number, fax number, content and type of your request and possible further information provided by you for the purpose of responding to your inquiry. We do this based on your prior given consent (Art. 6 sec. 1 lit. a) GDPR) or, in order to execute a contract you are party to (Art. 6 sec. 1 lit. b) GDRP), or based on our legitimate interest in communicating with you and answer your inquiry, which is not overridden by your interests, rights or freedoms since you contacted us yourself (Art. 6 sec. 1 lit. f) GDPR). We will not use the information as a basis for contacting you further for marketing purposes, unless you have given us your explicit consent to do so.
Your contact details will be stored after the inquiry has been completed, in order to be able to react to follow up inquiries, if these arise. Details provided on online forms are always collected using a secure connection to protect personal information from manipulation or unauthorized access. Please be aware that regular e-mail traffic is not secure.
When you view YouTube Videos on this site
Recipients of your personal data
In order to provide our website we make use of external service providers (“Processors”), such as hosting service providers, who thereby get access to your personal data. In this context data, which results from hosting the Website is processed by NetFederation Gmbh, Sürther Hauptstraße 180b, 50999 Cologne, Germany All Processors are carefully chosen by us and regularly checked. These processors may only process personal data for the purposes determined by us and may only process data in accordance with this Data Protection Statement and applicable data protection laws.
In order to be able to handle your inquiries, we will forward your inquiry, including your personal data as provided by you, to your local country contact. This may lead to your personal data being transferred to a third country outside of the European Union, which may not provide a similar level of data protection. With regard to those countries we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union. These safeguards are Standard Contractual Clauses that have been issued by the European Commission. Where no safeguards are provided we will ask you for your consent.
We will not disclose your personal data to any governmental authority, unless required by law. Our employees, agencies, and retailers are obliged to respect the confidentiality and protection of your personal data.
The Local Storage is data in your browser's cache that persists even after you close the browser window and can be read as long as it is not emptied.
If you do not want the local storage feature to be used, you can customize or deny it in your browser settings.
Local storage content can be found in your browser under the "Chronicle" or "Local Data" settings.
Third parties cannot access the data in the Local Storage.
What cookies do we use and why
Session and functional cookies
For a functioning and individualized browsing experience, we use so called "session cookies" which will help to identify you while using our website, in order to make the visit of our website more convenient. These "session cookies" will be deleted automatically and immediately after you close our website. These session cookies cannot be deselected because they are necessary for the proper use of the website.
We also use a functional "cookie notifier" cookie, which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from then on; if you decide to refuse our cookies, your decision will be stored for one month. During this time the cookies information banner will not be shown again.
These cookies are necessary for you to navigate the pages and use essential functions. They enable basic functions, such as access to secure areas or setting your privacy preferences. The legal basis for these cookies is § 25 II Nr. 2 TTDSG, Art 6 I b) GDPR.
Our website uses Matomo (formerly Piwik) an open source web analytics tool. Matomos "tracking cookies" are used to analyze and improve how our website works.
These cookies collect pseudonymous non-user-specific information only. These cookies track for instance the time of the visit of the website, how often visitors use a page of our website, which pages visitors go to most often, how long they stay on which site, the websites that directed the visitor to our website and if they get error messages from our pages. In addition to this, the country of origin, the browser and the operating software of the visitor are tracked. These cookies collect information in a way that cannot be used to identify a single user of our website. Whenever we use tracking cookies, your data will be immediately anonymized right after collection.
The information generated by Matomos cookies about your use of the website (including your IP address anonymized prior to its storage) will be stored on the server of our in-house service provider, NetFederation Gmbh, Sürther Hauptstraße 180b, 50999 Cologne, Germany. The anonymized IP-address that is transmitted will not be merged with other data collected by us. Those data will be stored for five years. If you decide to set a “do-not-track” preference in your web browser or on your mobile device, your visit will not be tracked.
These cookies help us to improve the performance of our website and enhance the user experience. The collection of anonymous and pseudonymous information allows us to compile statistics on the operation of the website (for example, the number of visits and traffic sources) and user behavior on it (for example, movement paths and interaction with the website). The legal basis for these cookies is Art. 6 I a) GDPR.
Below you are given the option to deny the collection and analysis of various statistical information of your page visit.
If the box below is checked, your usage statistics are collected and analyzed.
If the box below is not checked, no usage statistics of your visit will be collected anymore. It should be noted that a unique cookie is set to allow this functionality.
How to manage cookies:
If you refuse to use the cookie completely, we will ask you for your consent again after one month.
If you make specific decisions for or against certain types of cookies as part of the cookie settings, this will be stored for a period of 12 months and we will ask you again for your consent.
If you choose to delete cookies, you might have to confirm certain dialogs once again in order to use all functionalities of this website. Please note that your cookie settings are always related to the web browser you are using and the settings are of no effect if you use a different web browser upon your next use of this website.
Your rights as a data subject
Right to access
You have the right to obtain from Fresenius confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data.
Right to rectification
You have the right to request from Fresenius the rectification of inaccurate personal data concerning you.
Right to erasure
You have the right to request from Fresenius the erasure of personal data concerning you under the prerequisites put up in Art. 17 GDPR. These prerequisites inter alia provide a right to erasure, if data is not necessary for the purpose it was collected for, in case of an unlawful processing of personal data, if the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Fresenius is subject, or if you have withdrawn your consent and there is no other legal ground for the processing.
Right to restriction of processing
You have the right to request from Fresenius the restriction of processing if the prerequisites of Art. 18 GDPR apply. This right exists inter alia, if the accuracy is contested by you, for a period enabling Fresenius to verify the accuracy of personal data, if the processing is unlawful and you contest erasure and demand restriction of their use instead.
Right to data portability
You have the right to receive your personal data, which you have provided to Fresenius, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Fresenius under the prerequisites of Art. 20 GDPR.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e) or lit. f) of Art. 6 sec. 1 GDPR. In this case, Fresenius shall no longer process personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
To enforce any of the aforementioned rights, please contact us through one of the communication channels mentioned above.
Right to lodge a complaint
You have the right to lodge a complaint with a responsible supervisory authority.
Our communications department or Data Protection Officer would be ready to answer any questions regarding our Data Protection Statement. Please refer to the contact information given above.
The processing of personal data is subject to the EU General Data Protection Regulation (GDPR). This data protection notice informs you about how Fresenius SE & Co. KGaA, Fresenius Netcare GmbH, Hyginus Publisher GmbH, Fresenius Versicherungsvermittlungs GmbH, Fresenius Management SE, Fresenius Immobilien-Verwaltungs-GmbH, Fresenius Immobilien-Verwaltungs-GmbH & Co. Friedberg KG, Fresenius Immobilien-Verwaltungs-GmbH & Co. Schweinfurt KG, Fresenius Immobilien-Verwaltungs-GmbH & Co. St. Wendel KG, ("we" or "Fresenius") personal data of you as a business partner business partners, visitors and recipients of public relations work ("you") and what data is involved.
By “personal data” we mean any information related to you.
By “processing” we mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With this data protection notice, we explain to you in detail, among other things,
• who is responsible for processing your personal data, and who you can contact if you have questions or complaints (section 1)
• how we collect your data, what data we collect and for what purposes we process this personal data (sections 2.1 and 2.2)
• the legal basis on which we base this (section 2.3)
• to whom we may transfer your data (sections 3 and 4)
• how long we store your data (section 5)
• why we have a compelling need to know your personal data (section 6)
• how you can update, correct or even delete this data and exercise other rights in relation to your data (section 7) and
• give you further information for specific situations and contacts (section 8).
1. Controller and Contact
The Fresenius company with which you have concluded a contract or are in the process of negotiating a contract and/or whose premises you visit and/or who is in contact with you in the context of public relations work is the data controller under the GDPR, as this company uses your personal data in the context of the respective relationship with you. The address and name of this Fresenius company can be found in the documents available to you.
1.2 Data protection officer
According to the GDPR, we are obliged to provide you with a data protection officer. This person can be contacted at the address of the responsible person for the attention of the data protection department or by e-mail: email@example.com
2. Processing of personal data
2.1 How we collect your data and what data we process
We process personal data that you provide to us when you order our products and services, enter into a contract for the supply of goods and services with us, visit a premises or contact us in any way. In addition, personal data about you is collected when you log on to or use a system or application provided by us.
We also process personal data about you, your function in your company and as well as personal data of other executives and representatives, owners and shareholders of your company and the affiliated companies or your political mandate, which are published in predominantly publicly accessible commercial registers, websites, blogs and print media. This also includes other data sources that are publicly accessible or accessible to certain groups, in particular those made available by competent authorities and business associations.
We also process personal data relating to your company, you, other officers and agents, owners and shareholders of your company and affiliates, or your political mandate that is provided to us by service providers under contract, by other Fresenius companies or by competent authorities (including credit rating agencies, credit and risk information providers, financial services providers, governmental or international agencies or similar organizations, in particular tendering authorities or procurement authorities).
Such personal data may include your company name, your name, contact information, the names of your company's officers and agents and your company's affiliates, your company's bank accounts and payment information, the occupation and qualifications of your company's officers and agents, professional identifiers, organizational data, your company's affiliation data, certifications and quality statements, The information may include the bank account and payment information of your company, the occupation and qualifications of your company's officers and agents, professional identifiers, organizational data, affiliation data of your company, certifications and quality statements issued by your company's officers, agents or auditors, the names of your company's shareholders and your company's affiliates and the amount of ownership, information about public filings, trade registries and professional associations, as well as information about your company's disclosed transactions, including proposals and financing arrangements and past interactions with Fresenius and/or any of our affiliates.
Your personal data, such as names, email addresses, organisational details, may also be processed by us in connection with the use of Microsoft 365 Services. Microsoft 365 Services also creates internal analytics through aggregated reporting based on a use of your personal usage data. We also process your personal data in connection with the use of other company systems and devices. In particular, we process IT application data (e.g., system identifiers, single sign-on identifiers, system and device passwords), instant messaging, video conferencing and other messaging account data, network IDs and infrastructure information, geographic location information (such as GPS data, WI-FI access points, cell tower access points, IP addresses), workflow data (roles, activities), system and device logs, internet usage data (e.g. which web pages were visited and when), video recordings and content generated by you are processed. In addition, video and audio recordings made in connection with the use of MS Teams/ Skype and in the context of operational video surveillance also contain contextual information on ethnic origin, religion or health.
2.2. Purposes of Processing
We process this data for the purpose of initiating, maintaining and/or terminating as well as assessing a (possible) business relationship with you. This general purpose includes in particular:
• the manufacture, provision and supply of products and services;
• the procurement of products and services from you;
• a potential investment in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or an affiliate of Fresenius and/or an outside company;
• the exchange of information about existing contracts or possible contracts with you;
• the exchange/processing of business documents by means of the use of various Microsoft 365 Services. In principle, all Microsoft 365 services used have the overriding purpose of promoting communication and collaboration with external parties;
• create internal analytics for Fresenius' own use using Microsoft 365 services, such as MyAnalytics;
• the fulfilment of compliance requirements (e.g. conflict checks, business partner checks, sanctions list checks, money laundering identifications and controls, the verification of regulatory requirements for supply chains, customs and export requirements, traceability requirements for products);
• managing our relationship/communication with you or the company you work for (e.g. customer relationship management, supplier management, investor relations management);
• marketing (e.g. information about products and services or related information);
• assessing whether you are a suitable contact for specific business requirements, e.g. if we are looking for an expert in a particular area or for specific products;
• business partner assessment and qualification, e.g. whether you and your company meet certain quality and certification requirements;
• implementation and evaluation of the payment and accounting system, together with the collection of payments due to us, including the refinancing of receivables;
• assessing the financial solvency and credit risk of your company;
• organizing, securing and improving internal processes including communication, administration and IT (e.g. infrastructure and workplace management);
• organizing events for our company or if Fresenius provides the infrastructure for them (premises, IT infrastructure)
• crisis management for hazard prevention and response;
• in the area of communications management and information technology, the authorization of visitors for access to systems and applications and for access authorization/logging (authentication), e.g. when entering a building, a parking garage or a specific room, in particular by means of an access card or a key; location management, i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data for the maintenance of the IT infrastructure in order to ensure IT support and for troubleshooting; security management, i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data for the maintenance of the IT infrastructure in order to ensure IT support and for troubleshooting; security management, i.e. making room reservations, room management/planning i.e. making room reservations, room management/planning; the use of the IT infrastructure and log-in data to maintain the IT infrastructure in order to ensure IT support and to identify and rectify errors; the security analysis, as well as the prevention of cyberattacks and the improvement of information security, including IT security.
2.3 Legal bases for processing
We process your personal data on one of the following legal bases:
• if the processing of your personal data is necessary for the performance of the contract concluded between you and us (Art. 6 I b) GDPR).
• if the processing of your personal data is necessary for us to comply with national and/or international legal obligations (e.g. employment laws, tax laws, social security laws, occupational health and safety laws, financial market laws, drug control laws, medical device laws, environmental laws, criminal and administrative offences laws, and commercial and corporate obligations), regulatory requirements (e.g. tax authorities, employment agencies, social security institutions) and public interests to which we are subject, and to provide evidence thereof (Art. 6 I c) or e) GDPR).
• Since the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 I f) GDPR), unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. These legitimate interests are:
o fulfilling our contract with the company you work for, including enforcing any rights we have under that contract;
o gathering information/knowledge management related to internal processes, products and services;
o development, optimization and improvement of our products and services;
o optimization of the administration;
o conducting research;
o organizational management;
o risk management: hedging against e.g. financial/reputation risks;
o internal Audit: performing internal audit procedures within the Group;
o maintaining IT infrastructure, IT security, ensuring IT support, and identifying and resolving errors; and
o compliance with and evidence of compliance with internal policies, national and international industry standards and legal obligations outside the EEA;
o detection, investigation and prosecution of criminal offences and misdemeanours;
o video surveillance and hazard prevention (especially building and facility security measures).
• If you have been informed about the intended processing of your personal data and have given us your consent (Art. 6 I a) GDPR). You can revoke your consent at any time. You can withdraw your consent to the processing or for individual purposes of your choice. The withdrawal of consent does not affect the lawfulness of the processing based on your consent before the withdrawal. You can revoke your consent by sending an E-Mail to firstname.lastname@example.org.
3. Possible recipients or categories of recipients of your personal data
In order to fulfil the above purposes, we may need to share some or all of your personal data with other companies. Recipients are:
• other group companies, if such transfer of personal data is necessary for the respective purpose;
• service providers who process personal data on our behalf but must follow our instructions for processing; these service providers are not permitted to use your personal data for purposes other than ours;
• authorities, courts, parties to a dispute or their designees to whom we are required to disclose your personal information pursuant to applicable law, regulation, legal process or enforceable governmental order, such as tax and customs authorities, regulatory authorities and their designees, financial market regulators, public registries;
• auditors or external consultants such as lawyers, tax advisors, insurers or banks, and
• another company in the event of a change of ownership, merger, acquisition or disposal of assets.
4. International data transfers
In order to fulfill the aforementioned purpose, we may transfer your personal data to recipients outside Germany. Transfers within the European Economic Area (EEA) always take place in accordance with the uniform EEA data protection level.
Transfers to third countries are always carried out in compliance with the supplementary requirements of Art. 44 et seq. GDPR.
Your personal data may be transferred to certain third countries for which an adequacy decision of the EU Commission determines that an adequate level of protection exists in accordance with the uniform EU level of data protection. The complete list of these countries is available here. (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions)
In general, EU standard contractual clauses are concluded with the recipient for transfers to other third countries. These clauses have been issued by the EU Commission to safeguard such international data transfers and can be requested via email@example.com.
Ultimately, personal data may be transferred on the basis of derogations for specific situations under Art. 49 GDPR.
5. How long we store your personal data
As a rule, we store your personal data for one of the following periods:
• In accordance with applicable laws, for as long as we are subject to a retention obligation;
• Unless a mandatory record retention provision applies, we will retain your personal data for the duration of the contractual relationship with you or the company for which you work;
• In accordance with applicable law, as long as we have a legitimate interest outside of a contractual relationship;
• Preservation of evidence for the assertion, exercise or defence of legal claims within the framework of the statutory limitation provisions. According to §§ 195 ff. BGB, these limitation periods can be up to 30 years, with the regular limitation period being three years.
The exact period depends on the company you work for and your position in the company. In the case of longer retention periods (e.g. because we are obliged to store the data for the company audit), the aim is for the data to be blocked and archived until the end of the respective retention period and then deleted. Your data will be blocked for purposes other than archiving and kept until the end of the respective retention period.
6. Mandatory provision of personal data
You may need to provide us with your personal data to fulfil a contract with you or the company you work for. For example, we may need your contact details if you are our business contact with a supplier. If you do not provide your personal data, we may not be able to enter into the relevant contractual relationship.
7. Your rights
You have various rights under the GDPR. You have the right to access your personal data (Art. 15 GDPR, §§ 34 ff. BDSG), to correct incorrect personal data (Art. 16 GDPR), to delete your personal data under certain circumstances (Art. 17 GDPR, §§ 34 BDSG), to restrict the processing of the data under certain conditions (Art. 18 GDPR) and the right to receive personal data provided to us in a structured, commonly used, machine-readable format for the purpose of transferring it to another business partner or organisation (Art. 20 GDPR).
right to object on a case-by-case basis
According to Art. 21 I GDPR, data processing based on Art. 6 I e), f) GDPR, as well as profiling based on this provision, may be objected to for reasons arising from the particular situation of the data subject. The respective objection can be made form-free and is to be addressed to the controller.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). The data protection authority responsible for Fresenius is "Der Hessische Beauftragte für Datenschutz und Informationsfreiheit", Postfach 3163, 65021 Wiesbaden. The right of appeal is without prejudice to any other administrative or judicial remedy.
8. Further information for special situations and contact persons
We may process your personal data in various other contexts, for example when you visit our website. For the processing of your personal data in these situations, please refer to the specific information in each case.
If you have any questions about data protection at Fresenius, please contact firstname.lastname@example.org.