Legal Notice & Privacy Policy

Legal Notice (Impressum)

Legal Disclaimers

Legal notices regarding the use of the website of DUX Healthcare GmbH, hereinafter referred to as DUX Healthcare. The use of this website is subject to the following terms and conditions, which you accept by accessing this website.

Responsible for Content

Pursuant to § 6 and § 10 paragraph 3 MDStV: DUX Healthcare GmbH, represented by Christoph Eberhardt and Thomas Wolters.

Website Content

All information is provided without warranty. Sources: Federal Institute for Drugs and Medical Devices (BfArM), as well as manufacturer websites, app stores, and others.

Disclaimer for Information and Linked Pages

The information on this website may contain technical errors or typographical errors. We do not guarantee the accuracy or completeness of the information, text, graphics, links, and any other content on this website. Information may be changed or updated without notice. Despite careful content review, DUX Healthcare assumes no liability for the content of external links. DUX Healthcare does not adopt the content of linked pages as its own; the operators of those pages are solely responsible for their content. The provider of the linked page is solely liable for any damages arising from the use of such external pages.

Privacy Policy

As of March 2026

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR (DSGVO)) and other data protection legislation is:

DUX Healthcare GmbH

Bachstr. 43

76185 Karlsruhe

Germany

kontakt@dux-healthcare.com

https://diga-verzeichnis.de

2. General Information on Data Processing

1. Scope of Processing of Personal Data


We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of data is required by law.

2. Legal Basis for the Processing of Personal Data


Where we obtain the consent of the data subject for processing of personal data, Art. 6 Abs. 1 S. 1 lit. a DSGVO serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 Abs. 1 S. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 Abs. 1 S. 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Abs. 1 S. 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override that interest, Art. 6 Abs. 1 S. 1 lit. f DSGVO serves as the legal basis for the processing.

3. Data Deletion and Storage Duration


The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

3. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-a-vis the controller:

1. Right of Access


You may request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing takes place, you may request the following information from the controller:

1. the purposes for which the personal data are processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the envisaged period of storage of the personal data concerning you or, where this is not possible, the criteria used to determine the storage period;
5. the existence of the right to request rectification or erasure of personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the origin of the data where the personal data are not collected from the data subject;
8. the existence of automated decision-making, including profiling, referred to in Art. 22 Abs. 1 and 4 DSGVO and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

2. Right to Rectification


You have a right to rectification and/or completion vis-a-vis the controller if the processed personal data concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. Right to Restriction of Processing


You may request the restriction of processing of personal data concerning you under the following conditions:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defence of legal claims; or
• if you have objected to processing pursuant to Art. 21 Abs. 1 DSGVO and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such data may only be processed -- apart from being stored -- with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure


a) Obligation to Erase


You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw the consent on which the processing was based pursuant to Art. 6 Abs. 1 S. 1 lit. a or Art. 9 Abs. 2 lit. a DSGVO, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21 Abs. 1 DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Abs. 2 DSGVO.
4. The personal data concerning you have been unlawfully processed.
5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Abs. 1 DSGVO.

b) Information to Third Parties


If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Abs. 1 DSGVO, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure of all links to, or copies or replications of, those personal data.

c) Exceptions


The right to erasure does not apply to the extent that processing is necessary

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health in accordance with Art. 9 Abs. 2 lit. h and i as well as Art. 9 Abs. 3 DSGVO;
4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89 Abs. 1 DSGVO, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise, or defence of legal claims.

5. Right to Notification


If you have exercised the right to rectification, erasure, or restriction of processing vis-a-vis the controller, the controller is obliged to communicate the rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right vis-a-vis the controller to be informed about such recipients.

6. Right to Data Portability


You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

1. the processing is based on consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO or Art. 9 Abs. 2 lit. a DSGVO or on a contract pursuant to Art. 6 Abs. 1 S. 1 lit. b DSGVO; and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons shall not be adversely affected.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object


You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 Abs. 1 S. 1 lit. e or f DSGVO; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

8. Right to Withdraw Consent


You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to Lodge a Complaint with a Supervisory Authority


Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.

4. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing


Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

• Information about the browser type and version used
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system reaches our website
• Websites that are accessed by the user's system via our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose of Data Processing


The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data serves us for optimising the website and for ensuring the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO.

3. Legal Basis for Data Processing


The legal basis for the temporary storage of data and log files is Art. 6 Abs. 1 S. 1 lit. f DSGVO.

4. Duration of Storage


The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after no more than seven days. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymised so that identification of the accessing client is no longer possible.

5. Possibility of Objection and Removal


The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

5. Email Contact

1. Description and Scope of Data Processing


Our website provides the option to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of Data Processing


In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

3. Legal Basis for Data Processing


The legal basis for the processing of data where the user has given consent is Art. 6 Abs. 1 lit. a DSGVO.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Abs. 1 lit. f DSGVO. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Abs. 1 lit. b DSGVO.

4. Duration of Storage


The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The additional personal data collected during the sending process will be deleted after a period of no more than seven days.

5. Possibility of Objection and Removal


The user has the option to withdraw consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To opt out, please contact us by email at kontakt@dux-healthcare.com.

All personal data stored in the course of contacting us will be deleted in this case.

6. Hosting

The website is hosted on servers by a service provider commissioned by us.

Our service provider is:

Amazon Web Services (AWS)

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when visiting the website. The stored information is:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing device
• Date and time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 Abs. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website -- for this purpose, server log files must be collected.

The server location of the website is geographically within the European Union (EU) or the European Economic Area (EEA).