Data protection in accordance with the EU General Data Protection Regulation (GDPR)

The data protection guidelines apply to the joint Internet presence of SMS medipool AG, SMS medipool GmbH and SMS service GmbH.

Privacy policy
The data protection declaration applies to the joint Internet presence of SMS medipool AG, SMS medipool GmbH and the SMS service GmbH. All three enterprises offer together the Internet appearance

We ensure that the security of the user data collected during the visit of our website is observed in accordance with the legal provisions.

The responsible data protection officer of our companies is:

Herr Rechtsanwalt Carmine Lonegro

If you have any questions regarding the processing of your personal data, please contact our data protection officer

Rechtsanwälte Hoffmann, Lonegro, Thegemey
Rechtsanwalt Carmine Lonegro
Luisenstraße 21
D-65185 Wiesbaden
Tel.: +49 611 20490-29
Fax: +49 611 20490-30

Collection and processing of personal data
Personal data are all information about your identity such as your name, your e-mail or postal address. Such information will only be stored if you provide us with your data.

Use and disclosure of personal data
We use your personal data for providing the service, the technical administration of the website, in order to give you access to specific information and for other communication with you.

A transfer of your personal data to third parties other than the following does not take place. We only pass on your personal data to third parties,

  • If you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR)
  • If disclosure is required under Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • In the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 lit. c GDPR
  • If legally permissible and in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of Contractual relationship with you is required.

For more information, please refer to our privacy policy.

You are free to decide what information you give us. In Case your personal data changes (e.g. zip code, e-mail or postal address) you can inform us by e-mail to in order to correct the data.

Automatically collected information
When you access our website, we collect general non-personal information (e.g. type of Internet browser used, number of visits, average time spent on the site, pages viewed) automatically. We use this information to improve the appeal, content and functionality of our website. There is no further use or transfer of your data.

Cookies are small files that are temporarily stored on your hard disk. Cookies obtain information about the use of our website. The next time you visit our website, your computer is automatically recognized.

Cookies do not contain any personal data. Therefore, the respect of the privacy is guaranteed.

Depending on your settings, your internet browser will automatically accept cookies. However, you can change your browser settings at any time and use our website without cookies.

We strongly encourage all parents and guardians to teach their children safe and responsible handling of personal data on the Internet. Without the consent of their parents or guardian, children should not transmit any personal data to our website!

We assure you that we will not knowingly collect personal data from children, or use it in any way, or disclose it to third parties without authorization.

This declaration on data protection applies to the Internet presence The website may contain links to other providers within and outside our internet presence to which the data protection declaration does not extend. When you leave our website, we recommend that you carefully read the privacy policy of each website that collects personal data.

Right of access to information
In accordance with applicable law, we will provide you with the requested inform in writing whether and which personal data we store about you via the website. For further details, please refer to the rights of the persons concerned under the data protection information.

Notification of changes
If the content of the privacy policy changes, the new version of this policy will be published on this website and in other appropriate places.

Google Analytics
The tracking measure listed below is carried out based on Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measure used, we want to ensure a need-based design and the continuous optimization of our website.

On the other hand, we use the tracking measure to record the use of our website statistically and evaluate it to optimizing our offer for you. These interests are considered justified in the sense of the above-mentioned regulation.

For the purpose of designing our pages to meet your needs and continuously optimizing them, we use Google Analytics, a web analysis service of Google Inc. ( (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymous user profiles are created and cookies (see above) are used. The data generated by the cookie Information about your use of this website such as

  • Browser type/version
  • Operating System
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address)
  • Time of the server request

is transferred to a Google server in the USA and stored there. The Information serves to evaluate the use of the website, to compile reports on website activity and to provide further information on website usage and Internet usage related services for market research purposes and the design of these Internet pages in accordance with the requirements. This information may also be transferred to third parties if law requires this or if third parties process this data. Under no circumstances will your IP address be merged with other data from Google. Registration of IP addresses is anonymous, so that an assignment is not possible (IP-Masking). You can prevent the installation of cookies by the appropriate setting of the browser software; however, we would like to point out that in this case, not all functions of this website may be used fully.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie only applies to this browser and only to our website and is stored on your device.

If you delete the cookies in your browser, you will have to set the opt-out cookie again. For further information on data protection in connection with Google Analytics visit Google Analytics Help.

Social Media Plug-ins
We use social plug-ins by Facebook and Instagram on our website based on Art. 6 para. 1 p. 1 lit. f GDPR to popularize our company. The advertising purpose is considered a legitimate interest within the meaning of GDPR. The responsibility for data protection compliant operation lies with the respective provider. The plug-ins are integrated using the so-called two-click method to protect visitors to our website.

Right of objection
If your personal data is processed based on legitimate interests according to Art. 6 para. 1 sentence 1 li. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. This only applies if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising.

In the latter case, you have a general right of objection, which will be implemented by us without giving a specific reason. If you would like to make use of your right of revocation or objection, please send an e-mail to

Rights of data subjects
For more information on your rights as a user, please refer to our data protection information and notices on our homepage.

Use of Facebook plug-ins
Our website uses plug-ins from the social network, which Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)) operates.

If you use the plug-in on one of our websites, a connection to the Facebook servers is established. The plug-in is displayed on the website by sending a notice to your browser. This tells the Facebook server which of our websites you have visited. If you log in to Facebook as a member, Facebook will assign this information to your personal Facebook user account. When using the plug-in functions (e.g. clicking the “Like”- buttons, leave a comment), this information will also be added to your Facebook account which you can only prevent by logging out before using the plug-in.

Facebook may use this information for the purposes of advertising, market research and the design of Facebook pages to meet the needs of the users. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and extent of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy, please refer to Facebook privacy policy.

Our website also uses social plug-ins (“Plug-ins”) from Instagram, which Instagram LLC. (1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)) operates.

The plug-ins are marked with an Instagram icon, for example in the form of an “Instagram Camera”. When you visit a page of our websites that contains such a plug-in, your browser will establish a direct connection to Instagram’s servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. This integration informs Instagram that your browser has called up the page on our website, even if you do not have an Instagram profile or you are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the United States and stored there. If you log in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. When you interact with the plug-ins, for example, by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

The information is also published to your Instagram account and displayed to your contacts.

If you do not want Instagram to associate the information collected through our web site directly with your Instagram account, you must log out of Instagram before visiting our web site.

For more information, please refer to the Instagram Privacy Policy

On our website, you will find plug-ins of microblogging and social networking service Twitter Inc. (Twitter). You can identify the Twitter plug-ins (Tweet button) by the Twitter icon on our site. You can find an overview of Tweet-Buttons here.

If you visit a page of one of our websites, which contains such a plug-in, your browser will establish a direct connection to Twitter’s servers. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter “Tweet-Button” while you are logged in to your Twitter account, you can link the content of our pages on your Twitter profile. This allows Twitter to associate your visit to our site with your user account. We would like to point out that we as the provider of the pages have no knowledge of the content of the transmitted data as well as their use by Twitter. If you do not want Twitter to assign the visit of our pages, please log out of your Twitter- User account. For further information, please see the privacy policy of Twitter.

Data security
We use the common SSL (Secure Socket Layer) method in connection with the highest encryption level supported by your browser when you visit our website. Usually this is a 256 bit encryption. If your browser does not support 256 bit encryption, we use 128 bit V3 technology instead. You can tell whether an individual page of our websites is being transmitted in encrypted form by the image of the key or lock symbol in the input bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

Contact form

If you have any questions, you may contact us via our contact form available on the website.

It is necessary to enter a valid e-mail address in order to assign the origin of the message and to answer it. You may provide further information voluntarily. The data processing is carried out based on your voluntarily given consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. The personal data collected by us for the use of the contact form is automatically deleted after the completion of your request.

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address for sending you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. It is possible to unsubscribe at any time, for example via a link at the end of each newsletter.
Alternatively, you can unsubscribe at any time by writing to

We must point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. A complete protection of data against access by third parties is not possible.

The use of contact data published in the context of the imprint obligation by third parties for sending unsolicited advertising and information materials is hereby expressly objected. The owners of the site reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam mail.


Our data protection notice (in accordance with the EU General Data Protection Regulation of 25.05.2018) is also available here as a PDF for downloading or printing.


Data protection information and notices

The companies, SMS medipool AG, SMS medipool GmbH and SMS service GmbH have a joint website. Subdivided into the respective company, they will inform you together about the data protection rights and obligations of the General Data Protection Regulation (GDPR).

The GDPR has extended the information duties of the responsible body. In order to comply with the duty to inform, we would like to draw your attention to the following:


1. SMS medipool AG

1.1 Controller:
Art. 4 No. 7 GDPR defines a “controller” as a natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. This refers in particular to the person who is responsible for data processing.


Name: SMS medipool AG
Address: Robert-Koch-Str. 2a, D-66199 Friedrichsthal

Legal Representation:

Vorstandsvorsitzender: Gerhard Blank
Phone: + 49 6897 7909-0
Fax: + 49 6897 7909-26

Vorstand: Christian Grams
Telefon: + 49 89 85604-0
Fax: + 49 89 85604-210

The controller refers in the following also as the company.

The controller has appointed a data protection officer:

Data protection officer:

Herr Rechtsanwalt Carmine Lonegro
Rechtsanwaltskanzlei Hoffmann, Lonegro, Thegemey (HLT)
Luisenstraße 21
D-65185 Wiesbaden
Phone: + 49 611 20490-29
Fax: + 49 611 20490-30

1.2 Type of data:
Our company processes personal data. In accordance with Art. 4 No. 1 GDPR, this refers to all information relating to an identified or identifiable natural person.

Description of the groups of people affected:

Personal data is processed mainly for the following groups of persons, as far as they are natural persons and as far as they are necessary to fulfill the purposes mentioned below (item 1.3.):

·Customers (address data, identification data, contract data, as far as necessary for the processing of the contract, control data or other data required for the proper and appropriate processing of the business relationship), interested parties (company, name and address data, identification and creditworthiness data, contract data as far as necessary for the processing of the contract, turnover, payment and performance data, control data or other data required for the proper and appropriate advice and processing);
·Employees, trainees, interns, applicants, former employees, retirees/pensioners/pensioners, dependents as well as relatives (application data such as information on professional career, training and qualifications, possibly also on the employer’s name, address, etc.) Criminal record; contract/master data and accounting data including data on payroll accounting, income tax and social security; information on private and business address, field of activity; transaction and benefit data; name and age of relatives, if relevant for social benefits; bank details, assets entrusted to the employee; contact information; employee status; qualifications; employee assessments; professional history; health data; for purposes of personnel administration and management, communication and transaction processing and control);
·Representatives/locations (administration and control, for communication as well as for processing and control of transactions, bank details, billing and performance data, name, address, contract and control data, etc.);
·Suppliers (all data required for the proper processing of orders, deliveries, tenders and for the processing of complaints and for supplier management and for the monitoring of commercial, financial and payment restrictions) if they are necessary to fulfill the purposes stated here;
·Tenant (i.e. address and contract data);
·Contact persons for the aforementioned groups, also insofar as these are legal entities (contact data such as address, telephone, fax and e-mail), as well as external contractors, in particular order processors (all data required for proper processing of the contractual relationship).

1.3 Purpose:
Our company processes personal data. The company ensures the processing of personal data in compliance with the relevant provisions of GDPR and the Federal Data Protection Act.

The legal basis of our data processing follows
·Consent given, Art. 6 p. 1 lit. a GDPR,
·Fulfilment of contractual obligations, art. 6 1 lit. b GDPR,
·Balance of interests, Art. 6 p. 1 lit. f GDPR,
·Legal requirements, Art. 6 p. 1 lit. c GDPR.

1.3.1 Art. 6 p. 1 lit. a GDPR (consent):
If you have given our company a legally effective consent, our data processing bases on this consent.

Declaration of Consent
You can revoke your consent at any time. For further details, please refer to section 1.10. The revocation is not retroactive, i.e. the revocation does not change the legality of the processing until revocation. The processing of your data based on consent up to that point is lawful; only future processing after your revocation is impermissible.

1.3.2. Art. 6 p. 1 lit. b GDPR (fulfilment of contractual obligations):

If the processing of personal data is carried out for fulfilling the contract, the admissibility according to Art. 6 p. 1 lit b GDPR follows from the contract, which sets its own admissibility criterion. This includes given data, which is essential to establish, execute or terminate the contractual relationship.

This permission covers data used for fulfilling contractual obligations. The purposes can therefore be different. However, the purpose follows the content of the contract.


1.3.3 Art. 6 p. 1 lit. f GDPR (balance of interests):

If the processing of your data is covered by the permission of Art. 6 p. 1 letter f GDPR, and therefore in the legitimate interest of the company, this permission becomes the base of admissibility.

To protect our legitimate interests, we process your data

·to ensure data and IT security;
·to combat fraud and prevent other damage (e.g. embezzlement and acts of theft, offences like insult, libel, slander);
·video surveillance, also for building and access security;
·for legal prosecution or legal defense;
·generally accessible or published data;
·advertising or market and opinion research, as far as the processing is not contradicted;
·for the exchange of data within the Group for administrative purposes, including processing personal data of customers and employees.


3.3.4. Art. 6 p. 1 lit. c GDPR (legal requirements):

If there are legal regulations that oblige us to transfer the data to third parties or public bodies (e.g. social security institutions, tax authorities), the processing is at least covered by Art. 6 p. 1 lit. c GDPR.

1.4 Data receiver:
Within the company, personal data is processed by those departments or bodies that are required to fulfil contractual obligations and/or legal obligations. Your personal data will also be passed on to our own service providers (including contract processors within the meaning of Art. 4 No. 8 GDPR, who provide support during processing) and vicarious agents, if they ensure compliance with data protection regulations. The processors are bound by the instructions of the controller. If the service providers have their own leeway and are not only acting in a supporting capacity (e.g. with tax consultants, lawyers, experts), they are not processors. If you object to the transfer and claim legitimately that your interests outweigh those of the controller, the transfer is not executed. Please note item 3.11. of this information.

Your personal data may only be transferred to third parties if a corresponding permission in accordance with Zi. 3.3. exists.

Possible recipients of the personal data may be
·Public bodies that receive data on the basis of legal regulations (e.g. social security institutions, tax authorities);
·Internal departments that are involved in the business process (e.g. personnel administration, contract management, bookkeeping, accounting, purchasing, marketing, sales, telecommunications and IT);
·Service providers, (e.g. archiving companies, data disposal companies, print shops, IT application, logistics service providers, maintenance companies, debt collection agencies, research service providers, law firms, tax consulting firms, consultants, auditing firms, damage service providers, workshops);
·External bodies such as credit institutions (salary payments, supplier invoices),
·Affiliated companies, shipping companies, advertising partners or other external parties to fulfill these purposes.

If you have given your consent, your data may also be transferred to specified data recipients.

1.5 Data transfer to third countries:
A transfer of personal data to a “third country”, i.e. outside the EU or EEA, does not occur and is not intended.

1.6. Storage duration:
The processing of your personal data, including storage, is carried out as long as it is required to fulfil contractual and/or legal obligations.

If your personal data is no longer required for the fulfilment of contractual and/or legal obligations, your data will be deleted in accordance with data protection regulations. Unless further use for the following purposes is necessary:
·Preservation of evidence, maximum 30 years;
·Compliance with legal or contractual agreed storage periods, (e.g. storage periods from the German Commercial Code or the German Fiscal Code).

1.7 Voluntary provision
In general, there is no obligation to disclose your personal data. However, the provision of your personal data is required for the execution of the contract, including the initiation and termination of the contract, as well as for processing due to legal obligations. Otherwise the contract will not be concluded and/or the contract will not be executed and/or the contract must be terminated.
If you refuse to provide us with your personal data, the contractual relationship will not be established or must be terminated.

1.8 Profiling:
According to Art. 4 No. 4 GDPR, “profiling” means any type of automated processing of personal data, which consists in the fact that these personal data be used to identify certain personal aspects that relate to a natural person especially with regard to aspects of work performance and economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or to analyze or predict the movements of these natural persons.
·We do not use “profiling” or any other type of automated individual case decision.

1.9 Rights of data subjects:
Sections 34 and 35 BDSG regulate the rights of the concerned persons. These stipulate the rights to information, correction, blocking and deletion. The General Data Protection Regulation of 25 May 2018 extends the rights of the data subjects according to Art. 15 to 19 GDPR.
You are entitled to the right of information in accordance with Art. 15 GDPR, the right of correction in accordance with Art. 16 GDPR, the right of deletion in accordance with Art. 17 GDPR, the right of restriction of processing in accordance with Art. 18 GDPR, the right of objection in accordance with Art. 21 GDPR and the right of data transferability in accordance with Art. 20 GDPR. The right of information according to Art. 15 GDPR and the right of deletion according to Art. 17 GDPR are subject to the restrictions of §§ 34 and 35 BDSG.

The information is generally provided free of charge. In addition to the above-mentioned rights of data subjects, there is also a right of complaint pursuant to Art. 77 GDPR to the competent data protection supervisory authority, regularly the state data protection authority of the state, at your place of work and/or at the location of the suspected violation.

If the company rejects your application according to Art. 15 ff GDPR, the following applies:
·The reasons for the refusal must be disclosed to you;
·You have a right of appeal to the data protection authorities under Art. 77 p. 1 GDPR;
·You can appeal to the courts of general jurisdiction, Art. 79 GDPR;
·The rejection notice must be sent to you within a time limit of 1 month, which can be extended to a maximum of 3 months.


1.10. Right of withdrawal:
You have the right to withdraw your consent for processing of your personal data at any time. If possible, please send your withdrawal by e-mail to:

You can also use the contact details of the responsible office mentioned under point 3.1.
The withdrawal is only valid for the future, i.e. the processing of your personal data is not affected up to that point.
You have also the right to withdraw your consent that you have given before the general data protection regulation was enacted.


1.11. Right of objection according to Art. 21 GDPR:
You have the right to object to the processing of personal data based on “legitimate interests”.
According to Art. 21 p. 1, s. 1 GDPR, you have the right to object to the processing of your personal data at any time. This requires a reason arising from your particular situation. General objections and reservations against data processing are not sufficient. You must state personal reasons why processing is unreasonable for you. This right of objection applies to the processing of the data based on Art. 6 p. 1 lit. f GDPR (see point 3.3.3. above).
Once you object, your personal data will no longer be processed. This does not apply if compelling reasons for further processing worthy of protection are proven by us, which outweigh the interests, rights and freedoms of the person concerned or if proof is provided that processing of data is necessary for prosecution, exercise of legal rights or legal defense.
You have the right to object to the processing of your data for advertising purposes.
If you object to the processing of your personal data for advertising purposes, your personal data will no longer be processed for these purposes.

Please send your objection to:

QMB/Babette Souard
Phone: + 49 611 92867-22
Fax: + 49 611 92867-79


Our data protection notice and information (in accordance with the general data protection regulation of 25.05.2018) is also available here as a PDF for downloading or printing.