Privacy Policy
The protection of your personal data is very important to us, and we attach great importance to privacy. The collection and processing of your personal data is therefore carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Since this website is hosted in the European Union, we give you further information and options regarding your privacy, as required by EU law.
Change individual privacy preferences
Controller
Controller for the collection, processing and use of your personal data within the meaning of Art. 4 VII GDPR.
Walimu, Unit 4, Plot 5-7, Coral Crescent, Kololo, Kampala, Uganda, info@stairs-sepsis.com
Walimu is a Ugandan registered non-governmental organization #10090
Walimu US is a United States 501(c)(3) tax-exempt nonprofit, EIN 27-3291501
If you wish to object to the collection, processing or use of your data by us in accordance with this Privacy Policy as a whole or for individual measures, you can address your objection to the Controller.
You can save and print this privacy policy at any time. Valid is always the currently online version, though.
Data Protection Officer
According to § 38 BDSG we are not obliged to appoint a data protection officer. In case of a question, please contact the Controller named above.
3General purposes of processing
We use personal data for the following purposes:
- Communicating with you regarding our products, services and projects, e.g. to process inquiries;
- Planning, execution and management of the (contractual) business relationship with you, e.g. to handle the ordering of products and services, for bookkeeping and billing purposes, and to carry out deliveries, maintenance or repairs;
- Operation of the website;
- Maintaining and protecting the security of our products and services and our website, preventing and detecting security risks, fraudulent activity or other criminal or intentional acts;
- Compliance with legal requirements (such as tax and commercial requirements for record-keeping);
- Settling litigation, enforcing existing contracts and asserting, exercising and defending legal claims.
What data we use and why
Hosting
We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate the site.
In doing so, we or our hosting service provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website acc. Art. 6 I 1 f) GDPR in relation to Art. 28 GDPR.
Access data
We collect information about you when you use this website. We automatically collect information about your usage and interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data includes:
Name and URL of the retrieved file, Date and time of retrieval, amount of data transferred, Message about successful retrieval (HTTP response code), Operating system, browser type and browser version, Referrer URL (i.e. the previously visited page), Websites that are accessed by the user’s system through our website, Internet service provider of the user, IP address and the requesting provider
We use this anonymous log data without assignment to you or other profiling for statistical evaluations for the purpose of operation, security and optimization of our website, but also for the anonymous recording of the number of visitors to our website (traffic) and the extent and nature of use of our website and services, as well as for billing purposes if necessary, to measure the number of clicks received from cooperation partners, if necessary.
This is also our legitimate interest in accordance with Art 6 I 1 f) GDPR.
Currently tracking and analytics are not implemented by any third-party (e.g. Google Analytics, Matomo) and only the expectable hosting based server data will be recorded by our hosting provider, as pointed out in the section “Hosting” above.
Cookies
We use so-called session cookies to optimise our website. A session cookie is a small text file that is sent by the respective servers when visiting a website and is stored on your hard disk. As such, this file contains a so-called session ID, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised when you return to our website. These cookies are deleted after you close your browser. They serve e.g. that you can use a shopping cart feature across multiple pages.
Our legitimate interest in the use of cookies in accordance with Article 6 I 1 f) GDPR is to make our website more user-friendly, effective and secure.
You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you exclude the acceptance of cookies for specific cases or in general, or that cookies are completely prevented. This may limit the functionality of the site.
Contacting us
When you contact us (for example, by contact form or e-mail), we will process your details for processing the request as well as for follow-up questions.
If the data processing is for the implementation of pre-contractual measures, which are made in response to your request, or – if you are already our customer – it is for the execution of the contract, the legal basis for this data processing is Art. 6 I 1 b) GDPR.
We process further personal data only if you consent to it (Art. 6 I 1 a) GDPR) or we have a legitimate interest in the processing of your data (Art. 6 I 1 f) GDPR). A legitimate interest is e.g. in answering to your email.
Data from public sources
If necessary, we will attempt to complete personal data transmitted by e.g. an e-mail with the help of public sources (for example information on the websites of the associated company or the associated institution).
The legal basis for this is Art. 6.I 1 f) GDPR, since our legitimate interest lies in processing correct data.
Data to fulfill our contractual obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, e-mail address, ordered products, billing and payment data. The collection of this data is required for the conclusion of the contract.
The deletion of the data takes place after expiry of the warranty periods and legal retention periods, unless otherwise stated. Data associated with a user account is retained for the time this account is maintained.
The legal basis for the processing of this data is Art. 6 I 1 b) GDPR, because this data is needed so that we can fulfill our contractual obligations to you.
Duration of storage
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.
In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will be stored by us only for these legal purposes, but not otherwise processed and deleted after expiration of the statutory retention period.
6Your rights as data subject
Under applicable law, you have various rights to your personal information. If you would like to assert these rights, please send your request to the above-mentioned Controller by e-mail or by post with a clear identification of your person.
Your rights
Right to access
You have the right to receive information about the processing of your personal data. Specifically, this means:
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to ask us for free information about your personal data stored together with a copy of this data. Furthermore, there is a right to the following information:
- the processing purposes; the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organisations;
- if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
- the right of rectification or erasure of personal data concerning you or restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you directly, all available information about the source of the data;
- the existence of automated decision-making including profiling – at least in these cases – meaningful information about the logic involved, as well as the implications and intended effects of such processing for you.
- If personal data are transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
Right to rectification
- You have the right to demand that we correct and, if necessary, complete your personal data. Specifically, this means:
- You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to be erased (“Right to be forgotten”)
In a number of cases, we are required to delete your personal information. Specifically, this means:
You have the right to ask us to erase your personal data without delay and we are obliged to erase personal data immediately if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent, on which the processing was based in accordance with Art. 6 I 1 a) GDPR, and lack of any other legal basis for the processing. These bases are:
- The personal data were processed unlawfully.
- The erasure of personal data is required to fulfill a legal obligation under Union or national law to which we are subject.
If we have made the personal data publicly available and if we are obliged to erase it, we take appropriate measures, including technical ones, to Controllers who process the personal data, taking into account the available technology and the implementation costs to inform them that you have requested that they delete any links to such personal information or copies or replications of such personal information.
Right to restriction of processing
In a number of cases, you may request that we restrict the processing of your personal information. Specifically, this means that you have the right to request from us to restrict processing if any of the following conditions apply:
- the accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information;
- the processing is unlawful and you have objected to the erasure of personal data and have instead requested the restriction of the use of personal data;
- we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend your rights, or;
- you have objected to the processing according to Art. 21 I DSGVO, as long as it is not certain that the justified reasons of our company outweigh yours
Right to data portability
You have the right to receive, transmit or have transmitted from us any personal data relating to you in a machine-readable manner. Specifically, this means:
- You have the right to receive the personal information you provided to us in a structured, common and machine-readable format, and you have the right to submit that information to another Controller without hindrance, provided that the processing is based on a consent pursuant to Art. 6 I 1 a) GDPR or on a contract pursuant to Art. 6 I 1 b) GDPR; and the processing is done using automated procedures;
- In exercising your right to data transferability, you have the right to request that personal data be transmitted directly by us to another party, as far as technically feasible
Right to object
You have the right to object to lawful processing of your personal data by us if this is based on your particular situation and if our interests in processing do not prevail. Specifically, this means:
- You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you pursuant to Article 6 I 1 (f) GDPR; this also applies to profiling based on these provisions. We no longer process personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
- If personal data are processed by us in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
- You have the right, for reasons of your particular situation, to object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes, unless: the processing is necessary to fulfill a public interest task.
Automated decision-making including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner.
We do not apply automated decision-making based on the collected personal data.
Right to withdraw a data protection consent
You have the right to withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to logde a complaint to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
Your personal data will be transmitted to us with encryption. This applies to your orders and also to the customer login. We use SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating via e-mail) can have security gaps. A complete protection of the data from access by third parties is not possible.
To safeguard your data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we always adapt to state-of-the-art technology.
We also do not warrant that our offer will be available at specific times; disturbances, interruptions or failures can not be excluded.
Disclosure of data to third parties, data transfer to non-EU countries
If and to the extent that we engage third parties in the performance of contracts (such as logistic service providers), they will only receive personal data to the extent that the transmission is required for the corresponding service.
In the event that we outsource certain parts of the data processing (“order processing”), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.
Data may be shared with persons outside of EU countries. These persons are known to us and directly connected to the website’s purpose and only receive necessary data for fullfilling their tasks. If you object your request may not be fullfillable anymore. We can inform you about the involved parties for a certain task, procedure or communication regarding you, at your request.