LocationsAbout usCareersPractice Sale
Book an appointment

Privacy Policy www.patient21.com

and at the same time informing those affected in accordance with Article 13 and Article 14 GDPR

I. General, Responsible, Data Protection Officer

Note on the responsible body

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Patient 21 SE

Joachimsthaler Str. 20 | D-10719 Berlin

Telephone: +49 (0)30 8379 7755

Email: info(a)patient21.com

Data Protection Officer

We have appointed a data protection officer for our company. This can be contacted at:

DataCo GmbH

Dachauer Strasse 65

80335 Munich

Telephone number: +49 (0) 89 7400 45840

E-mail address: datenschutz@dataguard.de

Website:www.dataguard.de

Scope of processing of personal data

In principle, data relating to health is very sensitive data. For this reason, data protection is particularly important to us.

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Note on data transfer to the USA

Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to release personal data to security authorities without you as the person concerned being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities. We have valid, suitable guarantees with the service providers for transmission to these third countries in accordance with Art. 46 Para. 2 GDPR completed. If you have any further questions, please do not hesitate to contact our data protection officer.

II. Use of our services and offers

Provision of the website, CDN and creation of log files

Informational use / description and scope of data processing

In order to use our website for informational purposes only, it is generally not necessary for you to provide personal data. Rather, in this case we only collect and use those of your data that your Internet browser automatically transmits to us, such as:

  • Date and time of retrieval of one of our Internet pages
  • your browser type
  • the browser settings
  • the operating system used
  • the page you last visited
  • the amount of data transferred and the access status (file transferred, file not found, etc.)
  • your IP address.

Description and scope of data processing

During an informational visit, we collect and use this data exclusively in non-personal form. This is done in order to enable the use of the websites you have accessed at all, for statistical purposes and to improve our website. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) (f) GDPR.

purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the IP address of the user must remain stored for the duration of the session.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after fourteen days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling user. Access to the log data is only possible directly and exclusively for administrators.

Possibility of objection and elimination

The collection of the data for the provision of the services and the storage of the data in log files is absolutely necessary for the operation of the services offered. The user can object to this. Whether the objection is successful must be determined within the framework of a weighing of interests.

Further information

For the use of our offer and other services, it may be necessary to provide personal data. See the Use of Offerings section for more information on how to use these Services.

hosting the site

This website is hosted by an external service provider (hoster).

Our service provider is:

Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA

The personal data collected on this website is stored on the host's servers. This can primarily be IP addresses, contact requests, meta and communication data, contact details, names, website access and other data generated via a website.

This data is not merged with other data sources. This data is collected on the basis of Article 6 (1) (f) GDPR. Our legitimate interest in processing this data is to display our website correctly and to optimize its functions.

Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

The location of the server of the website is geographically in the USA.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

When accessing our website, the user is informed about the use of cookies by a consent banner and their consent to the processing of the personal data used in this context is obtained and documented in accordance with data protection regulations. In this context, there is also a reference to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

We use cookies on our website that are not technically necessary. Technically unnecessary cookies are text files that not only serve the functionality of the website, but also collect other data.

By setting technically unnecessary cookies, the following data is processed:

• IP address

• location of Internet users

• Date and time the website was accessed

• Adaptation of advertisements to the user

• Tracking of surfing behavior

• Linking the website visit to otherssocial media platforms

You can determine whether cookies can be set and called up by changing the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, limit it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback. For the full range of functions of our website, however, it is necessary for technical reasons to allow the above-mentioned cookies.

Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Internet explorer:https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox:https://support.mozilla.org/de/kb/cookies-allow-and-reject

Chrome:https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari:https://support.apple.com/en-us/guide/safari/sfri11471/mac

Opera:https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if cookies are not accepted, the functionality of our website may be restricted.

Legal basis for data processing

The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) apply to the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your end device is based on § 25 Para. 2 No. 2 TTDSG. This storage of and access to the information on your end device serves to make it easier for you to use our website and to be able to offer you our services as you have requested them. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the end of the session (e.g. logging out or closing the browser) or after a specified period of time has elapsed. Information about deviating storage periods for cookies can be found in the following sections of this data protection declaration.

If cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for storing and accessing information is Section 25 (1) TTDSG in conjunction with Article 6 (1) (a), Article 7 GDPR. You can revoke your consent at any time with effect for the future or give it back later by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make only apply to the browser you are using. If personal data is processed subsequent to the storage of and access to the information on your terminal equipment, the provisions of the GDPR apply. Information on this can be found in the following sections of this data protection declaration.

purpose of data processing

If technically necessary cookies are used:

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. We need cookies for the following applications: Saving the settings of the cookie notice banner (consent tool) and optimizing the functionality and design of our website.

The user data collected by technically necessary cookies are not used to create user profiles.

Cookies that are not technically necessary are used for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus continuously optimize our offer. In particular, we use these cookies for the following purposes:

• Objective measurement of user numbers

• Analysis of user data

Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

You will be informed about the exact storage period in the notes in our consent tool. If consent has also been given there, you can object there.

Cookie Consent with the “Cookie Consent Tool”

Our website uses cookie consent technology to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations.

Description and scope of data processing

When you enter our website, your consent and other explanations for the use of cookies are obtained via our consent tool. The consent tool then stores a cookie in your browser in order to be able to allocate the consent given or its revocation to you.

Legal basis for data processing

The "Cookie Consent Tool" is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 Paragraph 1 Clause 1 Letter c GDPR.

purpose of data processing

The purpose of providing the "Cookie Consent Tool" is to fulfill overriding legal provisions and to inform users of the context in which cookies are used on this website.

Possibility of objection and elimination

The data collected by the consent tool remains stored until you delete the consent cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.

plugins and tools

Google Tag Manager

1. Scope of processing of personal data

We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). With the Google Tag Manager, tags from Google and third-party services can be managed and bundled and embedded on an online presence. Tags are small pieces of code on an online presence that are used, among other things, to measure visitor numbers and behavior, understand the impact of online advertising and social channels, use remarketing and targeting, and test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains instructions on which tags to fire. Google Tag Manager triggers other tags, which in turn may collect data. Information on this can be found in the passages on the use of the corresponding services in this data protection declaration. Google Tag Manager does not access this data.

You can find more information about the Google Tag Manager at https://www.google.com/intl/de/tagmanager/faq.html and in Google's data protection declaration: https://policies.google.com/privacy?hl=de

2. Purpose of data processing

The purpose of the processing of personal data lies in the collected and clear management and efficient integration of third-party services.

3. Legal basis for processing personal data

The legal basis for the processing of the user's personal data is the user's consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law. Advertising data in server logs is made anonymous by Google deleting parts of the IP address and cookie information after 9 or 18 months.

5. Possibility of revocation and elimination

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or install a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the online presence (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:

https://tools.google.com/dlpage/gaoptout?hl=de

With the following link you can deactivate the use of your personal data by Google:

https://adssettings.google.de

You can find more information on objection and removal options to Google at:

https://policies.google.com/privacy?gl=DE&hl=de

Google Analytics

1. Scope of processing of personal data

We use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google ). Google Analytics examines, among other things, the origin of the visitors, the length of time they stay on individual pages and the use of search engines and thus allows better monitoring of the success of advertising campaigns. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system),

We use Google Analytics (Universal Analytics) to evaluate your use of our online presence, to compile reports on your activities and to use other Google services related to the use of our online presence and internet usage.

We have requested the anonymization of IP addresses, whereby Google shortens your IP address as soon as technically possible. However, it cannot be ruled out that your data will be transmitted to the servers of Google LLC based in the USA.

On behalf of the operator of this online presence, Google will use this information to evaluate your use of the online presence, to compile reports on the activities of the online presence and to provide other services related to the use of the online presence and internet usage to the operator of the online presence.

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of data processing

The use of Google Analytics (Universal Analytics) enables us to evaluate the use of our online presence and to target advertising to people who have already expressed an initial interest by visiting the site.

3. Legal basis for processing personal data

The legal basis for the processing of the user's personal data is the user's consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or until you exercise your right of withdrawal.

5. Opt-out

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or install a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the online presence (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:

https://tools.google.com/dlpage/gaoptout?hl=de

With the following link you can deactivate the use of your personal data by Google:

https://adssettings.google.de

You can find more information on objection and removal options to Google at:

https://policies.google.com/privacy?gl=DE&hl=de

6. Danger Notice

Your personal data will also be transmitted to the USA. For the USA there is no adequacy decision according to Art. 45 Para. 3 DSGVO. We would like to point out that data transmission without the existence of an adequacy decision involves certain risks, about which we may inform you below:

US intelligence agencies use certain online identifiers (such as IP addresses or unique identifiers) as a starting point for tracking individuals. In particular, it cannot be ruled out that these news services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Providers of electronic communications services headquartered in the United States are subject to surveillance by US intelligence agencies under Section 50 US Code § 1881a (“FISA 702”). According to this, providers of electronic communications services headquartered in the USA have the obligation to make personal data available to the US authorities in accordance with 50 US Code § 1881a without you possibly being entitled to legal remedies. Even encrypting the data in the electronic communications service provider's data centers cannot provide adequate protection, since an electronic communications service provider has a direct obligation with respect to the imported data in its possession, custody or control to allow access thereto grant or issue them.

The fact that this is not just a "theoretical danger" is shown by the judgment of the ECJ on July 16, 2020 (Case C 311/18, "Schrems-II").

We have concluded guarantees with Google in the form of standard data protection clauses in accordance with Article 46 (2) (c) GDPR. A copy of the standard data protection clauses can be requested from us.

Posthog

1. Scope of processing of personal data

We use Posthog (https://posthog.com/) from PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, USA. With PostHog, user behavior on our website can be analyzed for the purpose of improving our online offering.

For more information about PostHog, seehttps://posthog.com/faqand in PostHog's privacy policy: https://posthog.com/privacy

2. Purpose of data processing

The purpose of processing personal data is to improve our online offering.

3. Legal basis for processing personal data

The legal basis for the processing of the user's personal data is the user's consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law.

5. Possibility of revocation and elimination

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

You can prevent PostHog from collecting and processing your personal data by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or install a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For objection and removal requests to PostHog, you can contactprivacy@posthog.comturn around.

Cronofy

1. Scope of processing of personal data

We use Cronofy (https://www.cronofy.com/) of Cronofy Limited, Nottingham, 1 Broadway, United Kingdom. Appointments can be organized with Cronofy.

For more information about Cronofy, see https://www.cronofy.com/about and Cronofy's privacy policy: https://docs.cronofy.com/policies/privacy-notice/

2. Purpose of data processing

The purpose of processing personal data is to simply arrange appointments.

3. Legal basis for processing personal data

The legal basis for the processing of the personal data of the user is basically the consent of the user according to Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law. In principle, data is deleted 90 days after the end of the service.

5. Possibility of revocation and elimination

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

For opt-out and removal requests to Cronofy, you can contactprivacy@cronofy.comturn around.

III. Use of Offers

Contact form and email contact

Description and scope of data processing

Our contact details and a contact form are stored on our website, which can be used to contact us. In principle, it is possible to contact us via the e-mail address provided. In this case, the transmitted personal data (name and request) of the user will be stored and processed by us for the purpose of processing your request.

If customers or interested parties take advantage of the option of sending a message via the contact form, the data entered in the input mask will be transmitted to us and saved. These dates are:

  • Surname
  • E-mail address and other contact details
  • website of your practice

At the time the message is sent, the following data is also stored:

  • The IP address of the user
  • Date and time of shipment

In this context, the data will not be passed on to third parties without your consent. The data will only be used to process the conversation.

Legal basis for data processing

Contacting us by providing an email address is only possible from the age of 16 or with the consent of the legal guardian. By using this feature, you confirm that you are over 16 years old or have parental consent.

The legal basis for the processing of the data transmitted in the course of sending an inquiry is Article 6 Paragraph 1 Letter a GDPR. The legitimate interest lies in the efficient and fast processing of user inquiries. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

purpose of data processing

The processing of the personal data from the input mask or the data transmitted in another way serves us to process the contact, the processing of user inquiries or the processing of appointment requests. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

Possibility of objection and elimination

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. To revoke your consent, you can contact our data protection officer at any time using the above contact details.

All personal data that was saved in the course of making contact will be deleted in this case.

IV. Own Services

Handling applicant data

Description and scope of data processing

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following we will inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data takes place in accordance with the applicable data protection law and all other statutory provisions and that your data will be treated as strictly confidential.

Legal basis for data processing

The legal basis for data processing is § 26 BDSG nF under German law (initiation of an employment relationship), Article 6 Paragraph 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Article 6 Paragraph 1 lit GDPR. The consent can be revoked at any time. Within our company, your personal data will only be passed on to people who are involved in processing your application.

If the application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG nF and Article 6 Paragraph 1 lit. b GDPR for the purpose of carrying out the employment relationship.

purpose of data processing

If you contact us electronically, i.e. by e-mail, we will collect and process your personal data for the purpose of processing the application process, for deciding on the establishment of an employment relationship and for carrying out pre-contractual measures.

By submitting an application, you express your interest in wanting to take up employment with us. In this context, you send us personal data that we use and store exclusively for the purpose of your job search/application.

In particular, the following data can be collected:

  • Name (first and last name)
  • E-mail address
  • phone number
  • LinkedIn profile (optional)
  • Channel how you found out about us
  • Comparison between job requirements and skills of the applicant
  • Planned Employment
  • Communication during the application process
  • Status updates and notes on your application

You also have the option of attaching meaningful documents such as a cover letter, your CV and certificates. This may contain other personal data such as date of birth, address, etc.

Only authorized employees from the human resources department or employees involved in the application process have access to your data.

The storage of the personal data takes place exclusively for the purpose of filling the vacant position for which you have applied.

Duration of storage

Your data will be stored for a period of 6 months beyond the end of the application process. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).

You will not be informed separately about the deletion of your data.

In addition, we reserve the right to store your data for inclusion in our "Talent Pool" for one year after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for an apprenticeship or internship. For this we provide you with a separate consent in which you can agree to the possible further storage of your data and the inclusion in our "Talent Pool". The data will be deleted from the “Talent Pool” after one year.

You will not be informed separately about the deletion of your data.

If you receive an offer for a job with us as part of the application process and accept it, we will store the personal data collected as part of the application process at least for the duration of the employment relationship.

Possibility of objection and elimination

If personal data is processed by us as the responsible body, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing. These can be found in the "Rights of the data subject" section of this data protection declaration.

If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 Para. 3 DSGVO. To assert your rights as a data subject with regard to the data processed in this application process, please contact our data protection officer using the above contact details.

V. Rights of the data subject

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

  1. right of providing information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information about the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

  1. Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

  1. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

  1. Right to Erasure

4.1. Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.

(4) The personal data concerning you was processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

4.2. information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, also of a technical nature, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

4.3. exceptions

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller became;

(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law referred to under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

  1. right to information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

(2) the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

  1. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

  1. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

  1. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) with your express consent.

However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

VI. Data Security, Third Party Sites, Changes

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Privacy Policy and Third Party Sites

The Website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please make sure of the applicable data protection conditions before you submit any personal data to these websites.

Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly and find out about the applicable data protection regulations.