CompuGroup Medical
Synchronizing Healthcare

We promote dialog in the healthcare sector and ensure that costs are saved in a meaningful way. Everyone should benefit from medical progress with the help of IT.

Investor Relations

Data Protection Statement CGM Customer Portal

We, CompuGroup Medical SE & Co. KGaA (hereinafter CGM), are happy to welcome you to our customer portal. The protection of your personal data is of major concern to us and we would like you to feel secure when using our services. In the following, we will explain which information is collected and processed during your visit of the customer portal and for which purpose it is used.

Scope of Application

This data protection statement applies to the CGM customer portal.

Personal Data

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an address and phone number. Information that is not directly related to your real identity - such as preferred websites or number of users of a page - is not personal data.

Collection and Processing of Personal Data

When visiting our customer portal and sending us a support inquiry (a "ticket"), the following data are processed and stored on our servers in Germany.

Stored temporarily in the portal for the duration of the session (automatic logout after 30 minutes):

• Session ID
• IP -address
• Timestamp at login

Permanent stored in our customer portal:

• SAP ID customer
• SAP ID contact person
• Timestamp of last login
• User name
• Password (encrypted)
• Security question
• Answer to the security question

Read from customer portal

• Current timestamp

Temporarily used from SAP system:

• Name of the contact person
• Name of the customer
• E-Mail of the contact person
• Creator of the SAP tickets
• Texts of the SAP tickets

Sent to SAP System

(Your data entries and choices):

• Title of the ticket'
• Description of the ticket
• Kategorization of the ticket
• Priority of the ticket
• External reference of the ticket
• E-Mail distribution list related to the ticket
• Attached documents/files
• Additional texts/answers to the ticket

Use and Transfer of Personal Data

The personal data provided by you is used exclusively for the purpose of capturing your support inquiry in SAP and responding to it according to our contractual obligations.

The data is stored in SAP CRM until your issue has been resolved (the ticket has been closed) plus the time corresponding to the contractual warranty time (5 years). Storage time may be extended if required by law.

Your personal data will not be transferred to third parties unless required for the purpose of the contractual agreement or based on your explicit consent.

Use of Cookies or Software for User Tracking

The Customer portal does make use of cookies or software to capture and analyze user behaviour.


CGM takes all necessary technical and organizational security measures to protect your personal data from loss or abuse. Your data is stored in a secure operating environment inaccessible for the public. Your personal data is encrypted by state-of-the-art technology during transmission. This means that communication between your computer and the CGM servers takes place by ways of an established encryption technique if supported by your browser.

Your Rights

You have the right to information and access to stored personal data as well as the right to rectification, to erasure, to restriction of processing, to data portability and the right to object to the processing of your personal data.

If you give consent to CGM, you have the right to withdraw it at any time with effect for the future. We undertake to delete all data collected about you. In doing so, however, we are legally obliged to observe possible commercial and fiscal retention periods which can prevent immediate deletion of this data. If these reasons should affect the deletion, we will inform you.

In addition, you have the right to lodge a complaint with the responsible supervisory authority if you believe that we are not processing your personal data properly.

Amendments to this Data Protection Statement

Please note that this Data Protection Statement may be amended and changed from time to time. Each version of this Data Protection Statement is to be identified by its date and version at the end of this document. We also archive all previous versions of this Data Protection Statement for your access on demand.

Data Protection Officer for CGM SE & Co. KGaA

Hans Josef Gerlitz
CompuGroup Medical SE & Co. KGaA
Maria Trost 21
D-56070 Koblenz

Responsible Supervisory Authority

The responsible supervisory authority for CGM SE & Co. KGaA is The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz

Version: 1.1
Date: January 26, 2021