Curalie GmbH Privacy Statement
Last Updated: 05.09.2023
For CURALIE GMBH, responsible handling of personal data is a high priority. We want you as a user to know what data is collected and processed by us. Our company processes this data on the basis of the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). Below you will find a description of what data is processed as part of our general business relationship and during your visit to our website.
Please note the following: what data is collected during your use of our website and, if applicable, processed by us or third parties depends on the services you request or use. This means for you:
- Without your consent, we will only process data that is necessary for the operation of the website.
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States including other data protection provisions for the processing of your data is CURALIE GMBH.
Leipziger Straße 61A, 10117 Berlin
Tel.:+49 (0) 30 549 071 27
Contacting the data protection officer
Should any questions arise on your part regarding the processing of your personal data, or should you have any suggestions or complaints, you can contact our data protection officer. We recommend that you send confidential information exclusively by post.
For example, you can send questions to our data protection officer via the following e-mail address: (email@example.com).
I Reasons for collecting data
CURALIE GMBH collects personal data exclusively for the purposes described in section 3. Insofar as personal data is collected via the CURALIE GMBH’S website, CURALIE GMBH processes and uses this data for the intended purpose and in accordance with the statutory provisions. If personal data is collected with reference to customers, this is done exclusively within the framework of an agreement that complies with data protection law.
When you visit our website, for example, our web servers temporarily store the connection data of the requesting computer, the pages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you visit us (so-called server log data) as standard for the purpose of system security. Additional personal data such as your name, address, telephone number or e-mail address are not collected. In addition, the server log data is not linked to personal data. The above-mentioned data will be processed by us for the following purposes:
- To ensure a smooth connection is established with our website
- To ensure our website is used properly
- To evaluate system security and stability
- For marketing and analysis purposes
II Data processing
The following passages explain in more detail all categories, as well as their legal basis and the purpose of the data we collect.
1. Personal data in principle and specifically
1.1 What is personal data?
Personal data is data that contains information about the personal or factual circumstances of an identified or identifiable natural person. Examples include IP address, name, home address, telephone numbers or date of birth.
Information regarding frequently visited homepages or the number of users of a site does not allow any direct conclusions to be drawn about identities and is therefore not to be classified as personal data.
1.2 What data is processed?
In the course of using our homepage as well as the basic processes of our business relationship, the following categories of data are processed:
- Personal master data (name, birthday, place of birth, nationality)
- Contract master data (e.g. contractual relationship, or contractual interest)
- Legitimation data (e.g. identity card data)
- Communication data (e.g. telephone, e-mail, address, IP address)
- Customer history
- Contract billing and payment data (health insurance number)
- Planning and control data
- Advertising and sales data
- Documentation data (e.g. minutes from meetings)
- Connection data of the requesting computer (e.g. date and duration of the visit to the website)
- Recognition data of the web browser used
- Necessary transaction data for payment processing (for the use of our offered services)
2. Legal basis for data processing:
2.1 Contractual basis according to Art. 6 para. 1 lit. b GDPR
In the process of creating a contract, we go through various processes that require data processing operations. This also applies to processing operations necessary for the implementation of pre-contractual measures. Art. 6 para. 1 lit. b) GDPR serves as the legal basis here.
- Preparation, negotiation and fulfillment of a contract with you
- Answering inquiries and carrying out pre-contractual measures
- Granting access to certain information and offers
2.2 Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR
There is a possibility that processing of personal data is necessary for the fulfillment of a legal obligation to which CURALIE GMBH is subject, pursuant to Art. 6 para. 1 lit. c) GDPR.
- Official or court order
- Fulfillment of legal storage obligations
2.3 Legitimate corporate interest according to Art. 6 para. 1 lit. f GDPR
If processing is necessary to protect a legitimate interest of CURALIE GMBH or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis. The collected data can be used for the purpose of optimizing our customer relationship for the following topics:
- Communication with customers when contacting them by e-mail
- Establishment or protection of legal claims or defense in legal disputes
- Prevention of abuse or other unlawful activities
- Ensuring data security
- Cookies to ensure data security
2.4 Consent pursuant to Art. 6 para. 1 lit. a GDPR
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis. In case of consent, the following purposes of use and processing are fulfilled:
- Contact possibility via the website
- Pseudonymisiertes web tracking
- (preferences, statistics, marketing)
2.5 Consent pursuant to Art. 6 para. 1 lit. d GDPR
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
3. Purpose of the processing
3.1. Provision of contractually required services to customers and employees
For the processing and execution of a contract with you, we process the personal data required for this purpose. Without processing personal data, we cannot conclude an effective contract with you. Within the context of the processing and execution of a contract conclusion, the processing of personal data is also required by law (e.g. by tax regulations).
3.2 Marketing Purposes
There is a legitimate economic interest in informing the customers of CURALIE GMBH about further offers of our own in order to establish and maintain a long-term customer relationship.
3.3 Statistical purposes/evaluation of data
For the continuous optimization of our website, a statistical evaluation of relevant information takes place. Its usage data as well as a range measurement help us to conduct effective market research and thus to make our website as user-friendly as possible.
We do not change the purpose without your consent. As soon as the purpose has been fulfilled (i.e. the data is no longer required to achieve the purpose for which it was collected), the deletion of your personal data is governed by the respective statutory retention periods. For more information, see also point 13. Data retention.
3.4 Offers of products from Curalie
Curalie GmbH is a provider of health services based on technical applications. We therefore refer to the specific product and service-related data protection declarations for the individual product and service offerings:
4. Collaboration and provision of data
Unless the processing of personal data through the use of our website leads to or is required for the initiation, implementation or termination of a contractual relationship, the fulfillment of contractual obligations or the fulfillment of legal obligations, the provision of personal data is voluntary. If necessary, the non-provision of certain data can lead to limited usability of the website and, if applicable, any additional services.
Within the context of the initiation, commencement, implementation, termination of a contractual relationship, the fulfillment of contractual obligations or the fulfillment of legal obligations between us and you, it is necessary to collect and process certain data required for the aforementioned purposes. Failure to provide such data may result in impairment on the basis of which contractual collaboration is prevented, restricted and/or unfeasible.
5. Passing on of data
Your personal data will only be disclosed if this is necessary for the purpose of processing the contract, if you have given your express consent, if this is required by law or if we have a legitimate interest in disclosing the data.
Within our company, access to your data is only granted to those departments that require it in order to fulfill our contractual and legal obligations. Service providers employed by us who have a processing relationship with our company or are vicarious agents may also come into contact with the data collected.
Within the context of data transfer to external recipients, it is ensured that only necessary personal data is transferred in compliance with the applicable data protection regulations. In addition, data may only be passed on if this is done within the context of fulfilling a contract, if this is required by legal provisions, if you have given your personal consent, or if we as a company are authorized to provide information.
Given these conditions, recipients of personal data may be, for instance:
• Public bodies and institutions (e.g. tax authorities, judicial and law enforcement agencies) if there is a legal or official obligation to do so, such as social security and pension insurance institutions
• Auditors, tax consultants, lawyers
• Service providers that we use within the context of processing relationships, e.g. payment service providers, payroll accounting, personnel management, social media
In the case of an external assignment, however, we assure that the service providers used are subject to a careful selection process and are obligated to comply with all data protection regulations in accordance with Art. 28 GDPR. We also check, as part of a regular data protection review of the service providers commissioned by us, that they have taken appropriate data protection measures to protect personal data, such as the existence of appropriate technical and organizational measures, and can ensure compliance with them.
The transfer of data only takes place on the basis of agreements for the transfer of data in accordance with Art. 28 GDPR (commissioned processing), Art. 26 GDPR (joint responsibility) and, if applicable, in the case of third country transfers, additionally in accordance with the requirements in accordance with Art. 44 ff GDPR (see section 5.1).
DATA TRANSFER TO THIRD COUNTRIES
If data is to be transferred to so-called third countries, i.e., bodies in countries outside the European Union or the European Economic Area, this can only take place on the basis of the fulfillment of certain conditions. In addition to a contractual or legal obligation, so-called suitable guarantees for the protection of personal data are mandatory for this. Data transfer to third countries will therefore only take place if, for example:
- There are legally required reporting obligations under tax law or reports to combat criminal acts.
- We have a legitimate interest in the data transfer.
Data may only be transferred to third countries if an adequate level of data protection has been recognized for the third country by decision of the European Commission. If such a decision is not available, data transfer to third countries can only be considered if „appropriate safeguards“ – such as standard data protection clauses or binding internal data protection regulations (Binding Corporate Rules/BCR/Codes of Conduct and/or certifications) – are used or an exceptional circumstance such as consent applies.
CURALIE GMBH only processes data or has data processed by a third country subject to legal or contractual permissions only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of officially recognized special contractual obligations (so-called „standard contractual clauses“). Due to the current case law of the ECJ (ECJ, judgment Schrems II dated 16.07.2020; ref. C-311/18), the legal basis of data transfer for our users has changed. Additional measures may be required as part of compliance with obligations arising from the recommendations 1/2020 of the European Data Protection Board (EDPB) on measures to supplement transfer tools to ensure the level of protection of personal data under Union law. Please note that the use of our offer of Google AdWords, analytics services may result in data transfers and subsequent processing of usage data of the respective services in the USA and other third countries where a service provider is located.
The basis for any processing activities is the declaration of consent that you have explicitly given us via our cookie banner. In this case, your declaration of consent justifies such data processing on an exceptional and case-by-case basis pursuant to Art. 49 para. 1 lit. a) GDPR. We hereby inform you that in the USA and other countries without an adequacy decision by the European Commission, there is no comparable level of data protection as in the EU and the EEA. It is therefore possible that government agencies in these countries access your personal data on the basis of legal authorizations without us or you knowing about it. Comparable possibilities for your own legal enforcement may not currently exist in these countries, so these do not appear promising.
“You may revoke your consent at any time with effect for the future. Please contact our data protection officer at mailto: firstname.lastname@example.org and delete the corresponding cookies in your Browser.“
6.2 Types of cookies used
Only after giving your voluntary consent (proactive submission) for one or more of the listed types of cookies is it possible to continue navigating our website without restrictions. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR since the proactive consent of the user is a prerequisite here. Only for the setting of the „necessary“ cookies is the legal basis of Art. 6 para. 1 lit. f GDPR decisive. All other cookies that serve the fulfillment of all other purposes, such as individual website optimization, marketing purposes, or statistical evaluation processes of your website activities, require your personal consent.
Below, you will find a list of the cookies used on our website, some of which may also be placed there by third parties:
|Cookie type / category||Name||Provider||Purpose||The process||Type|
|Necessary||Cookie consent||Cookieboot||Stores the user’s consent status for cookies on the current domain.||1 year||HTTP|
|Statistics||_utm.gif||This cookie is used to determine what type of device or browser software the visitor is using – this allows the website to be formatted accordingly.||Session||Pixel|
|Statistics||__utma||Collects data on how many times a user has visited a website, as well as data for the first and last visit. Used by Google Analytics.||2 years||http|
|Statistics||__utmb||Registers a timestamp with the exact time the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.||1 day||http|
|Statistics||__utmc||Registers a timestamp with the exact time the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.||Session||http|
|Statistics||__utmt||Used to throttle the speed of requests to the server.||1 day||HTTP|
|Statistics||__utmz||Collects data on where the user came from, what search engine was used, what link was clicked, and what search terms were used. Used by Google Analytics.||6 months||HTTP|
|Statistics||_ga||Registers a unique ID that is used to generate statistical data about how the visitor uses the website.||2 years||HTTP|
|Statistics||_gat||Is used by Google Analytics to restrict the request rate||1 day||HTTP|
|Statistics||_gid||Registers a unique ID that is used to generate statistical data about how the visitor uses the website.||1 day||HTTP|
|Unclassified||Unclassified cookies are cookies that we are currently trying to classify, along with providers of individual cookies. We don’t use these types of cookies.|
We would like to expressly point out that there is a regular check of the cookies set and that this list on the website may differ from the current checklist (see cookie listing in the cookie banner).
6.3 Basic information on the use of Google services and other third-party providers to whose pages links are provided
We also have no influence on the further processing and use of data by other third-party web services on their pages and can therefore accept no responsibility for this. For the purpose and scope of the data collection and the further processing and use of the data by this service provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to service provider’s privacy on their website.
FURTHER EXPLANATIONS ON THE USE OF GOOGLE ANALYTICS
We use Google Analytics on our website to analyze the surfing behavior of our customers. Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). We collect your consent to use it when you first visit our website, provided that you give your consent to the setting of certain cookies. We use Google Analytics with the additional function offered by Google to anonymize IP addresses. In this case, the IP address is usually already shortened by Google within the EU and only in exceptional cases in the USA and in any case only stored in shortened form.
If you wish to withdraw your consent, you can object to the collection or analysis of your data by this tool by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. A cookie will then be set that prevents the collection of data during future visits to the site.
6.3.1 Further explanations on the use of Google Tag Manager
CURALIE GMBH uses the Google Tag Manager on its website. Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.
6.3.2 Further explanations on the use of Google Ads
CURALIE GMBH uses the Google Ads service (formerly Adwords) on its website. Google Ads is the online advertising program from Google. Via Google Ads, companies can create online ads to reach users at the exact moment when they show interest in the company’s products or services. The ads are mainly based on the search results when the company’s own services are used.
(i) Google Ads remarketing and similar segments features
We use the remarketing and similar segments feature within the Google Ads service. The remarketing function allows us to present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called „Google Ads“ or on other websites). For this purpose, the interaction of the users on our website is analyzed, e.g. which pages the user was interested in, in order to be able to display targeted advertising to the users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a „cookie“, is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular end device and not to identify a person; personal data is not stored.
You can prevent participation in this tracking procedure in various ways:
a. by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;
b. by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;
c. by disabling the interest-based ads of the providers that are part of the „About Ads“ self-regulatory campaign at the link http://www.aboutads.info/choices, with this setting being deleted when you delete your cookies;
d. by permanent deactivation in your browsers Firefox, Internetexplorer or Google Chrome at the link http://www.google.com/settings/ads/plugin,
e. by means of appropriate cookies setting. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
Lifetime of cookies: up to 1 month (this applies only to cookies set through this website).
(ii) Conversion tracking functionality
CURALIE GMBH uses conversion tracking within the Google Ads service to measure on which web pages Riscreen’s advertisements perform best. The conversion tracking cookie is set when a user clicks an ad placed by Google or one of its partners. The cookies set thereupon lose their validity after 30 days and is not used for personal identification. This cookie allows us and Google to identify which ad you visited our website from. Each visitor who came to our site through Google Ads receives a different cookie. The information collected using the conversion cookie is used to determine which visitors triggered a specific action on our website via ads. We learn the total number of users who clicked our ads and which clicks resulted in an action. We will not receive any information with which a user can be personally identified. Users who do not wish to participate in tracking can prevent the setting of a cookie by not giving consent for it or by deleting or deactivating the Google conversion tracking cookie via their web internet browser under user settings. This user then won’t be included in the conversion tracking statistics.
7. Links to third parties
Our website is always working to optimize customer satisfaction and the existing online presence. Therefore, our site may contain links that refer to third-party websites. After actively clicking these links, we withdraw from the responsibility regarding subsequent data processing, as the behavior of third parties is beyond our control. Our company then has neither insight into nor influence on the collection, processing and use of personal data that may be transferred to the third party when the link is clicked.
Data can be accessed here, for example, via the IP address or the URL of the page, as the behavior of third parties is naturally beyond our control. We assume no responsibility for the processing of such personal data by third parties.
8. Social media
8.1 Basic information on social media plugins
On our website, we resort to the use of social plugins from various social networks, which are described in more detail below. Plugins are basically understood to be an independent extension of social network providers. Thus, these plugins are merely a reference to further services or networks and are thus beyond our control. Therefore, CURALIE GMBH has no influence on the type and scope of the data collected and stored via this. When using social media services, depending on the type and scope, the processing is carried out on the basis of:
- commissioned processing pursuant to Art. 28 GDPR, i.e. we are the responsible party,
- joint responsibility pursuant to Art. 26 GDPR, i.e. we are the responsible party for our content and processing, and the service provider is the responsible party for all processing that lies within its sphere of influence,
- or your consent pursuant to Art. 6 para. 1 lit a) GDPR, if you have your own social media account.
- if the services originate in a third country, the processing is also subject to the requirements of Art. 44 GDPR ff.
The following references to social networks and services can be found on our website:
SOCIAL PLUGINS FROM LINKEDIN
We use components of the LinkedIn network on our site. LinkedIn is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time someone accesses our website whose browser is equipped with such a component, this component causes the browser they are using to download a corresponding representation of the component from LinkedIn.
This process informs LinkedIn which specific page of our website is currently being visited. If you click the recommend button while logged into your LinkedIn account, you can link the content of our sites with your LinkedIn profile. This enables LinkedIn to allocate the visit to our pages to your LinkedIn user account.
If you do not want your data to be collected, stored and potentially further used by the respective providers, please do not use the respective plugins. Furthermore, we apply a so-called „2-click solution“, in which we protect you from having your data collected by the providers of the plugins by default when you visit our website.
[If the 2-click solution has not been implemented on the website, it must be checked whether the social plugins are used in compliance with the GDPR. An alternative is, for example, the Shariff solution. The data protection information under item 11 must then be adapted if necessary.]
We operate an Instagram channel at: https://www.instagram.com/curaliehealth/
SOCIAL MEDIA PAGES
To increase our reach, we operate publicly accessible profiles on social networks. Social networks such as Facebook can generally analyze your user behavior extensively as soon as you visit their website. Visiting our social media pages also triggers numerous processing operations relevant to data protection.
Within this context, we process your data in order to be able to contact you in response to your inquiries or posts, as well as to recognize usage preferences (e.g. number of followers, number of views of each page section, user statistics by age, geography, and language) and to be able to adapt and improve our social media page to make it more suitable for the target group. This is a legitimate interest.(Art. 6 para. 1 lit. f) GDPR) The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks.
If you are logged into your account of a social media platform and visit our social media page, the operator of the social media portal can allocate this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective network portal. In this case, this data is collected, for example, by recording your IP address or via cookies that are stored on your device. With the help of the data collected in this way, the operators of the network portals can create user profiles in which your preferences and interests are stored.
When visiting our social media page, both we and the platform operator are jointly responsible for certain processing operations (see 14. Rights of the data subjects) concerning our specific presence. You can therefore assert your rights as a data subject both vis-à-vis our company and the platform operator (e.g. LinkedIn, Xing, …). Please note that despite the joint responsibility in some cases, we do not have full influence on the data processing operations of the network portals. Our options are largely determined by the corporate policy of the respective provider. This also applies, for example, to the retention of personal data. While we delete this directly collected data after the purpose of the processing no longer applies, the revocation of consent to a request to delete data or the discontinuation of the legal basis for data storage, we have no influence on the storage of your data the platform operators have collected and process for their own purposes. In this regard, we refer to the operators of the social networks.
9. Recruiting and applicant management
On the basis of Art. 88 GDPR, §26 para. 1 in conjunction with para. 8 BDSG, we process your personal data in order to check your suitability for a position (or, if applicable, another open position in our company) and to carry out the application process. This check is only carried out insofar as it is necessary for the decision on the establishment of an employment relationship with us. For the exclusive purpose of processing applications, your personal data will always be treated confidentially, i.e. it will only be used for staff recruitment, hiring, and drawing up an employment contract as well as for supporting the internal allocation of positions. In the course of this, it is imperative that employees of the HR department and the department concerned have access to your personal data. If the data should be required for legal prosecution after completion of the application process, if applicable, data processing may take place on the basis of the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest then lies in asserting or defending claims. The data of your application to a job advertisement will be deleted after 6 months at the latest in the event of rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted no later than two (2) years after the last contact. You have the right to revoke your consent at any time with effect for the future.
If you are awarded a position during the application process, the data will be transferred to a personnel file.
As a matter of principle, we do not pass on any of your applicant data to external service providers. However, there may be a legal obligation to pass on the data in accordance with Art. 6 para. 1 p.1 lit. c) GDPR.
In exceptional cases, (e.g. to reimburse the costs of the application process) we will only pass on your data on the basis of your consent (e.g. to our bank).
After receiving your application, your applicant data will be viewed by the responsible HR representative. Suitable applications are then forwarded internally to the department managers responsible for the respective vacancy. The subsequent procedure is then coordinated. Within CURALIE GMBH, only those persons have access to your data who require this for the proper course of our application process.
10. Contact form
On our website, we offer contact forms with which you can contact us electronically. If you use a contact form, the data you enter will be transmitted to us and processed and stored to the extent necessary. If a user makes use of this option, the data entered in the input window will be transmitted to us and part of the data will be stored. Within this context, the data will not be passed on to third parties outside CURALIE GMBH. The data is used exclusively for processing correspondence.
As a rule, the contact form is used to contact us within the context of initiating a contract (Art. 6 para. 1 lit. b) or another legitimate concern (legitimate interest Art. 6 para. 1 lit. f).
If the purpose of the processing is fulfilled, the data will be deleted, provided that no other legal basis is opposed to this. Your right to deletion as well as your other data subject rights remain valid.
11. Automated processing
No automated processing of personal data is carried out by us in such a way that your rights and freedoms are significantly impaired in such a case or in any other form that has a legal effect on you.
12. Data security/TOMs
To ensure that personal data within the scope of processing by us and our service providers, technical and organizational measures have been implemented in accordance with Art. 32 GDPR. All of our employees, as well as the service companies we have carefully selected, are obligated without exception to maintain confidentiality and to comply with the provisions of the applicable data protection laws. Furthermore, our company takes appropriate and state of the art technical and organizational security measures to protect your personal data from loss, alteration, destruction or unauthorized access and disclosure. This includes among others
a) pseudonymisation and encryption of personal data;
b) procedures to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing on a permanent basis;
c) quickly restoring the availability of and access to personal data in the event of a physical or technical incident;
d) procedures for regularly reviewing, assessing and evaluating the effectiveness of the technical and organizational measures to ensure the security of the processing.
13. Data storage
Your data will generally be stored for the duration of the contractual relationship existing with you or with your employer, or as required for the provision of our website and the associated services.
Your personal data may be stored beyond this period if we have a legitimate interest (e.g. postal marketing even after a contract has been fulfilled) in continuing to store it.
A guaranteed deletion takes place after the expiry of the legal or contractual periods – for example, fiscal or commercial retention periods or periods resulting from other legal or statutory reasons. Other data that is not subject to the retention obligation will be deleted after the described purpose ceases to apply.
14. Rights of the data subject
14.1 Right to information, correction or deletion of data
The General Data Protection Regulation grants the right to obtain written information about what data is stored about you (e.g. name, address, …) at any time upon request and free of charge (pursuant to Art. 15 GDPR). Likewise, the GDPR grants a correction (according to Article 16 GDPR) or deletion (according to Article 17 GDPR) of the corresponding data within the scope of the legal requirements.
In the case of stored data relating to business processes, for example, the right to deletion expires and this data is subject to the legal obligation to retain it.
14.2 Right to restrict data processing
You have the right to restrict the processing of your personal data (in accordance with Article 18 GDPR).
14.3 Right to object
Furthermore, for reasons of a special situation, you may have the right to object at any time to data processing that we carry out to protect a legitimate interest.
The further processing of your data will then be discontinued, unless there is evidence of legally regulated compelling reasons worthy of protection for the further processing.
14.4 Right to object to direct marketing
Likewise, a so-called „advertising objection“, i.e. an objection to the processing of your personal data for commercial purposes, is possible at any time. In this regard, it should be noted that for organizational reasons there may be an overlap between (advertising) campaigns already in progress and your objection. Such an objection always applies with effect for the future.
14.5 Right to data transferability
Upon request, transferability of the personal data transmitted by you is also guaranteed by means of provision in a common and machine-readable data format (in accordance with Article 20 GDPR).
14.6 Revocation of consent
The GDPR also grants you the right to revoke your consent to the processing of your personal data, which you have given us for one or more specific purposes, at any time, retroactively.
Due to the explicit effect exclusively in the future, the permission and thus the lawfulness of the processing of your data remains unaffected until the revocation.
You have the right to contact us or the competent supervisory authorities in the event of complaints regarding the processing of your personal data. It is up to you to decide whether to do so by contacting the data protection authority responsible for your place of residence or your federal state or the data protection authority responsible for us:
Berlin Commissioner for Data Protection and Freedom of Information
Tel.: 030 13889-0
Fax: 030 2155050
- 1. Personal data in principle and specifically
- 2. Legal basis for data processing:
- 3. Purpose of the processing
- 4. Collaboration and provision of data
- 6. Cookies
- 7. Links to third parties
- 8. Social media
- 9. Recruiting and applicant management
- 11. Automated processing
- 12. Data security/TOMs
- 13. Data storage
- 14. Rights of the data subject