Data protection

Home > Data protection

Privacy Policy

Stand: 04.03.2026

  1. General information

We take the protection of your personal data very seriously. In accordance with Article 13 of the General Data Protection Regulation (GDPR), this privacy policy informs you about which personal data we process when you use our website, for what purposes this is done, and what rights you have.

If we use cookies or similar technologies, this is done in accordance with the legal requirements for access to end devices (e.g. § 25 TDDDG) and the GDPR for the subsequent processing of personal data.

Note regarding health data: Bitte übermitteln Sie keine sensiblen Gesundheitsdaten (z. B. Diagnosen, Befunde, Medikationspläne) über das Kontaktformular. Wenn Unterlagen erforderlich sind, stimmen wir mit Ihnen einen geeigneten, zweckgebundenen Übermittlungsweg ab.

  1. Responsible person

Medi First NPO gGmbH i. Gr.

Königstrasse 3

01097 Dresden

Deutschland

Phone: 0351 42417533
Email: Kontakt@medi-first-npo.de

  1. Processing when visiting the website

3.1 Hosting and server log files

Each time you access our website, the server automatically processes information transmitted by your browser. This includes, in particular, your IP address, the date and time of access, the pages/files accessed, status codes, browser/operating system information, and the referrer URL.

Purpose: Provision of the website, ensuring IT security, error analysis and prevention of misuse.
Legal basis: Article 6 paragraph 1 letter f GDPR (legitimate interest).
Storage period: [e.g. 7–30 days]; longer storage only in the case of security-relevant events.

Recipient: Hosting service providers as data processors (Art. 28 GDPR):
[Hosting-Anbieter, Sitz/Land]

  1. Contact us

When you contact us via contact form or email, we process the data you provide (e.g., name, email address, organization/function, request/category, message) in order to process your request and enable follow-up questions.

Purpose: Processing and responding to your request, internal allocation.
Legal basis:

  • Article 6 paragraph 1 letter b GDPR (pre-contractual measures/contractual communication), insofar as applicable.
  • Ansonsten Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an effektiver Bearbeitung).
    Storage period: until final processing. Beyond that, only if there are legal retention obligations or if this is necessary for legal proceedings.
  1. Cookies and similar technologies

We use cookies and similar technologies to the extent necessary for the operation and security of the website or where you have given your consent. The provisions of Section 25 of the German Telemedia Act (TDDDG) apply to the storage and retrieval of information on your device.

5.1 Technically necessary cookies

Technically required cookies are necessary to provide basic website functions (e.g., security, display, language settings).

Purpose: To provide the website and its functions.
Legal basis: Section 25 Paragraph 2 TDDDG and Article 6 Paragraph 1 Letter f GDPR (legitimate interest).
Storage duration: depending on the cookie, until the end of the session or for a limited period.

5.2 Optional cookies (analytics/marketing) – only if used

If we use analytics or marketing tools in the future, this will only be done on the basis of your consent.

Purpose: Audience measurement, website improvement, statistical analysis.
Legal basis: Section 25 Paragraph 1 TDDDG and Article 6 Paragraph 1 Letter a GDPR (consent).
Revocation: You can revoke your consent at any time with effect for the future via the cookie settings.

  1. Recipients, processors and transfer

We use service providers who process personal data on our behalf (Art. 28 GDPR), in particular for hosting and technical maintenance. Data is only shared with third parties if this is necessary to process your request, if you have given your consent, or if there is a legal obligation to do so.

Recipient/Processor (please complete):
Recipient/Processor (please complete):
• (optional) Contact/spam protection: [Provider, location/country]

  1. Transfers to third countries

If service providers process data outside the European Economic Area (EEA), this will only be done if suitable safeguards (e.g. EU standard contractual clauses) or another permissible legal basis are in place.

  1. Data security

We take appropriate technical and organizational measures to protect your data from loss, manipulation, and unauthorized access. Data transmission is generally encrypted (TLS). However, complete security of data transmission over the internet cannot be guaranteed.

  1. Storage period and deletion

We process and store personal data only for as long as necessary for the respective purposes. Afterwards, the data is deleted unless legal retention obligations apply or further storage is necessary for the establishment, exercise, or defense of legal claims.

  1. Your rights

Under the GDPR, you have the following rights in particular:
• Information about your processed personal data (Art. 15 GDPR)
• Correction of inaccurate data (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Right to object to processing if it is based on Article 6(1)(f) GDPR (Article 21 GDPR)
• You may withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR)

To exercise your rights, you can contact us using the contact details listed under point 2.

  1. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for the company's location in Saxony is:

Saxon Data Protection and Transparency Commissioner (SDTB)
Maternistraße 17
01067 Dresden
Deutschland

  1. Updates and changes to this privacy policy

We will update this privacy policy if the legal situation, our website, or data processing practices change.