Privacy at a glance

The protection of your privacy is very important to us.

Data protection and security have the highest priority for medi. In order to comply with our legal reporting obligation and to keep you up-to-date, we inform you that with the cyber attack on medi on the first weekend of August, the attackers also had access to data – in this context, we cannot exclude that this also affects personal data. 

Since in exceptional cases and in the event of any loss of such data, a disclosure of secrets, identity theft, financial disadvantage or other consequences cannot be precluded, we recommend – purely as a precaution – that you pay close attention to any irregularities regarding the data records stored with medi in the near term. As a user, you can change passwords with other providers in case they correspond to the medi password, check your e-mails more frequently for spam messages or keep an eye on your account movements.

Please note: At this time, however, we have no indications whatsoever that point to any illegal use of data! 

If you have any questions, please contact us at

You can reach our data protection officer by mail at:

ePrivacy GmbH 
represented by Prof. Dr. Christoph Bauer 
Große Bleichen 21, 20354 Hamburg

or by e-mail:

We take privacy seriously

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically save the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit, and the date and duration of your visit. This information is necessary for the technical functionality of the webpages and the secure operation of the server. A personalised evaluation of this data is not carried out.

If you send us information via the contact form, this data will be stored on our servers in the course of data backup. Your data will be used by us exclusively to process your request. Your data will be handled in a strictly confidential manner. Your data will not be passed on to third parties.

Responsible party:
medi GmbH & Co. KG
Medicusstr. 1
D-95448 Bayreuth
Telephone: +49 (0)921 912-0

Personal data

Personal data are data about yourself. This includes your name, your address and your Email address. You are not obligated to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as further information to be able to offer you the service you require.

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we only save data that you have automatically or voluntarily submitted to us.

When you use our services, we normally only collect data that are necessary to be able to offer you our services. We may ask you for further information on a voluntary basis. Whenever we process personal information, we do so in order to provide you with our services or to pursue our commercial interests.

Server log files

Server log files

Website providers automatically collect and store information in so-called server log files, which your browser automatically transmits to us.
These are:

  • Data and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • the web browser and operating system used
  • complete IP address of the computer making the request
  • amount of data transmitted

This data is not combined with other data sources. The processing is carried out in accordance with Art. 6(1)(f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

This data is stored by us for security reasons, especially with regard to the prevention of attempts to attack our web server. It is not possible for us to draw conclusions regarding individuals based on this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is processed for statistical purposes only; it is not compared with other datasets or passed on to third parties, even in extracts.

More information



We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable privacy laws.

Whenever we collect and process personal information, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Data transfers to third countries

Data transfers to third countries

If we process data in countries outside the European Economic Area (“EEA”), we protect it based on an adequacy decision of the EU Commission Art. 45 (1) GDPR or use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR when structuring contractual relationships with recipients in third countries.

Storage period

Storage period

We will store your data,

  • if you have consented to the processing thereof, only until you withdraw your consent;
  • if we need the data to perform a contract, only for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, only as long as your interest in deletion or anonymisation does not outweigh this legitimate interest;
  • if statutory retention obligations exist, until the end of the retention periods.

Your rights

You have the right at any time to request information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing; as well as the right to data portability and to lodge a complaint in accordance with the requirements of privacy law.


Right of access:

You can request information from us as to whether and to what extent we process your data.


Right to rectification:

If we process your data that is incomplete or inaccurate, you may request that we correct or supplement it at any time.


Right to erasure:

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your justifiable protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g., in the case of legally stipulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no contractual or statutory obligation to retain data in this respect.


Right to restrict processing:

You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
  • the processing of the data is unlawful, but you decline to delete it and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to file or defend legal claims, or
  • you have objected to the processing of the data.

Data portability

Right to data portability:

You may request that we provide you with the information you have provided to us in a structured, standard and computer-readable format and that you may provide that information to another representative without interference from us, provided that we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and that such processing is carried out using automated procedures. If technically feasible, you may request us to transfer your data directly to another representative.


Right to object:

If we process your data for legitimate reasons, you may object to such processing at any time. We will then no longer process your data unless we can prove compelling and protection-worthy grounds for the processing which outweigh your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.


Right to appeal:

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the competent regulatory authority for you, the respective regional office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of any doubt, we may request additional information to confirm your identity.

Changes to this Privacy Policy

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure that you have the latest version. If substantial changes are made to this privacy statement, we will post them on our website.

All interested parties and visitors to our website can contact us with questions about privacy at:

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg