Data Protection


1stQ Deutschland GmbH
Konrad-Zuse-Ring 23
68163 Mannheim/Germany

Phone+49 621 71763 - 30
Fax+49 621 71763 - 33

Data Protection Officer

Dr. Thomas H. Lenhard
Sachverständigenbüro für IT und Datenschutz

Data Protection Statement

Pursuant to Section 4 subsection 1 GDPR (General Data Protection Regulation), the following data protection statement provides information on personal data being processed, via, by 1stQ Deutschland GmbH, Konrad-Zuse-Ring 23, 68163 Mannheim / Germany (abbreviated: 1stQ), in charge of legal data protection affairs as per Section 4 subsection 7 GDPR, as well as on the objectives and legal bases for conducting this data processing activity as per Section 4 subsection 2 GDPR. By the same token, 1stQ, through this statement, is meeting its information obligations in terms of data protection law, which the responsible entity must render when acquiring data from a data subject, as per Sections 12, 13 GDPR. In this case, the term “data subject” refers to a visitor to the website, as well as interested parties, potential buyers or other persons, using this web portal to establish contact or to request information.


Linked Addresses

If and when the visitor leaves the responsibility scope of the website via linked websites or web contents, the company cannot be held responsible for the contents of such linked websites. The relevant responsibilities are usually outlined in the respective legal information section of a website. During redirection to or linking with third-party suppliers, the technical implementation of the website presentation may possibly lie outside the responsibility scope of 1stQ. We expressly provide an indication that third-party suppliers may possibly use so-called trackers, beacons or cookies to determine the surfing behaviour of website visitors. In this respect we would refer to the data protection statement of the respective website maintainer. Besides, explicit reference is made to the so-called Facebook verdict of the Schleswig-Holstein Administrative Court in Germany (Docket Numbers 8 A 37/12, 8 A 14/12, 8 A 218/11). As far as websites of third-party suppliers are concerned, 1stQ has no influence on how linked or integrated pages are arranged and which data are being collected there. Furthermore, 1stQ has no access to data gathered by means of cookies, trackers, beacons or other methods. When visiting the website, no scripts whatsoever are being established that would transmit data to Facebook or other platforms, for instance. Only at the moment the user clicks actively on the Facebook icon, the respective URL will be activated. Hence, Facebook is only linked with the website by means of a URL. There is no further kind of integration (scripts etc.) on the website.


Information as to Section 13 GDPR

Identity of the responsible entity:

1stQ, in the capacity of responsible entity as per Section 4 Subsection 7 GDPR, accounts for data collection through and is represented by the Managing Directors Rüdiger Dworschak and László Kontur, with address at Konrad-Zuse-Ring 23, 68163 Mannheim, Germany.

Data Protection Officer:

The data protection officer of 1stQ, Dr. Thomas H. Lenhard, can be accessed under: 1stQ Deutschland GmbH, Data Protection Officer, Konrad-Zuse-Ring 23, 68163 Mannheim / Germany, e-mail:

Categories of personal data potentially processed:

  • Data of site visitors, IP addresses, equipment and domain data of site visitors and purchasers, date and time of a request, time zone difference relative to Greenwich Mean Time (GMT), contents of the request (actual page), access status / HTTP status code, data volume transferred each time, website from which the demand originates, browser, operating system and its surface, language and browser software version, path of the requested resource, information on success, redirection and error status respectively, of the request.
  • Communication data, such as e-mail addresses, telephone numbers, fax number and other type of information required to address contacts obtained via modern communication techniques, in particular those referring to customers, interested parties and persons that are sending us enquiries via contact forms.
  • Contact and address data, such as form of addressing the person, title, first name and last name concerning the buyer of products, name of office or company, street, house number, postal code, city, additional address details, bank contact data, IBAN and BIC (SWIFT) references, account number, bank code number, name of bank.
  • Persistent cookies, i.e. such cookies, which are stored on the visitor’s computer over a pre-defined time period of the visit to our website (in particular, tracking cookies, like Google Analytics and others)
  • Session Cookies, i.e. such cookies, which are deleted when closing the session or after a longer period of inactivity or by shutting down the browser
  • Login and user data
  • Statistical data


Processing Objectives

Collection and processing of personal data by 1stQ pursue the following objectives:

  • Offers on products, including requests for specific quotations and product orders
  • Operation and optimisation of the Internet presence
  • Compliance with legal obligations concerning information, communication, disclosure and preservation of records
  • Conveying information concerning services or products from the responsible entity and/or from third parties
  • Customer communication, order processing
  • Search for new customers
  • Analysis of coverage
  • Presentations on companies, services or products
  • Publicity on companies, services and products
  • Publicity addressing potential customers for our services


Information on Data Provenance

Personal data are collected from the data subject (website user, our business customers, interested people)

Legal bases of data processing:

Legal bases to be considered for data processing: Existence of an assent as per
Section 6 I lit a) GDPR, if and when such an assent exists, the data subject has the right of revocation at any time, with no effect on the legality of the data processing conducted and based on the assent, prior to the moment of revocation.
Section 6 I lit. b) GDPR and/or Section 6 I lit c) GDPR
Section 6 I lit. f) GDPR, as long it concerns pursuing publicity objectives of the responsible entity, in particular within the scope of direct marketing via such advertising means as postal services, telephone, fax and e-mail. Likewise, as long as corporate communication, corporate presentation and/or product presentation objectives are concerned, or as long as the issue is identity verification or enforcement of contractual performance claims.

Criteria for Storage Period: 

Personal data are processed until the data collection objective or the subsequent processing objective has been fully achieved. Once the objective has been achieved completely, the data will be deleted. Furthermore, the responsible entity disposes of a concept for control and deletion ensuring regular verification of deletion duties.

  • Data from visitors, if ever stored at 1stQ, are being stored for a maximum period of 14 days following the visit to the 1stQ domain. However, so-called server and connection data are usually gathered and stored with the website provider.
  • Session cookies are deleted when closing the session or after a longer period of inactivity or by shutting down the browser.
  • Persistent cookies have a pre-defined validity, of which you will be advised precisely within the scope of cookie information when visiting our website. We would like to point out that you have additional options enabling you to delete stored cookies from your system manually or by means of respective software.
  • Contact data are deleted once all objectives have ceased to apply, upon which the storage or processing was based.

Recipients of Personal Data:

  • Data processors, such as technical service providers, suppliers of tracking technology, etc.
  • Staff members with office duties and field staff


Information on the obligation of the data subject for making data available

Legal requirements imply that personal data must be provided to a certain degree (as per tax law and the guidelines to fight money laundering, for instance). In addition, you may be committed to making those personal data available that are required to substantiate, to perform and to terminate contractual relationships with us and to meet contractual obligations. Without these data, we would not be in a regular position to perform contracts with you nor to comply with our legal obligations. In the interest of utmost legal transparency in terms of data protection, we are making visitors aware, separately in singular instances and prior to the actual situation of data acquisition, that they may potentially be obliged to provide information.

Your rights as data subject in terms of data processing:

You are entitled to resort to the following rights vis-à-vis our company, as per Sections 15 through 22 GDPR:

  • Right to disclosure, correction, deletion, restriction of processing and transferability of data.
  • Right of objection against processing, substantiated by legitimate interest of the responsible entity or a third party as per Section 6 I lit. f. GDPR.

Right of appeal to a regulatory or controlling authority:

  • As per Section 77 GDPR, you have the right to complain to a regulatory or controlling authority if and when you feel that the processing of your personal data is not done in a due manner. Here is the address of the appropriate regional authority for our company:

Commissioner of the Federal State of Baden-Württemberg for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart / Germany
Phone: 0049 711 615541-0
Fax: 0049 0711 615541-15


Additional references and information with regard to data protection

Use of Cookies

A cookie is a small file that is stored on the computer of a website visitor at the moment the website is loaded. The next time the visitor is loading this website again, the cookie will indicate that it is a repeat visit. We install cookies on the hard disc of your computer via your web browser, enabling us to upload the cookie information while you are visiting our websites and thereafter for a period of one year. Our cookies are protected against upload attempts from third parties by means of the safety standards of your browser. Essentially, cookies serve the purpose to make the use of our website offering as comfortable as possible for you. However, should you ever wish to deactivate the cookies, you may look into the help function of your bowser menu to get information on how to adjust the settings of your computer to avoid the storage of new cookies. Moreover, you will find additional information there with regard to further cookie-related settings, plus warning and help functions on how to delete existing cookies, respectively. We would advise you to leave all cookie function fully activated to warrant a trouble-free use of our websites. In case you would not like cookies to be stored on your terminal for measuring the scope of reach, you may as well object to the use of these files via the following websites, i.a.:

Moreover, when visiting the website for the first time, you are being asked which type of cookies you would accept. Unless you generally suppress cookies altogether (see above), the respective settings are stored in an appropriate cookie, so as to make these settings available again on the occasion of your next visit to the website. You may alter theses settings through the website at any time, by making use of the functions in the last paragraph of the data protection statement (Integration of Cookie Information). Of course, you may also disagree with the use of cookies at any time. The functions as to the handling of cookies are integrated into the website as an external service. As regards the server data required here, reference is made to the respective section. The integrated functions are offered by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. You will find the data protection statement of that company under

Utilisation of Google Maps

On our website we are utilising the Google Maps component of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, in the following referred to as „Google“.

At the moment of every single activation of the Google Maps component, Google is placing a cookie in order to process user settings and data when the page with the integrated Google Maps component is disclosed. Usually, this cookie is not deleted by the browser shutdown, but runs off after a distinct time span pre-set, unless manually deleted by you beforehand. If and when you do not agree with this kind of processing of your data, there would be an option to deactivate the Google Maps service and to impede the data transfer to Google by this means. Therefore, you would need to deactivate the Java-Script function of your browser. However, we are advising you that in this case the use of Google Maps would be limited or totally impossible. The use of Google Maps and of information obtained via Google Maps is subject to the Google terms of use, as per plus the additional business terms for Google Maps, as per

Utilisation of Google Webfonts

This page utilises so-called webfonts, which are made available by Google to present character fonts in a consistently uniform way. At the moment of activating a page, your browser loads the required webfonts into your browser cache, so as to present text portions and font types correctly. Should your browser not support web fonts, your computer will utilise a default font. Further information on Google Webfonts is available under and in the Google data protection statement of:

Utilisation of Google Analytics utilises Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses so-called „cookies“, which are text files stored on the computers of the users, facilitating a website usage analysis. The information on the users’ website usage, generated by the cookie, is usually transmitted to a Google server in the U.S. and stored there. On this website, the IP anonymisation has been activated, with the result that the IP address of Google users is being shortened beforehand, as regards Google users within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. to be shortened there. On behalf of the operator of this website, Google will use this information to evaluate the users’ website usage, to compile reports on the website activities and to render additional services towards the website operator concerning the website and Internet use. The IP address transmitted from your browser within the scope of Google Analytics is not being consolidated with other data from Google. You may impede the storage of the cookies through a respective setting of your browser software; however, this option advises the users that possibly not all of the functions of this website may be used to the full extent in this case. Moreover, by downloading and installing the browser plug-in available under the following link, the users may impede that data generated by the cookie and related to your website usage (including your IP address) are collected and processed by Google. Here is the actual link: (Source:


Implemented Calculators

The website disposes of four implemented calculators for IOL calculation. This concerns the following modules:

  • CylinderCalculator
  • Axis Repositioning Tool
  • AddOn® Calculator
  •  IOL Calculator

As regards the AddOn® Calculator and the CylinderCalculator, cost estimates may be requested or orders may be executed. For that matter, the following personal data are being collected at first:

  • Pseudonymised patient ID (required for assignment with the orderer)
  • First name and last name of the examiner
  • First name and last name of the surgeon’s institution

The data are solely used for the purposes indicated in your transmission to 1stQ. The data are deleted once the processing objectives have ceased to apply and the legal retention time has passed. Insofar as you do not wish to transmit the data to 1stQ via the respective website, you would have the option to send your order to 1stQ by fax or ordinary mail as a paper printout, including the data calculated. No login is required for using the module, requesting a cost estimate or placing an order. Correspondingly, no personal data are stored in conjunction with the website. Instead, they are released by the user and rather transmitted to 1stQ by e-mail, via a secure and encoded connection meeting the latest technological standard, for further handling and processing. In the event that the order or request for cost estimate are forwarded by ordinary mail or fax, additional data are required to conclude a respective action. Appropriate information is being provided down below in section Ordering Products and Services.

Apart from the usual server data (see section Server Data) that are necessary for proper functioning of websites and integrated modules, no further individual-related data are collected when using the Axis Repositioning Tool module.

The following additional calculator is only available on the English-language page: IOL Calculator

This calculator offers a login option. However, the user may not just apply for himself or herself. User accounts for ordering via the IOL Calculator module are established upon request from interested parties. In the event that you dispose of a respective user account, but would not like to use it any longer or wish to object to the use of your data within the scope of the IOL calculator for other reasons, your login will be deleted. Legal retention periods remain unaffected with regard to any effective use of the module thus far. Apart from user account and password, no other personal data are being recorded for establishing a login to the IOL calculator. Orders, requests for cost estimates or any other kind of communication cannot be forwarded via the IOL calculator module, as this only provides functions for calculations. As far as server data in all integrated calculation modules (calculators) are concerned, explicit reference is made to the server data section.

Ordering Products and Services

In principal, the internet portal may be used without registration and identification, that is to say: anonymously. To this effect, part of the IP address is altered in such a way that you as individual cannot be identified, unless you decide explicitly to purchase a product offered via the web portal or to request a cost estimate, while actively agreeing to the storage of your data.

Your purchase of products from our company with its associated ordering procedure or the request for a cost estimate require the processing of personal data from you to conclude the business processes involved (booking, invoicing, performance accounting). An order for intraocular lenses may be placed via the AddOn Calculator module, as well as via the CylinderCalculator module. In this case we are recording the following data as kind of mandatory information:

  • Invoice address – First name
  • Invoice address – Last name
  • Invoice address - Street
  • Invoice address – Postal code
  • Invoice address - City
  • Examiner’s telephone number
  • Examiner’s e-mail address

Furthermore, IP address and time stamp of order/enquiry are stored, enabling us to repel misuse of functions and to verify the authenticity of orders.

Besides these mandatory statements there is an option for additional indication of structured data. You may provide these indications on a voluntary basis. They are referring to:

  • Customer number
  • Invoice address – Telephone number
  • Delivery address – First name
  • Delivery address – Last name
  • Delivery address – Street
  • Delivery address – Postal code
  • Delivery address – City
  • Delivery address – Telephone
  • Patient – Date of birth (for internal verification of the pseudonymised patient ID with the orderer)

The use of this online ordering function is only available for customers already registered, making an extensive procedure for data verification unnecessary in this instance, in particular with regard to e-mail addresses. Besides, new customers cannot get registered via the respective platform for usage by means of a login. If and when no approval is given as to terms of use, SBT (Standard Business Terms) or data protection statement, the desired action may not be undertaken via the website. In this case you would have the option to send the order or the request for a cost estimate to 1stQ by fax or ordinary mail as a paper printout. Any data entered are not stored within the scope of the website. Instead, they are transmitted to 1stQ by e-mail, via a secure and encoded connection meeting the latest technological standard, for further handling and processing.


Enquiries via a Contact Form

On our website we are offering the option for users to establish contact with us by means of a contact form to be filled. Insofar as you wish to make use of this option, we will record the following structured data as kind of mandatory information:

  • E-mail address
  • Your message to us

The mandatory information recorded via the contact form is solely used for the purpose of establishing contact with the enquirer and replying to specific enquiries.

Besides this mandatory information there is an option for additional indication of structured data. You may provide these indications on a voluntary basis. They are referring to:

  • Name


Server Data (Website is hosted with the provider)

Additional information is stored on the application server via the retrieved resources. This storage step includes software-technical debug logs, as and when respective errors occur. However, no references to the incoming requests are being stored with this storage step. Hence, this concerns anonymised data that are solely collected for the purpose of error detection and analysis. For technical reasons, these data are usually stored with the operator of the web server used, so as to establish the communication, to detect errors and to optimise both the presentation and the transmission speed.

Generally, the log files are statistically evaluated there, yet only for detection of attacks and activation of respective defence measures. Neither do they make any further analysis there, nor do they generate or compile any user profiles. The website is kept available at the provider netEstate GmbH, Geisenhausener Straße 11a, 81379 München / Germany. In this regard, reference is made to the provider’s information on data protection. There is no further use of the log files / server data. In particular, there is no generation of user profiles. 1stQ has no access to so-called server data recorded with the provider.