Privacy Policy
Version 2025-08-15
Our company values the protection of personal data and respects your desire for privacy. Below, we provide information about the collection of personal data when you use our website. If you have any further questions about how we handle your personal data, please contact our data protection officer.
1. Responsible
The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:
Mesa Germany GmbH
Auf der Lind 10
65529 Waldems
Germany
2. Contact details of the data protection officer
You can contact our data protection officer at datenschutz@gke.eu or at our postal address with the addition "Data Protection Officer."
3. Legal basis for our data processing
The processing of personal data can be based on various legal grounds. If we need your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for a specific data processing operation, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing operations on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Insofar as processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 lit. c GDPR.
Below, we explain how we process personal data via our website.
3.1 Data processing when you visit the website
When you use the website for informational purposes only, i.e. if you do not contact us via the online form or otherwise provide us with information, we collect the following technical information (log file data):
- Operating system of the device you use to visit our website
- Browser (type, version, and language settings)
- The amount of data retrieved
- The current IP address of the device you use to visit our website
- Date and time of access
- The URL of the website you visited before (referrer)
- The URL of the (sub)page you are accessing on the website
- the Internet service provider of the accessing system
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our service provider) are generally not aware of who is behind an IP address. We do not combine the above data with other data. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and storage in log files is essential for the operation of the website and to protect against misuse, our legitimate interest in data processing outweighs this at this point.
3.2 Contact via email or contact form
When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis for this is Art. 6 (1) (1) (f) GDPR. If we request information via our contact form that is not required for establishing contact, we always mark this as optional. This information helps us to specify your request and improve the processing of your concern. The provision of this information is expressly voluntary and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as this involves information about communication channels (e.g., email address, telephone number), you also consent to us contacting you via this communication channel to respond to your request. You can, of course, revoke this consent at any time with future effect.
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected, your request has been processed in full, and no further communication with you is necessary or desired by you.
4. Newsletter
You can subscribe to newsletters on our website, which we use to inform you about the latest news, offers, and discounts. The legal basis for sending the respective newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with § 7 para. 2 no. 3 UWG (German national law) or the legal permission in accordance with § 7 para. 3 UWG.
We use the double opt-in procedure to register you for our newsletters. This means that after you register, we will send an email to the email address you provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after 3 days.
The information received will be used to address you personally. After your confirmation, we will store your email address for the purpose of sending you the newsletter and until you revoke your consent. We also store your IP address current at the time of registration at , the time of registration, and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in proving that consent was previously given, see also Art. 7 (1) GDPR.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email.
5. Applications
You can apply via our application portal at https://gke-healthcare.com/careers or by email to our company. Please note that emails sent without encryption are not transmitted in a secure manner.
Your information will be used to process your application and decide whether to establish an employment relationship. The legal basis for this is Section 26 (1) in conjunction with Section 8 (2) of the German Federal Data Protection Act (BDSG). Furthermore, your personal data may be processed to the extent necessary to defend against legal claims asserted against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. The legitimate interest in processing also lies in the purposes stated.
If an employment relationship is established between you and us, we may, in accordance with Section 26 (1) BDSG, further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation arising from a law or a collective agreement, a works agreement or service agreement (collective agreement).
Your application data will not be processed beyond the scope described above.
Your personal data will be deleted after completion of the application process at the latest after 6 months, unless there are other legitimate interests on our part that prevent deletion or you have given us your consent for longer storage. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act -AGG (German national Law).
6. Use of cookies
Cookies are data that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies transmit information to the entity that uses the cookie. Cookies can store various types of information, such as your language settings, the duration of your visit to our website, or the entries you have made there. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.
6.1 Transient cookies
These cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
6.2 Persistent cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in your browser's security settings.
7. Google Tag Manager
For reasons of transparency, we would like to point out that we use Google Tag Manager. This is a tag management system for managing JavaScript and HTML tags that is used to implement tracking and analysis tools. It is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible party in the EU/EEA is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Google Tag Manager itself does not collect any personal data. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. If you have opted out, this opt-out will be respected by Google Tag Manager.
The recipients of the data are:
Google Ireland Limited, EU,
Google LLC, USA,
Alphabet Inc., USA.
The European Commission adopted its adequacy decision for the USA on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
The legal basis for this data processing is your consent. You have the option to revoke your consent with future effect by changing your settings. The lawfulness of the data processing until revocation remains unaffected.
For further information on Google Tag Manager, please visit:
https://www.google.com/intl/de/tagmanager/use-policy.html
8. JQuery CDN
Our website uses the JavaScript library jQuery, which is provided via a content delivery network (CDN). Specifically, jQuery is loaded from the jQuery Foundation via Google's or Microsoft's CDN. jQuery is used to optimize the loading speed and user-friendliness of our website.
When you visit a page on our website that uses jQuery, the JavaScript library is loaded from an external server (e.g., Google or Microsoft). Your IP address is transmitted to the provider's server. It is possible that the CDN provider may use this data for analysis purposes.
The use of jQuery via a CDN is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TDDDG in order to ensure the technical functionality and performance of our website.
Please note that when using jQuery via a CDN, data may be transferred to servers in third countries (e.g., the US). These countries may not have a level of data protection comparable to that in the EU. We have taken appropriate measures with the providers to ensure an adequate level of data protection (e.g., by concluding standard contractual clauses).
If you do not want your data to be processed through the use of jQuery via a CDN, you can disable JavaScript in your browser. However, this may limit the functionality of our website.
9. Google Fonts
To ensure that fonts are displayed uniformly on our website, we use web fonts from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you visit our website, the necessary data is loaded into your browser cache to display text and fonts correctly. This requires a connection to Google's servers and may result in the transfer of personal data, in particular your IP address, to Google LLC's servers in the USA. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Web Fonts or prevents access, a standard font will be used by your computer.
The European Commission adopted its adequacy decision for the USA on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/
Data collection and storage only takes place with your express consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time with future effect.
8. Hubspot
This website uses a tool from HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA, for online marketing activities.
This is an integrated software solution that covers various aspects of online marketing. These include email marketing, social media publishing & reporting, contact management, landing pages, contact forms, and web analytics. Cookies are also stored on the device you are using.
This information, as well as the content of our website, is stored on servers belonging to our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing activities.
The data collected when using the registration service is transferred to the US and evaluated there. HubSpot Inc. is certified under the Data Privacy Framework (DPF) program and is listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that HubSpot Inc. has publicly committed to complying with the DPF obligations and that any data transfer to the US is safe based on the current adequacy decision of the European Commission dated July 10, 2023.
A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search
Since a transfer to servers in other third countries cannot be completely ruled out without an adequacy decision, we have also concluded the EU standard contractual clauses with the provider.
Data collection and storage only takes place with your express consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. This consent can be revoked at any time with future effect.
You can unsubscribe from emails sent by HubSpot via a link in the respective email.
Further information from HubSpot regarding EU data protection regulations can be found at: https://legal.hubspot.com/data-privacy.
9. LinkedIn Ads
If you have given your consent, we use the online marketing tool LinkedIn Ads. The responsible service provider in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
For this purpose, we use LinkedIn Campaign Manager to define target groups of users based on certain characteristics, who will then see advertisements within the LinkedIn network. Users are selected by LinkedIn based on the profile information they provide and other data provided when using LinkedIn. If a user clicks on an advertisement and is then redirected to our website, LinkedIn receives information via the conversion tag integrated into our website that the user has clicked on the advertising banner.
The LinkedIn tag thus enables the collection of visited websites, including the URL, referrer ID, IP address, device and browser characteristics, and timestamp. IP addresses are shortened by LinkedIn or (in the case of cross-device use) hashed.
With the help of the LinkedIn pixel, we can display personalized ads outside of our website without identifying individual members. Data that does not identify you is also used to improve ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link for adjusting advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
We process this data to evaluate our advertising campaigns.
Further information about the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your settings options for protecting your privacy, can also be found in LinkedIn's privacy policy.
Further information on LinkedIn conversion tracking can be found at: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started
Further information on data processing and storage duration can be found at https://www.linkedin.com/help/linkedin/answer/65521?lang=de.
The legal basis for this data processing is your consent, Art. 6 (1) lit. a) GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time with future effect by opening the privacy settings below ("Change Cookie Preferences") and making the appropriate changes there.
Change Cookie Preferences
10. Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. If you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website at and deleting the corresponding cookies from Vimeo.
In addition, Vimeo calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo's own tracking system, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers.
The legal basis for data processing is your consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. If you have not consented to the processing of your data by Vimeo within the consent management system, the videos embedded on our site will not be played immediately. You can also give your consent directly to the video at a later date by taking action beforehand.
Further information on data processing and information on data protection by Vimeo can be found at vimeo.com/privacy.
11. Google Analytics
If you have given your consent, we use Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the US and stored there.
We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.
We use the "anonymizeIP" function (known as IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, the following data is collected, among other things:
- the pages you visit, your "click path,"
- achievement of "website goals" (conversions, e.g., newsletter registrations, downloads),
- your user behavior (e.g., clicks, length of stay, bounce rates),
- your approximate location (region),
- your IP address (in abbreviated form),
- technical information about your browser and the devices you use (e.g., language settings, screen resolution),
- Your internet service provider, and
- the referrer URL (the website/advertising medium through which you came to this website).
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the data processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities may access the data stored by Google.
The data we send and link to cookies is automatically deleted after [insert time period]. Data that has reached its retention period is automatically deleted once a month.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by not giving your consent to the setting of cookies or downloading and installing the browser add-on to disable Google Analytics.
You can also prevent the storage of cookies by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites.
For more information about Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de
The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG. You can revoke your consent at any time with future effect by opening the data protection settings here (add link Change Cookie Preferences) and adjusting the slider accordingly.
12. Mouseflow Analytics
Our website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow records randomly selected individual visits (only with anonymized IP addresses). This creates a log of mouse movements, clicks, and interactions to improve the user experience on our website.
The data is processed exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time via the cookie settings on our website.
Mouseflow may collect information such as mouse movements, clicks, scrolling behavior, and data entered (if voluntarily entered, e.g., in forms). This data is used to analyze and improve the usability of our website at . The IP address is anonymized before storage so that no conclusions can be drawn about your identity.
You can disable the collection of your data by Mouseflow at any time by adjusting the cookie settings on our website or using the Mouseflow opt-out link: https://mouseflow.de/opt-out/.
Mouseflow processes data within the EU and complies with applicable data protection regulations. For more information about data processing by Mouseflow, please refer to their privacy policy: https://mouseflow.com/legal/privacy-policy/.
13. Data transfer
Your data will not be transferred to third parties except in the cases mentioned above, unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have expressly consented to the transfer of your data in advance.
External service providers and partner companies, such as online payment providers or the shipping company responsible for delivery, will only receive your data to the extent necessary to process your order. In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection information of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with legal requirements within the scope of what is reasonable.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In such cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient's premises before your personal data is transferred.
14. Data security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
15. Your rights
You have the following rights vis-à-vis us with regard to your personal data. To exercise your rights, please contact us by email at datenschutz@gke.eu or by post at
The Data Protection Officer
Mesa Germany GmbH
Auf der Lind 10
65529 Waldems
Germany
15.1 General rights
We will be happy to provide you with information on whether personal data relating to you is being processed; if this is the case, you have a right to information about this personal data and to the information specified in detail in Art. 15 GDPR. In addition, under the respective legal requirements, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR), and the right to data portability (Art. 20 GDPR).
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
15.2 Rights in data processing based on legitimate interest
Pursuant to Art. 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) or on Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to safeguard a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.