A. Privacy Policy according to the GDPR
We take the protection of your personal data very seriously and comply with the rules of data protection laws. Personal data is only collected on this website to the extent necessary for technical purposes. Under no circumstances will the collected data be sold or unlawfully disclosed to third parties.
With the following statement, we would like to provide you with an overview of the data collected, the purpose of the collection, and how we ensure the protection of your data. This privacy policy according to the GDPR informs you about the type, scope, and purpose of processing personal data within our company and related online offerings, as well as external online services such as social media profiles. The terms used below are defined in Article 4 of the General Data Protection Regulation (GDPR). [Link to Article 4 of the GDPR] (https://gdpr-info.eu/art-4-gdpr/)
I. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:
Praxis Dr. med. Frank Riedel Facharzt für Allgemeinmedizin
Dr. med. Frank Riedel
Karl-Marx-Str. 1
15926 Luckau
Germany
Tel.: 03544 2232
Email:
Website: www.riedel-luckau.de
II. Name and address of the data protection officer
No data protection officer has been appointed. The data controller will provide the necessary information.
III. General information on data processing
1. Scope of processing personal data
We collect and use personal data of our users only to the extent necessary to provide a functioning website/online shop, as well as our content and services, or to facilitate business transactions initiated by the customer. The collection and use of personal data of our users is generally only carried out with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.
Types of personal data processed within this online offering include inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of contact persons, payment information), usage data (e.g., visited pages of our online offering, interest in our products), and content data (e.g., entries in the contact form).
The term "users" includes all categories of individuals affected by the data processing. This includes our business partners, customers, interested parties, and other visitors to our online offering. The terms used, such as "users," are to be understood in a gender-neutral manner.
We process personal data of users only in compliance with applicable data protection regulations. This means that user data is processed only if there is a legal basis for the processing. This includes, in particular, cases where data processing is necessary for the performance of our contractual services (e.g., processing of orders) and online services, compliance with legal obligations, user consent, and our legitimate interests (i.e., interest in analyzing, optimizing, and operating our online offering in an economically efficient and secure manner in accordance with Art. 6(1)(f) of the GDPR, particularly for reach measurement, creation of profiles for advertising and marketing purposes, collection of access data, and use of third-party services).
We would like to point out that the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 of the GDPR, the legal basis for processing to perform our services and carry out contractual measures is Art. 6(1)(b) of the GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) of the GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) of the GDPR.
2. Security measures
We implement organizational, contractual, and technical security measures to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction, or unauthorized access. These security measures include, in particular, encrypted transmission of data between your browser and our server.
2.1 SSL encryption
For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator, this site uses SSL encryption. You can recognize an encrypted connection by the change in the address line of your browser from "http://" to "https://" and the lock symbol in your browser line. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
3. Legal basis for the processing of personal dataIf we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis. If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
4. Data erasure and storage durationPersonal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.
IV. Provision of the website and creation of log files1. Description and scope of data processingEach time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
- Information about the browser type and version
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system accessed our website
- Websites accessed by the user's system through our website
The data is also stored in our system's log files. Storage of this data together with other personal data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. Furthermore, the data is used for optimizing the website and ensuring the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) of the GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of data collected to provide the website, this occurs when the respective session is ended.
In the case of storing data in log files, this is the case after a maximum of seven days. Further storage is possible. In this case, the IP addresses of users are deleted or anonymized, so that an assignment of the accessing client is no longer possible. If further retention of data is necessary for evidentiary purposes, the deletion of the data will be postponed until the matter is finally clarified.
5. Objection and removal options
The collection of data to provide the website and the storage of data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Language settings
- Items in a shopping cart
- Log-in information
- Session ID
- Furthermore, we use cookies on our website that allow an analysis of the users' browsing behavior.
The following data can be transmitted in this way:
Entered search terms
Frequency of page views
Use of website functions
The data collected from users in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When accessing our website, users are informed about the use of cookies for analysis purposes through an info banner and referred to this privacy policy. In this context, there is also an explanation of how the storage of cookies can be prevented in the browser settings.
2. Legal basis for data processingThe legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR.
3. Purpose of data processingThe purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for these functions that the browser is recognized even after a page change.
We require cookies for the following applications:
Shopping cart
Language settings
Remembering search terms
The user data collected through technically necessary cookies is not used to create user profiles.
The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in processing personal data under Article 6(1)(f) of the GDPR.
4. Duration of storage, objection, and removal optionsCookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully utilize all functions of the website.
VI. Newsletter1. Description and scope of data processingOn our website, you have the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.
This data typically includes the email address, and optionally, at the user's request, the name and/or first name to address the newsletter recipient personally if desired.
The following data is also collected during registration:
- IP address of the accessing computer
- Date and time of registration
For processing the data, your consent is obtained as part of the registration process via double opt-in, and reference is made to this privacy policy.
If you purchase goods or services on our website and provide your email address, it may be used by us to send newsletters. In such a case, the newsletter will exclusively contain direct advertising for our own similar goods or services.
In connection with the data processing for the purpose of newsletter distribution, the data is not disclosed to third parties. The data is used solely for the purpose of sending the newsletter.
Newsletter service provider
The newsletters are sent using the service provider Jegasoft Media e.K., Berliner Chaussee 20, 15907 Lübben, Germany. You can view the privacy policy of the service provider here: www.jegasoft.de/datenschutz. The service provider is used based on our legitimate interests according to Article 6(1)(f) of the GDPR and a data processing agreement according to Article 28(3)(1) of the GDPR.
The service provider may use the recipient's data in pseudonymous form, i.e., without associating it with a user, for the optimization or improvement of its own services, such as for the technical optimization of newsletter delivery and display, or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to contact them directly or to disclose the data to third parties.
Newsletter - Measurement of Success
The newsletters may contain a tracking pixel, which is a pixel-sized file that is retrieved from our server, or if we use a service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, are initially collected.
These pieces of information are used for the technical improvement of services based on technical data or target groups, as well as for analyzing reading behavior based on retrieval locations (which can be determined using the IP address) or access times. The statistical analysis also includes determining whether the newsletter is opened, when it is opened, and which links are clicked. While these pieces of information can be associated with individual newsletter recipients for technical reasons, neither our intention nor that of the service provider is to observe individual users. The evaluations are used to understand the reading habits of our users and to tailor our content to them or to send different content based on the interests of our users.
2. Legal basis for data processing
The legal basis for processing the data after the user subscribes to the newsletter, provided the user has given consent, is Article 6(1)(a) of the GDPR.
The legal basis for sending the newsletter as a result of the sale of goods or services is § 7(3) of the German Unfair Competition Act (UWG).
3. Purpose of data processing
The collection of the user's email address is used to deliver the newsletter.
The collection of other personal data during the registration process is aimed at preventing abuse of the services or the email address used and improving the user experience.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user's email address and any additional voluntary information are stored as long as the newsletter subscription is active.
Other personal data collected during the registration process is usually deleted after a period of seven days.
5. Objection and removal options
The newsletter subscription can be canceled by the user at any time. Each newsletter contains a corresponding link for this purpose.
VII. Registration
1. Description and scope of data processing
On our website, we optionally offer users the opportunity to register by providing personal data. The data is entered into an input mask, transmitted to us, and stored. The data is not passed on to third parties. During registration, the user is informed about the required mandatory information. The data entered during registration is used and stored for the purpose of using the services.
At the time of registration, the following data is also stored:
The user's IP address
Date and time of registration
During the registration process, the user's consent to the processing of this data is obtained.
2. Legal basis for data processing
The legal basis for processing the data, provided the user has given consent, is Article 6(1)(a) of the GDPR.
If registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, an additional legal basis for data processing is Article 6(1)(b) of the GDPR.
3. Purpose of data processing
Registration of the user is necessary for providing certain content and services on our website.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.
This is the case for the data collected during the registration process when the registration on our website is canceled or modified.
5. Objection and removal options
As a user, you have the opportunity to cancel your registration at any time. You can also have the data stored about you modified or delete it independently in your customer account.
VIII. Contacting Us (e.g., via contact form, email, telephone, or social media)
1. Description and Scope of Data Processing
When contacting us, whether through a contact form, email, telephone, or social media, the user's information is processed for the purpose of handling and processing the contact request in accordance with Art. 6(1)(b) of the General Data Protection Regulation (GDPR). The user's information may be stored and processed in a CRM system (Customer Relationship Management system) or a comparable administrative software.
Furthermore, our website provides a contact form that can be used for electronic communication. If a user chooses to use this form, the data entered into the input mask will be transmitted to us and stored. The user's information may be stored and processed in a CRM system or a comparable administrative software. During the completion of the contact form, the user will be informed about the mandatory fields.
At the time of sending the message, the following data will also be stored:
The user's IP address
Date and time of registration
For the processing of data, the user's consent is obtained during the sending process, and reference is made to this privacy policy.
Alternatively, contact can be made via the provided email address, telephone number, or linked social media. In this case, the personal data transmitted with the respective inquiry will be stored.
The data will not be disclosed to third parties. The data will be used exclusively for processing the conversation.
2. Legal Basis for Data Processing
The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.
If the contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of Data Processing
The processing of personal data from the user's information serves solely to process the contact request. In the case of contact via email, there is also a necessary legitimate interest in processing the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and ensure the security of our information technology systems.
4. Storage Duration
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the contact form input mask and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter at hand has been conclusively resolved.
The additional personal data collected during the sending process will be deleted no later than seven days after the transmission.
5. Right to Object and Erasure
The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
The objection to the processing of personal data can be made at any time by email or by post.
In this case, all personal data stored in connection with the contact will be deleted.
IX. Commenting on Blogs and/or Guestbooks
We offer you the opportunity to leave comments on individual posts on our website. In this context, the IP address of the author/connection holder is stored. This storage is for our own protection in case the author's comment violates the rights of third parties or contains unlawful content. Therefore, we have a legitimate interest in the stored data of the author, as we may be held liable for such legal violations. The data will not be disclosed to third parties. There is also no matching of this data with other components of our website.
X. Web Analytics through Google Analytics
1. Scope of processing personal data
We use Google Analytics, a web analytics service provided by Google LLC ("Google"), on our website based on our legitimate interests (i.e., our interest in analyzing, optimizing, and running our online offering in accordance with Art. 6(1)(f) of the General Data Protection Regulation (GDPR)). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to a Google server in the United States and stored there.
Google is certified under the Privacy Shield agreement, which provides a guarantee of compliance with European data protection law. More information can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with further services related to the use of this online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly.
For more information about Google's data usage, settings, and opt-out options, please visit Google's websites: https://www.google.com/intl/en/policies/privacy/partners (Data use by Google) http://www.google.com/policies/technologies/ads (Data use for advertising purposes) http://www.google.com/settings/ads (Manage information that Google uses to show you ads) Legal basis for the processing of personal data The legal basis for the processing of users' personal data is Art. 6(1)(f) of the GDPR.
2.Purpose of data processing
The processing of users' personal data allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in processing the data in accordance with Art. 6(1)(f) of the GDPR also lies in these purposes. By anonymizing the IP address, the users' interest in protecting their personal data is adequately taken into account.
3. Duration of storage
The analysis data will be deleted as soon as it is no longer required. We review the necessity every two years. Furthermore, statutory retention obligations apply.
4. Objection and removal options
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time, which can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully usable. In addition, users can prevent Google from collecting and processing data generated by the cookie related to their use of the online offering by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
XI. Marketing Services & Social Plugins
1. Google Re/Marketing Services
Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and running our online offering in accordance with Art. 6(1)(f) of the GDPR), we may use the marketing and remarketing services (collectively referred to as "Google Marketing Services") provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google is certified under the Privacy Shield agreement, which provides a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
The Google Marketing Services allow us to display targeted advertisements for our website to users and to present users with ads that potentially align with their interests. For example, if a user is shown ads for products they have shown interest in on other websites, this is referred to as "remarketing". For these purposes, when our website or other websites with active Google Marketing Services are accessed, a code from Google is executed and so-called (re)marketing tags (invisible graphics or code, also known as "pixel tags") are embedded in the website. These tags enable an individual cookie, a small file, to be stored on the user's device (instead of cookies, comparable technologies may also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user has visited, which content they are interested in, which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit duration, and other information about the use of the online offering. The IP address of users is also captured. Within the scope of Google Analytics, we inform Google that the IP address will be truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, and only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. The IP address will not be merged with other data from the user within other Google offerings. The aforementioned information may also be linked by Google with information from other sources. Subsequently, when the user visits other websites, they may be shown ads tailored to their interests.
The user data is processed pseudonymously within the scope of the Google Marketing Services. This means that Google does not store or process the names or email addresses of users but processes the relevant data in cookie-related pseudonymous user profiles. From Google's perspective, the ads are not managed and displayed for a specifically identified person but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the United States.
Among the Google Marketing Services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". As a result, cookies cannot be tracked through the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are provided with the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
We may include third-party ads through the Google Marketing Service "AdSense". AdSense uses cookies that allow Google and its partner websites to display ads based on users' visits to this website or other websites on the internet.
Furthermore, we may use the "Google Tag Manager" to incorporate and manage Google Analytics and marketing services on our website.
For more information about data usage for marketing purposes by Google, please visit the overview page: https://www.google.com/policies/technologies/ads. The Google privacy policy is available at https://www.google.com/policies/privacy.
If you wish to opt out of interest-based advertising through Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
2. Facebook Pixel, Custom Audiences, and Facebook Conversion
Within our online offering, we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, based on our legitimate interests in analyzing, optimizing, and economically operating our online offering.
Facebook is certified under the Privacy Shield agreement and thus provides a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
The processing of data by Facebook is carried out within the framework of Facebook's data policy. Therefore, please refer to the general information on the display of Facebook ads in Facebook's data policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and its functioning, please refer to the Help section of Facebook: https://www.facebook.com/business/help/651294705016616.
You can object to the collection and use of your data by the Facebook Pixel for displaying Facebook ads. To adjust the types of ads shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. These settings are platform-independent, meaning they apply to all devices such as desktop computers or mobile devices.
You can also object to the use of cookies for reach measurement and advertising purposes through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices).
3. Google Translate
To enable you to use our websites in other languages, we may offer you the option to activate Google Translate. For privacy reasons, we have deactivated the Google Translate function by default. The corresponding text "Select Language" is therefore displayed in gray. No data is transmitted to Google in this setting. Only when you activate the Google Translate function by clicking on the text "Select Language," data is transmitted to Google. This data includes the URL of the visited page as well as your IP address. Please note that we have no influence over the processing of your data by Google. You can find privacy information about Google products at https://www.google.com/intl/de/policies/.
4. Online presence on social media
We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms of service and data processing policies of their respective operators apply.
Unless otherwise stated in our privacy policy, we process user data if they communicate with us within social networks and platforms, for example, by posting on our online presences or sending us messages.
XII. Integration of Third-Party Services and Content
Within our online offering, based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) of the GDPR), we may use content or service offerings from third-party providers to incorporate their content and services, such as videos or fonts (hereinafter collectively referred to as "content").
This always requires that the third-party providers of this content receive users' IP addresses because they cannot send the content to users' browsers without the IP address. Transmitting your IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "pixel tags") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may be stored in cookies on users' devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering. It may also be linked to such information from other sources.
1. Integration of Google Maps
(1.1) On this website, we use the services of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
(1.2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in Section 3 of this statement will be transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or customizing its website. Such evaluation is carried out, in particular, even for users who are not logged in to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.
(1.3) For more information about the purpose and scope of data collection and its processing by the plugin provider, please refer to the provider's privacy policy. There, you will also find further information about your rights and options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Opt-Out: https://adssettings.google.com/authenticated.
2. Vimeo
We integrate videos from the platform "Vimeo" provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
Privacy Policy: https://vimeo.com/privacy.
3. YouTube
We integrate videos from the platform "YouTube" provided by "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland."
Privacy Policy: https://www.google.com/policies/privacy,
Opt-Out: https://adssettings.google.com/authenticated.
4. Google Fonts
We integrate the fonts ("Google Fonts") from the provider "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland". Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
5. Google ReCaptcha
We integrate the function for detecting bots, e.g., in online forms ("ReCaptcha") from the provider "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland". Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
6. jQuery
On this page, we use Ajax and jQuery technologies, which, among other things, optimize the loading speed. In this regard, program libraries are called from Google servers. The CDN (Content Delivery Network) from Google is used. If you have previously used jQuery on another page from the Google CDN, your browser will access the cached copy. If this is not the case, it requires downloading, which involves data being sent from your browser to Google. Your data will be transferred to the USA. For more information, please visit the provider's websites. Privacy Policy: https://www.google.com/policies/privacy/
The external code of the JavaScript framework "jQuery" is provided by the third-party provider jQuery Foundation, https://jquery.org.
7. Google Calendar
For the event calendar integrated into this website, we use the corresponding service from "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland" ("Google"). You can find the privacy policy of Google Inc. at https://www.google.com/intl/de/policies/privacy/.
8. Adobe Flash
Our online offering may use Adobe Flash technologies from Adobe, which may access the Flash Player installed on your system. In this process, shared objects (known as "Flash cookies") can be stored on your system. Depending on the browser you use, these can be managed and deleted using the browser's cookie handling settings. Flash cookies are also cross-browser. This means that users can be identified even if they use a different browser, as long as the cookie is stored on the computer.
In any case, you can control and, if necessary, disable and delete these Flash cookies using the Settings Manager of your Flash Player. For more information on how the Settings Manager works, please visit the following link: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
9. Smartlook
To improve our website, we use the analytics tool "Smartlook" from Smartsupp.com, s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic, which enables anonymized analysis of the usage of zalvus.com. Anonymized usage logs are stored in accordance with legal regulations and automatically deleted after three days. For more information, please refer to Smartsupp's privacy policy: https://www.smartsupp.com/privacy
10. Use of Social Media Plugins
(9.1) We may use the following social media plugins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr, Instagram, Pinterest, Immobilien Scout 24, Tripadvisor, Whatsapp]. We employ the so-called two-click solution. This means that when you visit our site, personal data is not initially transmitted to the providers of the plugins. You can identify the plugin provider by the marker on the box containing their initial letter or logo. We provide you with the option to communicate directly with the plugin provider by clicking on the button. Only when you click on the marked field and activate it, the plugin provider receives the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned in § 3 of this statement is transmitted. According to the respective providers, the IP address is anonymized immediately after collection for Facebook and Xing in Germany. By activating the plugin, personal data about you is transmitted to the respective plugin provider and stored there (for US-based providers, in the USA). Since the plugin provider primarily collects data through cookies, we recommend that you delete all cookies through the security settings of your browser before clicking on the grayed-out box.
(9.2) We have no influence on the data collected and the data processing operations, nor do we have knowledge of the full extent of data collection, the purposes of processing, or the storage periods. We also have no information about the deletion of data collected by the plugin provider.
(9.3) The plugin provider stores the data collected about you as usage profiles and uses them for advertising, market research, and/or personalized design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display personalized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact the respective plugin provider to exercise this right. Through the plugins, we offer you the opportunity to interact with social networks and other users, which allows us to improve our offering and make it more interesting for you as a user. The legal basis for using the plugins is Art. 6(1)(f) of the GDPR.
(9.4) The data is transferred regardless of whether you have an account with the plugin provider or are logged in there. If you are logged in to the plugin provider, your data collected by us will be directly associated with your existing account with the plugin provider. If you activate the button and, for example, link the page, the plugin provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, to prevent the association with your profile at the plugin provider.
(9.5) For more information on the purpose and scope of data collection and its processing by the plugin provider, please refer to the privacy policies of these providers provided below. There, you will also find further information about your rights and privacy settings options for your protection.
(9.6) Addresses of the respective plugin providers and URLs with their privacy policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
- Facebook is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Google Inc., "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland"; https://www.google.com/policies/privacy/partners/?hl=en. Google is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
- T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Flattr Network Ltd., 2nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, United Kingdom; https://flattr.com/privacy.
- Instagram, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Instagram's Privacy Policy: http://instagram.com/about/legal/privacy/
- Pinterest, Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. Pinterest's Privacy Policy: https://about.pinterest.com/en/privacy-policy.
- Immobilien Scout 24, Immobilien Scout GmbH, Andreasstr. 10, 10243 Berlin, Germany. ImmobilienScout's Privacy Policy: https://www.immobilienscout24.de/agb/datenschutz.html
- Tripadvisor, Tripadvisor Inc., 141 Needham Street, Newton, MA 02464, USA. Tripadvisor's Privacy Policy: https://tripadvisor.mediaroom.com/DE-privacy-policy
- Whatsapp, WhatsApp Inc., 650 Castro Street, Suite 120-219 Mountain View, California, 94041 USA. You can find an overview of WhatsApp plugins here: www.whatsappbrand.com. WhatsApp's Privacy Policy: www.whatsapp.com/legal. If you do not want WhatsApp to associate your visit to our pages with your WhatsApp user account, please log out of your WhatsApp user account.
XIII. Rights of the data subjectIf your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the controller:
1. Right to informationYou can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request the following information from the controller:
- The purposes for which the personal data are processed.
- The categories of personal data that are processed.
- The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed.
- The planned duration of storage of the personal data concerning you or, if specific information on this is not possible, the criteria for determining the storage period.
- The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing.
- The existence of a right to lodge a complaint with a supervisory authority.
- All available information on the origin of the data if the personal data were not collected from the data subject.
- The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
2. Right to rectificationYou have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller shall make the rectification without undue delay.
3. Right to restriction of processingUnder the following conditions, you may request the restriction of the processing of personal data concerning you:
If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data.
If the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
If the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
If you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing restriction has been obtained according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasurea) Obligation to erase
You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following grounds applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR was based, and there is no other legal ground for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
The personal data concerning you have been unlawfully processed.
The erasure of the personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
b) Notification to third parties
If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Article 17(1) of the GDPR, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise, or defense of legal claims.
5. Right to notificationIf you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.
6. Right to data portabilityYou have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
You have the option to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
8. Right to withdraw consent
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for entering into or performance of a contract between you and the controller,
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR unless Article 9(2)(a) or (g) applies, and suitable measures to safeguard your rights and freedoms and legitimate interests have been implemented.
With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall include, at least, the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
XIV. Data Processors
We engage external service providers (data processors), such as for the shipment of goods, newsletters, or payment processing. A separate data processing agreement has been concluded with the service provider to ensure the protection of your personal data.
We work with the following service providers:
Data center & domain and web services, marketing and PR services
Jegasoft Media e.K., Berliner Chaussee 20,
15907 Lübben, Germany. Privacy policy: www.jegasoft.de/datenschutz.