1. Who is responsible for data processing and whom can I contact?
2.Which sources and data do we use?
We process personal information that we receive from you in connection with your use of our website and our business relationship, where appropriate. In the case of strictly informational use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access details, which we legally need to view our website and to ensure reliability and protection. Access data includes the IP address, the date and time of the visit, the time zone difference relative to the Greenwich mean time (GMT), the content of the request (i.e. the name of the particular web page accessed), the access status / HTTP status code, the respective amount of data transmitted, the referrer URL (previously visited page), the browser form and version, the operating system and its interface, the language, and version of the browser. In addition, we will collect your personal data if you contact us by using our contact form or by e-mail. Personal data includes e.g. name, organization, e-mail address, telephone number, subject, text message (hereinafter referred to as “contact information”).
3.What do we process your data for (purpose of processing) and on what legal basis?
For the following reasons and on the following legal basis, we process personal data in compliance with the provisions of the European General Data Protection Regulation ( GDPR) and the Federal Data Protection Act (BDSG):
Objective Inasmuch as you consent to the processing of personal data for such purposes, particularly when contacting you (e.g., via our contact form or via e-mail, WhatsApp etc. for the processing and management of your request, telephone ads, e-mail, SMS, etc.) the processing is legal as you agree to. Your permission can at any time be withdrawn. Please notice that any withdrawal is only applicable in the future. It does not impact any processing until the revocation. Cancelation can be made to the contact information listed above or email@example.com Legal basis Permission, Article 6(1a) GDPR
Intent In addition to all consent given to the processing and handling of the contact inquiry (via contact form or e-mail, telephone, or WhatsApp), your data shall be processed according to measures taken prior to entering into a contract, in accordance with Article 6(1b) GDPR. Legal basis The steps taken before entering a contract at the request of the data topic, Article 6(1b) GDPR
Purpose Your access data is processed to safeguard our legitimate interests or those of third parties (see data under item 2 above). We are seeking the following legitimate interests in particular:
Ensures IT security, particularly the safety of the Website; we store the IP address when someone leaves illegal content with a comment feature (insults, banned propaganda, etc.) and we need to be able to establish the identity of the author for our own legal defense.
Advertising or market and opinion analysis, unless you object to your data being used;
Assertion and protection of valid claims in legal disputes; Legal basis In the interests of balancing legitimate interests, Article 6(1f) GDPR; Legal basis
When you fill the contact form by ticking the consent statement checkbox, you expressly consent to the collection, processing, and use of personal details, including your health information, which you provide for us to obtain information on choices and costs of the medical services you are interested in. This includes transferring your information within and outside the EU / EEA to hospitals, clinics, or other health services providers.
4.Who can access my data?
In the company, you will access your data from agencies who need to know your data to comply with our contractual and regulatory obligations. Furthermore, processors (Article 28 of the GDPR) which are engaged by us may also access data for the purposes mentioned above. There are companies in IT, publishing, telecommunications, sales, and marketing areas. If we use processors to deliver our services, the necessary legal safeguards and technical and organizational steps are taken to protect personal data in compliance with applicable law. Data shall only be distributed to third parties within the framework of legal requirements. The disclosure of user data to third parties will occur, for example for contractual purposes, under Article 6(1)(b) GDPR or based on valid interests in our business under Article 6(1)(f.) GDPR or if you have consented to the transfer of data. If the Website is used for educational purposes only, we do not usually reveal any information to third parties.
5.How long will my data be retained?
The log file information is maintained for a period of four weeks for safety purposes (eg. to investigate violent or fraudulent activities) and then removed (see point 2 above). Data that must be preserved for proof are exempted from deletion until eventually clarified by the respective event. As required, for the duration of our business interactions, we process and hold your personal data, which also involves, for example, beginning and completing a contract through the contact form or e-mail. We also have a number of responsibilities to maintain and register, including under the German Commercial Code (HGB) and the German Tax Code (AO). The time limits for retention and reporting are two to ten years. Finally, the retention period often depends on periods of legislative restriction, which are typically 3 years under sect. 195 and seq., for example. It may, however, be thirty years in some instances, with a normal limitation duration of three years, under the German Civil Code (BGB).
6.Are data transferred to a third country or to an international organization?
The data generated is processed in the EU and for Google Analytics, Twitter, and Salesforce (see the final two parts of the list below) in the United States as well. Please notice that if the recipients of your data are either EU-U.S. accredited in countries without the Commission’s adequacy decision, as is the case in the United States under Art. 45 GDPR. Privacy Shield (such as Google), or that we have negotiated with these recipients on EU standard data security clauses. This is done to protect your privacy and to ensure that your personal data are properly secured. You may receive a copy or read the EU Standard Data Security Clauses. Contact us with the contact details given in item 1 above, if applicable.
7.What are my data projection rights?
Per data subject has the following:
Access privileges under Art. 15 GDPR,
Right to be corrected under Art. 16 GDPR,
Right to delete under Art. 17 GDPR,
Right to limit processing pursuant to Art. 18 GDPR and
Data portability privileges under Art. 20 GDPR.
In addition, you can in principle revoke consent with effect for the future. You will have the right to file charges with a supervisory body (Article 77 of the GDPR and Sec. 19 of the BDSG).
We also mention your right to object in accordance with Article 21. DGRP:
Information concerning your right to object under Article 21 GDPR You have the right to object, on grounds concerning your particular situation, at any time to the processing of your personal data, based on Article 6(1)(e) GDPR (public interest data processing) and Article 6(1)(f) of the General Data Protection Regulation (interest balance data processing) (If you object, we will not process your personal data any longer, unless we can demonstrate compelling legitimate reasons for processing that overweight your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims. We process your personal data for direct marketing purposes in individual cases. You have a right at all times to object to the processing of your personal data for the purpose of this marketing, including for profiling in so far as it is related to such direct marketing. We no longer process your personal data for those purposes if you object to the processing for direct marketing purposes. Objections do not require a particular form and no costs except transmission costs under basic tariffs are incurred. Any objection should be answered, if necessary, to:
by e-mail to firstname.lastname@example.org
8.To what extend do you implement automated decisions, like profiling?
In practice, in compliance with Art. 22 GDPR, we are not using completely automated decision-making as part of our access to our website or as a contact form or e-mail. If we use these procedures in particular cases, if needed by law, we will inform you separately. We do not automatically process the data in order to determine those personal aspects (profiling).
9.Am I under any obligation to provide data?
For technical or IT security purposes, you must provide the personal details required to use our Website on our Website. You can not use our website unless you supply the above info. You just need to include the personal details needed to process your application when you contact us via the form or by e-mail. If not, we will not be able to process your application.
12.Facebook Custom Audience Re-Targeting
Our website uses Facebook’s personalized audience website, 1601 S. Facebook Inc. Palo Alto, CA 94394, USA, California Avenue (“Facebook”). This tool allows our Facebook members, online users, to access relevant advertisements and deals on the Facebook website. For this reason, our site contains Facebook re-targeting pixels, which allow Facebook to recognize and use the details to view our ad or offers on the Facebook Advertising network as a visitor on the basis of a pseudonym. This does not include personal information collection and therefore does not allow us to identify you on Facebook. The pseudonymous data gathered by the re-target pixels are not related to your Facebook user information. More detail can be found on the Facebook re-targeting “Custom Audience” and on https:/www.facebook.com/settings/? You can deny Facebook Custom audiences at https ● www.facebook.com / settings/? Tab = ads and https:/ww.facebook.com/about/privacy tab = ads= and http:/www.youronlinechoices.com/de/principality/
We use third-party providers on our website, within the context of Art. 6(1)(f) GDPR, as part of our legitimate interest, i.e. our interest in an optimum website. The IP address of the user is forwarded to these third-party providers. The IP address is theoretically important to show the contents. For evaluation or marketing purposes, third-party providers may use so-called “internet pixels” (invisible graphics, sometimes referred to as “internet beacons.” The web pixels can be used for information assessment, such as website traffic. Third parties can store information on user devices in cookies. On our website we use the following third-party providers:
Address re-targeting which uses technology to collect information about the use of our website and improve the effectiveness of our marketing, including web beacons and cookies. Data obtained using this technology was aggregated and shared with us. AdRoll does not collect or disclose any personally identifying information about you. For more information on AdRoll re-targeting and on how you can change your settings see: https:/www.adroll.com/about/privacy The AdRoll and its partners can be removed by accessing this link: https:/app.adroll.com/optout/safari AdRoll is also a member and adheres to the NAI Code of Conduct. You can visit this link with the NAI tool opt-out: http:/optout.networkadvertising.org/ #! /
Bing tracking: if you have visited our website via an ad on Bing, they will be able to record those relevant activities – like, in certain cases, Google (for AdWords) and other third parties. This may include tracking forms to measure the effectiveness of advertising strategies. You can find more detail here at Microsoft.
Cloudinary, Cloudinary Ltd. 111 W Evelyn Ave, Suite 206 Sunnyvale, CA 94086, United States of America, a third-party provider. Image data on our website is stored on the Cloudinary server. Cloudinary enables us to access these data exclusively which we use to display images on our website. More information on data protection and privacy policies is available at http:/cloudinary.com/privacy and http:/cloudinary.com/tos.
Google+ services functions are included in our online offering. These functions are offered by Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, a third-party provider. You can link the contents of our website with your Google+ profile by clicking on the Google+ button if you log in to your Google+ account. This enables Google to connect your visit to our site to your user account. Please notice that as providers of the website, we do not obtain information about the quality of transmitted data or their usage in relation to Google+. The data security statement: https:/www.google.com/policies/privature/, Opt-Out: https:/www.google.com/settings/ads/.
Instagram support features are included in our online offering. Instagram Inc., 1601 Willow Lane, Menlo Park, CA, 94025, USA supplies these functions. If you’re logged into your Instagram account, click the Instagram button to connect the contents of our website to your Instagram profile. This helps Instagram to connect your user account with the visit to our site. Please notice that as providers of websites, we receive no information concerning Instagram’s content or uses of the data transferred. Information security statement: http:/instagram.com/about/legal/privacy/.
Twitter services roles are built into our online services. Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA offers these functions. Through using Twitter and the re-tweet feature, websites you visited have become connected to your Twitter account, which other users can see. This transfers data to Twitter. Please note that as providers of the web site, we do not receive any information about the material or usage of transmitted data on Twitter. Twitter Data Security Statement at http:/twitter.com/privacy. You can change the Twitter data security setting in the http:/twitter.com/account/settins account setting.
Internet analysis and improvements were carried out with the aid of Hotjar, third-party service provider Hotjar Ltd., Level 2, Business Center of St Julians, 3, Elia Zammit Lane, STJ 1000 of St Julians, Malta, Europe. With Hotjar, the activity can be tracked and analyzed on websites for which Hotjar applied (heat maps can also be created based on this activity). For example, you can see how far users scroll and which function buttons are most frequently pressed. In addition, it is possible to detect technical data such as the user language, device, screen resolution, and device type. This provides at least a temporary profile of our website users. In addition, input from the users of our website can be collected with the aid of Hotjar. This is how we gather useful information to make our web quicker and easier for our customers. Information security statement: https:/www.hotjar.com/privacy. OK: https:/www.hotjar.com/opt-out.
Internet analysis and optimization is performed using the Mixpanel service, the third-party Mixpanel provider. To better understand how our clients use the website and develop it constantly, we have used the www.mixpanel.com Monitoring Tool: the Mixpanel provider’s web analysis service. Cookies can be used here; this is a tiny text file that is stored locally on the website visitor’s computer, and which enables users to remember when users return to the website. Mixpanel Inc. collects and stores user information in order to construct pseudonym profiles. The pseudonym user profiles are not conflated with personal data on the pseudonym carrier in compliance with § 15 TelemedienG. You can avoid and prevent this data collection and saving for future use in web analytics by disabling the service at any time by clicking on the “Yes, I’d like to opt out” tab on https:/mixpanel.com/optout/. Please notice that a cookie is placed on your computer in this situation, to ensure no additional data is collected or used. You should not delete this cookie for this purpose. In addition, if you have approved, we use Mixpanel to give you targeted push notifications. If you no longer want alerts, you can disable them in the app at any time. You can view Mixpanel’s Data Security Statement here: https:/mixpanel.com/terms. Mixpanel has been accredited under the Privacy Shield Agreement, ensuring that Mixpanel ensures that Europe’s data protection regulations are always compliant. (http:/www.privacyshield.gov/involver?id=a2ze 0000KzX1AAK&status = Active)
Internet research and optimization were carried out by Adroll, third-party service provider Adroll, 972 Mission St, 3rd Floor, San Francisco, CA 94103, United States. This makes advertising for internet users who have already shown an interest in our website and services. Thanks to the principle of retargeting, a cookie study of the previous user-comportement, successful insertion of ad-material can be made possible. Naturally, this does not require the saving of identify-specific or personal data or, in the current legal data security policies, the use of “retargeting” technology is carefully controlled. For more information about Adroll ‘s general data security policies and data protection/privacy directives, please build (Opt-Out) http:/www.adroll.com/about/privacy for an anonymous review of your online behavior.
The third-party Ad Up providers, Axel Springer Teaser ad GmbH (Axel-Springer-Straße 65, 10969 Berlin), site analysis, and monitoring (More Information: https:/www.casamundo.de/info/sicherheit/datenschutz-bei-casamundo?xd=9gvw0m d#ee1f7dae). Ad Up can then produce interest-based, targeted advertising on websites for a while by collecting anonymous and/or pseudonym data. Ad Up generates cookies to enable marketers to provide a so-called conversion tracking tool to assess the efficiency of their advertisements and keywords. More information about the Axel Springer Teaser Ad GmbH data protection policies can be found under https:/www.adup-tech.com/datenschutz. The “Allow (Activate)” button will be located there, which allows you to select from the company’s cookies in your browser and thus deactivate the Ad Up application on your browser.
Sending e-mail with support from ActiveCampaign: we use the email marketing service Active Campaign in Chicago, USA for the manual and automated sending of e-mails. Active Campaign is a Privacy Shield Partnership accredited to ensure it complies with European data protection regulations on a continuous basis. (email@example.com/participant?id=a2zt0000001L5AAI & status = Active)
Email marketing and web analytics with a third-party vendor in s.r.l., legal headquarters via Lagrange 35, 10123 Turin, Italy. The data processing is carried out so that our service may be activated; this may mean data used for transmitting messages and alerts (often via E-mail) on behalf of the third parties, other consumers, or buyers/consumers; data may also be used for market research and statistical purposes: marketing and preference; data may be used for purposes relating to services offered.
We use Unbounce services for websites and promotional campaigns, Unbounce marketing solutions Inc.’s third-party supplier, 400-401 West Georgia Lane, Vancouver, BC, Canada, V6B 5A1. These pages are hosted with Unbounce so that the browser of the user interacts directly with Unbounce to transmit the IP address of the user and enforce cookies. All user entries on these pages are saved by Unbounce. The nexum AG business would then have access to an examination of its operations on these sections. You will find more detail about Unbounce and Unbounce data security policies here: http:/unbounce.com/privacy/