Data Protection

sepp.med

1. Data protection at a glance

As of: January 21, 2026

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data collection on this website

Some of the data is collected to ensure that the website is provided without errors. Other data is processed—only with your consent—to analyze your user behavior and for marketing and communication purposes (e.g., Google Analytics/Ads, HubSpot).

Your rights

You have the right to information, correction, deletion, restriction of processing, data portability, and objection at any time. You also have the right to lodge a complaint with a supervisory authority.

2. General information and mandatory information

Responsible body

sepp.med gmbh
Gewerbering 9
91341 Röttenbach
Germany
Phone: +49 9195 931–0
Email: datenschutz@seppmed.de

data protection officer

Maren Leschke
Syngenity GmbH
Ahornstraße 7
85296 Rohrbach
Email: datenschutz@seppmed.de

legal bases

We process personal data in particular on the following legal bases:

  • 6 para. 1 lit. a GDPR (consent)
  • 6 para. 1 lit. b GDPR (contract / pre-contractual measures)
  • 6 para. 1 lit. c GDPR (legal obligation)
  • 6 para. 1 lit. f GDPR (legitimate interest)

Insofar as information is stored or read on your device when cookies/similar technologies are used, the provisions of Section 25 TTDSG also apply.

Withdrawal of your consent

You can revoke your consent at any time with future effect via the cookie settings in the footer.

storage period

Unless a more specific storage period is specified in this privacy policy, we only store personal data for as long as is necessary for the respective purpose or as required by statutory retention obligations.

SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content.

Recipients and order processing

We use service providers who process personal data on our behalf (contract processing). Where necessary, we conclude contract processing agreements with these service providers.

Transfer to third countries

Where possible, we have configured our tools so that data processing takes place on servers in the EU. According to our current setup, there is no regular transfer to third countries. If, in exceptional cases (e.g., support), access from a third country cannot be completely ruled out, this will only take place in compliance with legal requirements (e.g., EU standard contractual clauses) and—where necessary—on the basis of your consent.

Your rights in detail

Within the framework of the legal requirements, you have the right to information (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection (Art. 21 GDPR).

right of appeal

You have the right to lodge a complaint with a data protection supervisory authority. In particular, the supervisory authority of your habitual residence or the place of the alleged infringement is responsible.

3. Data collection on this website

server log files

The provider of the pages automatically collects and stores information in so-called server log files (e.g., browser type, operating system, referrer URL, time, IP address). The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in secure, stable operation).

Cookies

Our website uses cookies and similar technologies. Some are technically necessary, others are used for statistical/marketing purposes and are only set with your consent.

3.1 Cookie consent with Borlabs Cookie

We use Borlabs Cookie (WordPress plugin) to obtain, manage, and document your consent.

Purpose: Consent management, documentation of your selection.

Legal basis: Art. 6 (1) (c) GDPR and § 25 (2) TTDSG (necessary storage), otherwise Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (consent).

Revocation/modification: at any time via the cookie settings in the footer.

3.2 Contact requests, landing pages, forms, and CRM (HubSpot)

We use HubSpot (including WordPress plugin) for landing pages, forms, contact management (CRM), and communication.

Processed data: Contact and communication data (e.g., name, email, company, phone number, form content), technical data (e.g., IP address, browser information) if applicable—especially if tracking is activated and consented to.

Purposes: Processing inquiries, lead management, providing requested content, communicating with customers and prospects, documenting contact history.

Legal basis: Art. 6(1)(b) GDPR (request/contract) and/or Art. 6(1)(f) GDPR (efficient communication/organization); for marketing/tracking, additionally Art. 6(1)(a) GDPR and Section 25(1) TTDSG.

Order processing: HubSpot (HubSpot Inc., 2 Canal Park, Cambridge, MA 02141 USA; hereinafter referred to as HubSpot) processes data on our behalf (order processing agreement).

Data processing in the EU: We have configured HubSpot so that data processing takes place on servers in the EU. According to our current setup, there is no regular transfer to third countries. If, in exceptional cases (e.g., support), access from a third country cannot be completely ruled out, this will only take place in compliance with legal requirements (e.g., EU standard contractual clauses) and—where necessary—on the basis of your consent.

HubSpot Tracking

We also use HubSpot for tracking and analysis purposes (e.g., visitor recognition, evaluation of interactions), provided you have given your consent.

You can find a current list of the cookies/technologies used (purpose, duration, provider) in our cookie settings. We log your consent (time, consent status) to fulfill our documentation obligations (Art. 7(1) GDPR).

Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TTDSG (consent).

Revocation: at any time via the cookie settings in the footer.

HubSpot Chat

We use a chat feature (HubSpot) on our website to respond to inquiries quickly and facilitate communication.

Processed data: Chat content, time, technical information, and—if provided—contact details.

Purposes: Processing inquiries, support, communication, documentation of the conversation.

Legal basis: Art. 6(1)(b) GDPR (request) and/or Art. 6(1)(f) GDPR (efficient communication); if cookies/tracking are used: Art. 6(1)(a) GDPR and Section 25(1) TTDSG.

We store chat content for 6 months for traceability and quality assurance purposes, after which it is deleted/anonymized.

3.3 snapADDY DataQuality (data quality check)

Order processing: If snapADDY (Haugerkirchgasse 7, 97070 Würzburg) acts as a service provider on our behalf, this is done on the basis of an order processing agreement.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in accurate and up-to-date data). Insofar as processing is necessary for the implementation of pre-contractual measures or for the fulfillment of a contract, Art. 6(1)(b) GDPR may also apply.

Purposes: We use snapADDY DataQuality to check, correct, and enrich contact data (data quality management), e.g., as part of maintaining our CRM and processing inquiries.

Processed data: Personal data that is publicly available or provided on websites, in emails, or on business cards is processed. This includes, for example, name, company, address, email address, telephone number, and, if necessary, other contact details required for validation.

4. Analysis tools, tag management, and advertising

The following tools—insofar as they set or read cookies/IDs—will only be activated after you have given your consent via Borlabs Cookie.

Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TTDSG.

4.1 Google Tag Manager

We use Google Tag Manager to manage and display website tags. Tag Manager itself does not usually create user profiles, but it can trigger other tags. We use server-side tracking (server-side tagging) for this purpose. Certain measurement and event data is first transferred to a server endpoint in the EU that we operate or commission, and from there—depending on your consent and configuration—forwarded to Google. The purpose of this is, in particular, to enable more controlled delivery of tags and more data-efficient transmission.

Purpose: Integration and control of tracking and marketing tags.

Data processing in the EU: We use EU data regions or server locations in the EU, where offered by the provider. According to our current setup, there is no regular transfer to third countries; however, access from third countries in exceptional cases (e.g., support) cannot be completely ruled out.

4.2 Google Analytics

We use Google Analytics to analyze the use of our website (e.g., page views, interactions). Cookies/IDs may be used and usage data may be processed. We use server-side tracking for this purpose. Measurement data (e.g., page views/events) may first be transferred to a server endpoint in the EU and then—depending on your consent and configuration—transmitted to Google Analytics.

Purpose: Reach measurement, website optimization.

Revocation: at any time via cookie settings in the footer.

4.3 Google Ads (inkl. Conversion-Tracking, Remarketing)

We use Google Ads to display advertisements and measure their success (e.g., conversion tracking). We also use remarketing features to show interest-based advertisements to users who have visited our website.

Purposes: Advertising, performance measurement, remarketing.

Revocation: at any time via cookie settings in the footer.

4.4 LinkedIn Insight Tag (Conversion-Tracking)

Data processing in the EU: We use EU data regions or server locations in the EU, where offered by the provider. According to our current setup, there is no regular transfer to third countries; however, access from third countries in exceptional cases (e.g., support) cannot be completely ruled out.

Revocation: at any time via the cookie settings in the footer.

Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TTDSG (consent).

Purposes: Conversion measurement, reach measurement, optimization of LinkedIn advertising campaigns, and, if applicable, target group development (retargeting), if activated.

We use the LinkedIn Insight Tag to measure the effectiveness of our LinkedIn ads (conversion tracking) and optimize campaigns. Cookies/IDs may be used and information about the use of this website may be processed (e.g., page views, events, URL, referrer, IP address, device and browser information).

5. Newsletter (sent via HubSpot)

When you subscribe to our newsletter, we process your email address and any other voluntary information (e.g., name/company) for the purpose of sending the newsletter. The newsletter is sent and managed via HubSpot (see 3.2).

Legal basis: Art. 6(1)(a) GDPR (consent).

Double opt-in: Registration is verified by confirmation email.

Unsubscribe/revoke: at any time via the unsubscribe link in the newsletter or by sending us a message.

Success measurement: If used, openings and clicks can be statistically evaluated (consent basis).

6. Plugins and tools

YouTube (embedding videos)

We embed videos from YouTube. When you start a video, a connection to YouTube/Google servers may be established; data (e.g., IP address, device information) may be processed in the process. YouTube may use cookies/similar technologies.

Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TTDSG (consent).

Revocation: at any time via cookie settings in the footer.

hCaptcha (spam protection)

We use hCaptcha to protect our forms from automated entries (bots) and misuse. Technical data (e.g., IP address, browser and device information, mouse movements/interaction data) may be processed in the process.

Purpose: Prevention of abuse and spam, ensuring the availability and security of our online forms.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against misuse) and—if hCaptcha is only loaded after consent has been given—additionally Art. 6(1)(a) GDPR and Section 25(1) TTDSG.

Revocation: at any time via the cookie settings in the footer (if consent-based).

OpenStreetMap (Map)

We integrate map material from OpenStreetMap. When loading the map, a connection is established to OpenStreetMap servers or the respective tile server. In particular, your IP address may be processed during this process.

Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TTDSG (consent), provided that the map is only loaded after consent has been given; otherwise Art. 6(1)(f) GDPR (legitimate interest in a user-friendly display of maps).

Revocation: at any time via the cookie settings in the footer.

7. Webinars and online meetings (Microsoft Teams)

We use Microsoft Teams for webinars and online meetings.

Processed data: Name, email address, organization (if applicable), participation metadata (time/duration), technical connection data, chat and Q&A contributions (if applicable).

Purposes: Conducting the webinar, communication, follow-up.

Legal basis: Art. 6(1)(b) GDPR (participation) and/or Art. 6(1)(f) GDPR (organization).

records

Webinars are recorded. The recording is done in such a way that participants are not visible in the image (e.g., focus on presentation or speaker).

If contributions from participants (e.g., chat questions) may be documented during the webinar or included in recordings, we will point this out before the webinar begins.

Legal basis (recording): Art. 6(1)(f) GDPR (documentation/quality assurance) and/or Art. 6(1)(a) GDPR (consent), where necessary.

Data processing in the EU: We use server locations or data regions in the EU, where offered by the provider. According to our current setup, there is no regular transfer to third countries; however, access from third countries in exceptional cases (e.g., support) cannot be completely ruled out. In such cases, this will only take place in compliance with legal requirements (e.g., EU standard contractual clauses) and, where necessary, on the basis of your consent.

8. Applications

When you apply for a position with us, we process your application data for the purpose of conducting the application process.

Processed data: Application documents and the data contained therein (e.g., name, contact details, resume, references, correspondence).

Purposes: Conducting the application process, communication, decision on establishing an employment relationship.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures), § 26 BDSG (Federal Data Protection Act) if applicable; Art. 6 (1) (a) GDPR if consent is required (e.g., applicant pool).

Storage period: Once the process has been completed, we generally delete application data within the statutory/customary periods, unless longer storage is necessary or consented to.

9. Video surveillance

We use video surveillance at our company location outside of business hours to protect our property rights and to prevent and investigate criminal offenses.

Legal basis: Art. 6(1)(f) GDPR.

Storage period: usually a few days; longer storage only takes place if necessary for the preservation of evidence.

Recipients: Access only by authorized internal departments; disclosure to authorities only when necessary and legally permissible.

10. Social Media

We maintain publicly accessible profiles on social networks (e.g., LinkedIn, Facebook, Instagram, YouTube, X).

When visiting our profiles, the platform operators may process personal data. For details, please refer to the privacy policies of the respective providers.

Legal basis: Art. 6(1)(f) GDPR (public relations and communication) and, where applicable, Art. 6(1)(a) GDPR, insofar as consent is required.

11. Changes to this privacy policy

We will amend this privacy policy if the legal situation or our data processing changes, or if this is necessary for other reasons.

Cookie settings: You can adjust or revoke your selection regarding cookies and services at any time via the cookie settings in the footer.