Data Privacy

We process your data in accordance with statutory provisions, particularly the Telemedia Act, REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL, dated 27 April 2016, on the protection of individuals concerning the processing of personal data, on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as DSGVO for short) and the Federal Data Protection Act.

1. General Information

(1) This privacy statement explains what information is collected or stored when visiting our website, and how it is used. This statement also explains how you can check the accuracy of the personal information stored about you and how you can delete, block or update this personal information in our database.

(2) As a matter of principle, personal data of our users are only proceeded when necessary to provide a functional website as well as our contents and services. Further uses are listed in the following provisions. The regular processing of personal data of our users is only carried out with their explicit consent. An exception applies in cases in which either obtaining prior consent is not possible for actual reasons or the processing of the data is permitted by legal regulations.

(3) Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event of vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

(4) Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the afore mentioned standards expire unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

Due to legal requirements, we may be obliged to store your data beyond the period of your use of our website – particularly for tax purposes. However, we will ever only store data to the extent necessary; taking into account the legal requirements.

(5) Sharing data

Should your data be passed on to other companies or subcontractors, this will only be done in compliance with the present data protection regulations and the statutory provisions as well as for the fulfilment of contractual obligations, e.g. the provider may possibly view corresponding statistical data.

We do not transfer your personal data to third parties outside the company without your expressed consent. External service providers who process data on our behalf are contractually obliged to do so. These service providers particularly are prohibited from using your data for purposes other than those for which it was originally provided.

We will only provide third parties with data that goes beyond the data you provided, in particular data that you have provided to us for internal purposes only in need of the pure processing of contracts, in the event of a corresponding legal obligation or in order to safeguard legitimate interests.

(6) Storage location

Your data is processed on servers located in Germany, hence only within the scope of the EU data protection level. However, we would like to point out possible exceptions according to No. 3 of these regulations.

Collecting personal data
a. Data generated on a website visit

(1) During a simple website visit, we only store access data within the framework of so-called server log files. This means data provided by your browser and that has no personal reference, namely:

– Browser type/version

– Operating system used

– Referrer URL (the previously visited page)

– Websites accessed by the user’s system via our website

– the user’s internet service provider

– Host name of the accessing computer (IP address)

– time and date of the server request.

We are not able to assign this data to specific individuals. We do not combine this data with other data sources, and the data is deleted after statistical evaluation. For this purpose, user access to our website is stored in the server log files, including the IP address. These log files are processed monthly for statistical purposes using analysis software, and will then be deleted. It is not possible to draw conclusions about a specific individual when we use the data.

(2) The processing of this data is based on Art. 6 para. 1 letter f DSGVO. On one hand, the legitimate interests arise from the need to display and optimise the website’s content in a technically correct manner. Furthermore, the collection is necessary to ensure the functionality of the website in the event of attacks by third parties and to enable the prosecution of such attacks.

(3) The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. These purposes are also our legitimate interest in the data processing according to Art. 6 para. 1 lit. f DSGVO.

(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If any data was collected to guarantee the website’s provision, it will be deleted as soon as respective website session has ended.

(5) Collection of data for the provision of the website and the storage of these data in log files is absolutely indispensable for the operation of the website. Consequently, there is no possibility for the user to object.

B. Preventive health care services

(1) Our patients’ data (also including interested parties, other clients and contractual partners) are processed in accordance with Art. 6 Para. 1 lit. b) DSGVO for the provision of the contractual services. However, this data usually is not collected via our website. However, should you transmit corresponding data to us via our website, the following applies:

(2) Which data is collected and processed depends on type, extent and purpose of the necessity of its processing. Essentially, inventory and contact data of our patients (name, address, telephone, email address etc.), contract data (products used and their costs, names of contact persons) and payment data (order process, payment history, bank details, etc.) are collected and processed.

In the health sector special categories of data are also collected in accordance with Art. 9 (1) DSGVO. Particularly, this includes information concerning the patient’s health additionally also referring to their sexual orientation and sexual life. To process these extremely sensitive data, if necessary, the explicit consent of the patient is always obtained of course, in accordance with Art. 6 Para. 1 lit. a, Art. 7, Art. 9 Para. 2 lit. a DSGVO. Another purpose is the patient’s preventive health care on basis of Art. 9 para. 2 lit. h DSGVO in conjunction with § 22 para. 1 no. 1b BDSG.

(3) To the extent required by law or necessary for the performance of the contract, we also disclose and transfer patient data when communicating with healthcare professionals and those typically involved in the performance of the contract. These include, among others, hospitals, laboratories, billing offices and comparable service providers, factoring companies. The basis for this processing is Art. 6 para. 1 lit. b and c DSGVO. Furthermore, it is in our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to offer patients efficient and cost-effective healthcare. Further bases for processing are, in addition to the vital interest of the patient (Art. 6 para. 1 lit. d DSGVO), also the explicit consent of the patient (Art. 6 para. 1 lit. a, Art. 7 DSGVO).

(4) The data shall be deleted immediately when no longer required for the fulfilment of contractual and legal obligations or in dealing with warranty and other obligations. Within the framework of statutory retention periods, a necessity test is carried out every three years.

(5) With your consent, your data will be transferred to a hospital providing further treatment, if needed.

3. Third party plug-ins
(1) Legitimate interest

The use of third party plug-ins as mentioned below has been reviewed in terms of data protection law and is carried out on the grounds of Art. 6 f) DSGVO for the protection of legitimate interests, to improve our website.

(2) Data protection declaration for the use of Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

IP Anonymisation

We have activated the IP anonymisation function on this website meaning that your IP address is shortened by Google within member states of the European Union, or in the other contracting states of the Agreement on the European Economic Area, before being transmitted to the USA. Only exceptional cases will the transmitted with a full IP address to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse use of cookies by selecting the appropriate settings on your browser however please note that if you do so you may not be able to use this website with full functionality.

Still, you can prevent the collection and transfer of data generated by the cookies and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will also prevent the collection of your data during future visits on this website: ((Click here to deactivate Google Analytics.))

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Processing of order data

We operate in accordance with an order data processing contract with Google and fully implemented the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be generated containing statements about age, gender and interests of site visitors. This data originates from interest-based Google advertising as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.

(3) Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When calling up a page your browser loads required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

The use is based on legitimate interest according to Art. 6 para. 1 f) DSGVO.

(4) YouTube

Our website may use plugins from YouTube, a site operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA or, for the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When visiting one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established, telling the YouTube server which of our pages you have visited.

Being logged in to your YouTube account, you enable YouTube to assign your surfing habits directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used due to the purpose of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

(5) Jameda

On our website, rating seals of the medical portal Jameda (jameda GmbH, St.-Cajetan-Straße 41, 81669 Munich, Germany) may be displayed and a widget used to make appointments. In order to display the seals, a connection to the Jameda servers is established; Jameda learns that our website was accessed via your IP address. This process applies even if you are not logged in to Jameda actually or do not have a Jameda account.

Jameda receives any relevant data for appointment arrangements, being stored by Jameda on our behalf. This order processing agreement with Jameda operates according to the German Data Protection Act (DSGVO), which ensures that all data is stored securely and cannot be disclosed to unauthorised third parties. Hence Jameda securely encrypts every communication.

We are using Jameda in the interest of an easier findability and authentic presentation of our practice and our online offer as well as to facilitate communication; this use represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

Further information on Jameda can be found at https://www.jameda.de/jameda/ and in Jameda’s privacy policy: https://www.jameda.de/jameda/datenschutz.php.

4. Cookies

(1) Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. User addressing the website activate a cookie that may be stored on the user’s operating system. This cookie contains a characteristic string of characters enabling the browser to be uniquely identified when the website is called up again.

(2) There are Cookies which will be deleted by the end of a browser session (so-called session ID cookies). These cookies are used for the purpose of authorisation, identification, and to obtain special information, e.g. if you wish to remain logged in. These cookies are automatically deleted after one hour.

(3) User data collected this way is pseudonymised by technical precautions making an identification of the calling users’ data impossible. These data are not stored together with other personal user data.

(4) When accessing our website, users are informed by a banner about the use of cookies for analysis purposes, and referred to this data protection declaration or, if necessary, consent to the processing of personal data in connection with cookies is obtained. In this context the user is also informed on how to prevent the storage of cookies in the browser settings.

(5) If cookies are stored on your PC anyway, you are in control of whether and when these cookies should be deleted. Please use the corresponding function in your browser for this purpose.

(6) With most internet browsers, you can delete cookies from your hard drive, block them or receive a warning before a cookie is deposited. You can set your browser to get informed about the setting of cookies anytime this process occurs, deciding on a case-by-case basis whether to accept them, or deny the acceptance of cookies in general. If you do not accept any cookies, the functionality of our website might be limited. Please consult your browser’s user manual or your browser provider on how to set programs accordingly.

(7) We will associate automatically stored information with personal data only in case you provided us (e.g. when registering on our websites) with your prior consent.

(8) Data from set cookies, especially in connection with the above-mentioned cookies by external services (No. 3), will only be proceeded according to Art. 6 f) DSGVO stating the protection of legitimate interests; we assume however that your interests, fundamental rights and personal freedom are not restricted by this, as personal data are not obtained by us or by third parties in this case. In fact, this type of data is purely of statistical interest and adapted to or reveals your user conduct and possibly other factors, but no data that might lead to an individual identification.

5. Data security

(1) We secure our websites and all systems connected against loss, destruction, access, modification or distribution of your data by any unauthorised persons in technical and organisational ways.

(2) You should always treat your access information confidentially and close the browser window after finishing using it, especially when sharing the computer with others, in order to prevent misuse of your account.

(3) We will not be held liable for other providers’ content reachable via hyperlinks on our websites. All links on our website refer to content not stored on our own servers. External content was checked for illegality and criminal liability when the links were set. However, changes in external content by its providers can never be ruled out.

6. Contact form / e-mail

(1) Your consent to the processing of data is obtained during the submission process with reference to this data protection declaration.

(2) Alternatively, users can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

(3) Also in this context, no personal data will be passed on to any third parties. Submitted data is exclusively used for processing the conversation.

(4) The legal basis for processing the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

(5) Legal basis for data processing transmitted when sending/receiving an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact is supposed to enter into a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

(6) The processing of personal data submitted over the online input mask solely serves us to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

All additional personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure security of our information technology systems.

All personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data generated by using the contact form input mask as well as those sent by e-mail, this is the case when respective conversation with the user has ended. The conversation is supposed to be ended in case circumstances indicate that the matter in question has been conclusively clarified.

(7) Additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(8) Every user has the option to revoke his consent to processing of personal data at any time by notifying the responsible office (see below) by e-mail or post. User contacting us by e-mail might object to storage of his personal data at any time. If that’s the case, the conversation cannot be continued. All personal data stored while being in contact will be deleted altogether.

(9) This website is protected by reCAPTCHA. Google’s privacy policy and terms of use apply.

7. SSL Encryption

For security reasons and to protect the transmission of confidential content this site uses SSL encryption, such as enquiries you send to us as the site’s operator, for example. Encrypted connections can be identified by its browser address line which changes from “http://” to “https://” and shows a lock symbol.

If SSL encryption is activated, data you transmit to us cannot be read by third parties.

8 Application data

Applicant data is exclusively proceeded for purposes of and within the scope of application processes. Applicant data is processed to fulfill our (pre)contractual obligations within the scope of application procedures in accordance with Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO in case data processing becomes obligate for us due to legal procedures pursuant to Section 26 BDSG, for example.

If offering online forms, necessary applicant data are marked, or result from the job descriptions otherwise. In principle, the following data is required for data collection and application processes: personal details, postal code and contact addresses, documents to attach to the application, such as cover letter, a CV and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting the application, applicants automatically consent to our processing of their personal data for the purposes of the application process in accordance with nature and scope set out in this privacy policy.

If special categories of personal data according to Art. 9 (1) DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are voluntarily disclosed within the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b DSGVO. Should special categories of personal data (e.g. health data if this is necessary for the exercise of the profession) according to Art. 9 (1) DSGVO are requested from applicants by us as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a DSGVO.

Data provided from any online form will be transmitted encrypted in accordance to state of the art technical possibilities.

Furthermore, applicants can also submit their applications via e-mail. However, please note that e-mails in general are not encrypted; applicants have to ensure to encrypt them themselves. Alternatively, it is possible to send the application by letter.

If the application is successful, data provided by the applicant may be processed further by us for purposes of an employment relationship. If the application for a vacancy is unsuccessful, all applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

The deletion, subject to a justified withdrawal by the applicants, will take place after an expiry period of six months to guarantee any follow-up questions regarding the application might still be answered and all obligations for evidence under the Equal Treatment Act can be fulfilled. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements

9. Social media profiles

We maintain online profiles within social networks and platforms to be able to communicate with our customers, interested parties and active users by channeling information about our services.

Please note that social media and networking user data might be processed outside the European Union which may result in certain risks;  it might e.g. make it more difficult or even impossible to enforce European user’s rights. However, please note that US providers certified by the Privacy Shield explicitely comply to the data protection standards of the EU.

Furthermore, user data is usually processed for market research and advertising purposes. For example, target group profiles can be created from user behaviour patterns on social media, revealing special interests. These profiles can be used to place advertisements within and outside the platforms presumably corresponding to those interests, for example. For these purposes, cookies might be stored on the users’ computer to trace and document these usage behaviour patterns and interests. Furthermore, data may also be stored virtually connected to the usage profiles irrespective of used hardware devices (especially if users are members of these platforms and are logged in to them).

The processing of personal data is based on our legitimate interest in effectively informing our users and communicate with them pursuant to Art. 6 para. 1 lit. f. DSGVO. If users are asked for consent to aforementioned data processing routines by respective platform providers, a legal processing is based on Art. 6 para. 1 lit. a., Art. 7 DSGVO.

For detailed description of processing and opt-out options, please refer to the information of the providers linked below.

In case of information requests and assertion of user rights, we would refer you to the providers themselves since they are the only ones with access to their users’ data and can take appropriate measures and quickly provide information accordingly. If you need help, however, please feel free to contact us.

Concerning our Facebook profile, please note the following information in particular, provided by Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Privacy policy: https://www.facebook.com/about/privacy/,

Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

With Facebook we are in an agreement on a joint processing of personal data.

Concerning our Instagram profile (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA), Instagram’s privacy policy also applies including the opt-out option you might find here: http://instagram.com/about/legal/privacy/.

To Google / Youtube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), this privacy policy applies: https://policies.google.com/privacy and the opt-out: https://adssettings.google.com/authenticated. Google is registered under the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

10. Your rights

According to GDPR, if your personal data is processed you are a “data subject” with the following rights towards the responsible person or party:

A. Right to information

You may request confirmation as to whether your personal data is being processed by us.

If such processing takes place, you may request information about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned storage duration of your personal data or, if there is no specific information available, criteria for determining a storage period;

(5) the right to obtain rectification or erasure of your personal data, the right to obtain a data processing restriction or a right to object to such processing;

(6) the right to appeal to a supervisory authority;

(7) any available information concerning the personal data’s origin if not directly collected from the data subject;

(8) the existence of an automated decision-making process including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved as well as scope and intended effects of such processing for the data subject.

You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards with data transfer pursuant to Article 46 of the GDPR in connection.

B. Right to rectification

You have a right to rectification and/or completion vis-à-vis the responsible party without undue delay to see if your personal data processed are inaccurate or incomplete.

C. Right to restrict personal data processing

You may request a processing restriction of personal data under the following conditions:

(1) you dispute the correctness of your personal data giving a range of time enabling the responsible party to review its accuracy;

(2) the processing is unlawful, but you object to erasure of your personal data requesting a restriction of its use instead;

(3) the responsible party no longer needs your personal data for any purposes of processing but you need it for assertion, exercise or defense of legal claims; or

(4) you have objected to processing according to Article 21(1) of the GDPR, but it has not yet been determined whether the responsible party’s legitimate grounds override yours.

If the processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

In case the processing restriction itself has been restricted in accordance with the conditions above, you will be informed by the responsible party before the restriction is lifted.

d. Right to erasure

Obligation to erase

You may request the responsible party to erase your personal data immediately; the responsible party is obliged to erase such data without delay if one of the following reasons applies:

(1) Your personal data are no longer necessary for any purposes like those they were collected or otherwise processed for.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal ground for the processing.

(3) You object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of your personal data is necessary to comply with a legal obligation under Union or Member State law to which the responsible party is subject.

(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

Sharing information with third parties

If the responsible party has made your personal data public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, with regard to the available technology and the costs of implementation, to inform data controllers which process the your personal data that you, as the data subject, have requested them to erase entirely, with all links to or copies of or other replications of such personal data.

Exceptions

The right to erasure does not exist if the processing is necessary for

(1) the exercise of the right to freedom of expression and information;

(2) compliance with a legal obligation which requires processing under Union or Member State law to which the responsible party is subject, or for the performance of a task carried out in public interest or in exercise of official authority vested in the responsible party;

(3) reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

(4) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, if the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) for the assertion, exercise or defense of legal claims.

e. Right to being kept updated

If you have asserted your right to rectification, erasure or restriction of processing your personal data against the responsible party, the responsible party is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the responsible party.

f. Right to data transferability

You have the right to receive your personal data provided to the responsible party in a structured, conventional and machine-readable format. You also have the right to transfer this data to another party without hindrance from the responsible party to whom the personal data has been given, providing that

(1) the processing is based on consent according to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract according to Art. 6 para. 1 lit. b DSGVO and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have personal data concerning you transferred directly from one responsible party to another, if feasible technically. This should not affect any freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in public interest or in the exercise of official authority vested in the responsible party.

g. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out according to Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The responsible party shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If your personal data is processed for purposes of direct marketing, you have the right to object to the processing of your personal data for such marketing purposes at any time; this also applies to profiling, if is related to such direct marketing.

In case you object to a personal data processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

In connection with the use of information society services, notwithstanding Directive 2002/58/EC, you also might exercise your right to object by means of automated procedures using technical specifications.

h. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the lawfulness of all processing carried out on legal grounds of consent up to the point of revocation.

i. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which will produc legal effects concerning you or will similarly significantly affect you. This does not apply if the decision

(1) is necessary for any conclusion or performance of a contract between you and the responsible party,

(2) is authorised by legislation of the Union or the Member States to which the responsible party is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is made with your explicit consent.

However, according to Article 9(1) of the GDPR, these decisions must not be based on special categories of personal data, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Regarding the cases referred to in (1) and (3), the responsible party is obliged to take reasonable steps to safeguard rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the responsible party’s side, to be able to express your point of view and to contest the decision.

j. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, work place or the place of the alleged infringement, in case you consider the personal data processing does infringe the GDPR.

The supervisory authority addressed with your complaint will inform the complainant about the status quo and the outcome of the complaint, including a possible judicial remedy according to Article 78 GDPR.

The supervisory authority in charge is the

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)

Helga Block

PO Box 20 04 44

40102 Düsseldorf

or:

Kavalleriestraße 2-4

40213 Düsseldorf

11. Contact person for data protection

The responsible person according to the DSGVO is:

Dr. Jafar Jorjani

Rochusstraße 289

53123 Bonn

Phone: +49 (0) 151 64 64 73 70

Homepage: https://www.jorjani.de

12. Changes to this statement

In view of legal, technical or business developments this privacy statement might occasionally be updated. If our privacy statement will be updated, we will – depending on the importance of made changes – take reasonable steps to notify you. We will obtain your consent for any essential alteration to the privacy policy realized according to the extent required by relevant data protection laws. Our “Last update” will be quoted at the end of this privacy policy.

Last update: 10 July 2020