Privacy Policy

We are very pleased about your interest in our company. Data protection holds particular importance for the management of Földiklinik GmbH & Co. KG. Using the internet pages of Földiklinik GmbH & Co. KG is generally possible without providing personal data. However, if an affected person wishes to use special services from our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the affected person.

The processing of personal data, for example the name, address, email address, or telephone number of an affected person, is always carried out in accordance with the General Data Protection Regulation and in compliance with the applicable national data protection regulations for Földiklinik GmbH & Co. KG. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, affected persons are informed about their rights through this privacy policy.

As the entity responsible for processing, Földiklinik GmbH & Co. KG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, any affected person is free to transmit personal data to us via alternative means, such as by telephone.

1. Definitions

The privacy policy of Földiklinik GmbH & Co. KG is based on the terminology used by the European legislative body in the issuance of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure clarity, we would like to explain the terms used beforehand.

We use the following terms in this privacy policy:

  • a)    Personal Data

    Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  • b)    Data Subject

    Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

  • c)    Processing

    Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • d)    Restriction of Processing

    Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

  • e)    Profiling

    Profiling is any form of automated processing of personal data that consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

  • f)     Pseudonymization

    Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.

  • g)    Controller or Controller Responsible for Processing

    Controller or controller responsible for processing is the natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU law or the law of the member states, the controller or controllers may be designated in accordance with the criteria specified by EU law or the law of the member states.

  • h)    Processor

    Processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

  • i)      Recipient

    Recipient is a natural or legal person, authority, agency, or another body to which personal data are disclosed, whether a third party or not. Authorities that may receive personal data in the course of a particular inquiry under EU law or the law of the member states are not considered as recipients.

  • j)      Third Party

    Third party is a natural or legal person, authority, agency, or any other body besides the data subject, the controller, the processor, and the persons who are under the direct responsibility of the controller or the processor are authorised to process the personal data.

  • k)    Consent

    Consent is any freely given specific and informed indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws of the member states of the European Union, and other provisions of a data protection nature is:

Földiklinik GmbH & Co. KG
represented by Managing Director Berthold Müller
Rösslehofweg 2-6
79856 Hinterzarten
Germany

Tel.: 07652 124 0
Email: info@foeldiklinik.de
Website: www.foeldiklinik.de 

3. Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Christian Dicken
Support-IT Christian Dicken GmbH
Faulerstr. 12
79098 Freiburg
Germany

Tel.: +49 (0)761 630 96 82

Email: kontakt@support-it.de
Website: www.support-it.de 

Any affected person can contact our Data Protection Officer directly at any time with questions and suggestions regarding data protection.

4. Cookies

The internet pages of Földiklinik GmbH & Co. KG use cookies. Cookies are text files that are stored and saved on a computer system via an internet browser.

Many internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows the visited internet pages and servers to differentiate the individual browser of the affected person from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

By using cookies, Földiklinik GmbH & Co. KG can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.

With the help of a cookie, the information and offers on our website can be optimized in the interest of the user. Cookies allow us, as mentioned before, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. The user of a website that uses cookies does not have to re-enter their access data every time they visit the website, because this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The affected person can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the affected person disables the setting of cookies in the internet browser used, under certain circumstances not all functions of our website will be fully usable.

5. Collection of General Data and Information

The website of Földiklinik GmbH & Co. KG collects a series of general data and information with each call of the website by an affected person or an automated system. This general data and information are stored in the server's log files. The following can be collected: (1) the types and versions of the browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the subpages that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, Földiklinik GmbH & Co. KG does not draw conclusions about the affected person. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, these anonymized data and information are statistically evaluated by Földiklinik GmbH & Co. KG with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymized data of the server log files are stored separately from all personal data provided by an affected person.

6. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the affected person only for the period necessary to achieve the storage purpose or as required by the European legislative body or any other legislator in laws or regulations under which the controller is subject.

If the storage purpose ceases to apply or a storage period prescribed by the European legislative body or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

7. Rights of the Affected Person

  • a)    Right to Confirmation

    Every affected person has the right granted by the European legislative body to request from the controller confirmation as to whether personal data concerning them is being processed. If an affected person wishes to exercise this confirmation right, they may contact an employee of the controller at any time.

  • b)    Right to Access

    Every person affected by the processing of personal data has the right granted by the European legislative body to obtain at any time from the controller free information about the personal data stored concerning them and a copy of this information. In addition, the European legislative body grants the affected person the right to receive information about the following:

    • the purposes of processing
    • the categories of personal data being processed
    • the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, in particular, for recipients in third countries or international organizations
    • if possible, the planned duration for which the personal data will be stored, or if not possible, the criteria for determining this duration
    • the existence of the right to rectification or erasure of personal data concerning them or to the restriction of processing by the controller or to object to this processing
    • the existence of a right to lodge a complaint with a supervisory authority
    • if the personal data is not collected from the affected person: all available information about the source of the data
    • the existence of automated decision-making, including profiling, according to Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved as well as the significance and the intended consequences of such processing for the affected person

    In addition, the affected person has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the affected person also has the right to be informed about the adequate guarantees relating to the transfer.

    Should an affected person wish to exercise this right of access, they may contact an employee of the controller at any time.

  • c)    Right to Rectification

    Every person affected by the processing of personal data has the right granted by the European legislative body to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Furthermore, the affected person has the right, taking into account the purposes of the processing, to have incomplete personal data completed — including by means of a supplementary statement.

    Should an affected person wish to exercise this right of rectification, they may contact an employee of the controller at any time.

  • d)    Right to Erasure (Right to be Forgotten)

    Every person affected by the processing of personal data has the right granted by the European legislative body to request from the controller that personal data concerning them be erased without undue delay, provided that one of the following reasons applies and the processing is not necessary:

    • The personal data has been collected for such purposes or processed in such a way that it is no longer necessary.
    • The affected person withdraws their consent on which the processing is based according to Article 6 (1) a GDPR or Article 9 (2) a GDPR and there is no other legal basis for the processing.
    • The affected person objects to the processing according to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the affected person objects according to Article 21 (2) GDPR.
    • The personal data has been processed unlawfully.
    • The erasure of personal data is necessary for compliance with a legal obligation under Union or member state law to which the controller is subject.
    • The personal data has been collected in relation to the offer of information society services according to Article 8 (1) GDPR.

    Should one of the above reasons apply and an affected person wish to request the erasure of personal data stored at Földiklinik GmbH & Co. KG, they may contact an employee of the controller at any time. The employee of Földiklinik GmbH & Co. KG will ensure that the erasure request is complied with immediately.

    If the personal data has been made public by Földiklinik GmbH & Co. KG and our company is obliged to erase the personal data according to Article 17 (1) GDPR, Földiklinik GmbH & Co. KG shall take into account the available technology and the implementation costs reasonable measures, including technical measures, to inform other controllers processing the published personal data that the affected person has requested the erasure of all links to this personal data or of copies or replications of this personal data, as long as processing is not necessary. The employee of Földiklinik GmbH & Co. KG will take the necessary steps on a case-by-case basis.

  • e)    Right to Restriction of Processing

    Every person affected by the processing of personal data has the right granted by the European legislative body to request from the controller the restriction of processing if one of the following applies:

    • The accuracy of the personal data is contested by the affected person, for a duration that allows the controller to verify the accuracy of the personal data.
    • The processing is unlawful and the affected person opposes the erasure of the personal data and requests instead the restriction of their use.
    • The controller no longer needs the personal data for the purposes of processing, but the affected person needs it for the establishment, exercise or defense of legal claims.
    • The affected person has lodged an objection to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the affected person.

    Should one of the above conditions apply and an affected person wish to request the restriction of personal data stored at Földiklinik GmbH & Co. KG, they may contact an employee of the controller at any time. The employee of Földiklinik GmbH & Co. KG will initiate the restriction of processing.

  • f)     Right to Data Portability

    Every person affected by the processing of personal data has the right granted by the European legislative body to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent according to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract according to Article 6 (1) b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    Furthermore, the affected person has the right to have their personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not harm the rights and freedoms of others.

    To assert the right to data portability, the affected person may contact an employee of Földiklinik GmbH & Co. KG at any time.

  • g)    Right to Object

    Every person affected by the processing of personal data has the right granted by the European legislative body, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them which is based on Article 6 (1) e or f GDPR. This also applies to profiling based on these provisions.

    If an affected person objects to the processing, Földiklinik GmbH & Co. KG will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the affected person, or the processing is necessary for the establishment, exercise, or defense of legal claims.

    If Földiklinik GmbH & Co. KG processes personal data in order to carry out direct marketing, the affected person has the right to object at any time to the processing of personal data concerning them for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If the affected person objects to Földiklinik GmbH & Co. KG to the processing for the purposes of direct marketing, Földiklinik GmbH & Co. KG will no longer process the personal data for these purposes.

    Furthermore, the affected person has the right to object on grounds relating to their particular situation against the processing of personal data concerning them, which is carried out by Földiklinik GmbH & Co. KG for scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

    To exercise the right to object, the affected person may contact any employee of Földiklinik GmbH & Co. KG directly or another employee. The affected person is also free to exercise their right to object in relation to the use of information society services, irrespective of Directive 2002/58/EC, through automated procedures that use technical specifications.

  • h)    Automated Decisions in Individual Cases, Including Profiling

    Every person affected by the processing of personal data has the right granted by the European legislative body not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into, or performance of, a contract between the affected person and the controller, or (2) is based on Union or member state laws to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

    If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller or (2) is based on the data subject’s explicit consent, Földiklinik GmbH & Co. KG shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, which shall at least include the right to obtain intervention by a person on the part of the controller, to express their point of view and to contest the decision.

    Should the affected person wish to assert rights concerning automated decisions, they may contact an employee of the controller at any time.

  • i)      Right to Withdraw Consent Concerning Data Protection

    Every person affected by the processing of personal data has the right granted by the European legislative body to withdraw their consent to the processing of personal data at any time.

    If an affected person wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.

8. Data Protection Regulations Regarding the Use and Application of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an online community that enables users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allows the online community to provide personal or company-related information. Facebook allows users of the social network, among other things, to create private profiles, upload photos, and connect through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data processing issues, if a data subject lives outside the USA or Canada, the responsible legal entity is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By accessing any individual page of this website operated by the controller, on which a Facebook component (Facebook plugin) is integrated, the internet browser on the information technology system of the affected person is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plugins can be retrieved at https://developers.facebook.com/docs/plugins/?locale=en_GB. In the course of this technical procedure, Facebook becomes aware of which specific subpage of our website has been visited by the affected person.

If the affected person is simultaneously logged into Facebook, Facebook recognizes each time our website is accessed by the affected person and throughout the entire duration of their stay on our website, which specific subpage of our website the affected person is visiting. This information is collected by the Facebook component and assigned to the affected person’s Facebook account. If the affected person clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or comments, Facebook assigns this information to the personal Facebook user account of the affected person and stores this personal data.

Facebook receives information through the Facebook component whenever the affected person visits our website, if they are logged in to Facebook at the time of accessing our website; this occurs regardless of whether the affected person clicks on the Facebook component or not. If the affected person does not wish for such transmission of this information to Facebook, they can prevent the transmission by logging out of their Facebook account before visiting our website.

The data protection policy published by Facebook, accessible at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the settings options Facebook provides to protect the privacy of the data subject. In addition, various applications are available that allow the affected person to suppress data transmission to Facebook. Such applications can be used by the affected person to suppress data transmission to Facebook.

9. Data Protection Regulations Regarding the Use and Application of Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also distribute such data in other social networks.

The operating company of the Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

By accessing any individual page of this website operated by the controller, on which an Instagram component (Insta button) is integrated, the internet browser on the information technology system of the affected person is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. In the course of this technical procedure, Instagram becomes aware of which specific subpage of our website has been visited by the affected person.

If the affected person is simultaneously logged into Instagram, Instagram recognizes each time our website is accessed by the affected person and during the entire duration of their stay on our website, which specific subpage the affected person is visiting. This information is collected by the Instagram component and assigned to the affected person’s Instagram account. If the affected person clicks one of the Instagram buttons integrated on our website, the data and information transmitted in this way is assigned to the personal Instagram user account of the affected person and stored and processed by Instagram.

Instagram receives information through the Instagram component whenever the affected person visits our website if they are logged into Instagram at the time; this occurs independently of whether the affected person clicks on the Instagram component or not. If the affected person does not wish for such transmission of this information to Instagram, they can prevent the transmission by logging out of their Instagram account prior to visiting our website.

Further information and the applicable data protection regulations of Instagram can be accessed at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

10. Data Protection Regulations Regarding the Use and Application of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that connects users with existing business contacts and allows the formation of new business contacts. More than 400 million registered people use LinkedIn in over 200 countries. Therefore, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time an individual retrieval of our website, which is equipped with a LinkedIn component (LinkedIn plugin) is made, this component causes the browser used by the affected person to download the corresponding display of the LinkedIn component. Further information on LinkedIn plugins can be accessed at https://developer.linkedin.com/plugins. In the course of this technical procedure, LinkedIn becomes aware of which specific subpage of our website has been visited by the affected person.

If the affected person is simultaneously logged into LinkedIn, LinkedIn recognizes each time our website is accessed by the affected person during their stay on our website, which specific subpage of our website the affected person is visiting. This information is collected by the LinkedIn component and assigned to the affected person’s LinkedIn account. If the affected person clicks one of the buttons integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the affected person and stores this personal data.

LinkedIn receives information through the LinkedIn component whenever the affected person visits our website, if they are logged into LinkedIn at the time of accessing our website; this occurs independently of whether the affected person clicks on the LinkedIn component or not. If the affected person does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account prior to accessing our website.

LinkedIn offers the possibility, under https://www.linkedin.com/psettings/guest-controls, to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage advertising settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame that may set cookies. Such cookies may be rejected under https://www.linkedin.com/legal/cookie-policy. The applicable data protection regulations of LinkedIn can be retrieved at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn can be accessed at https://www.linkedin.com/legal/cookie-policy.

11. Data Protection Regulations Regarding the Use and Application of Xing

The controller has integrated components from Xing on this website. Xing is an internet-based social network that allows users to connect with existing business contacts and establish new business contacts. Individual users can create a personal profile on Xing. Companies can create company profiles or publish job offers on Xing, for example.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time an individual retrieval of our website, which is equipped with a Xing component (Xing plugin), is made, the browser used by the affected person is automatically prompted by the Xing component to download a representation of the corresponding Xing component. Further information on Xing plugins can be accessed at https://dev.xing.com/plugins. In the course of this technical procedure, Xing becomes aware of which specific subpage of our website has been visited by the affected person.

If the affected person is simultaneously logged into Xing, Xing recognizes each time our website is accessed by the affected person and during their stay on our website, which specific subpage of our website the affected person is visiting. This information is collected by the Xing component and assigned to the affected person’s Xing account. If the affected person clicks one of the Xing buttons integrated on our website, for example, the “Share” button, Xing assigns this information to the personal Xing user account of the affected person and stores this personal data.

Xing receives information through the Xing component whenever the affected person visits our website if they are logged into Xing at the time; this occurs independently of whether the affected person clicks on the Xing component or not. If the affected person does not wish for such transmission of this information to Xing, they can prevent the transmission by logging out of their Xing account before visiting our website.

The data protection policy published by Xing, accessible at https://www.xing.com/privacy, provides information about the collection, processing, and use of personal data by Xing. Furthermore, Xing has published data protection notices for the XING Share button at https://www.xing.com/app/share?op=data_protection.

12. Data Protection Regulations Regarding the Use and Application of YouTube

The controller has integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and allows other users to view, rate, and comment on these clips free of charge. YouTube permits the publication of all types of videos, which is why full-length films and television shows, as well as music videos, trailers, or user-generated videos are accessible through the internet portal.

The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

By accessing any individual page of this website operated by the controller, on which a YouTube component (YouTube video) is integrated, the internet browser on the information technology system of the affected person is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be accessed at https://www.youtube.com/yt/about/de/. In the course of this technical procedure, YouTube and Google become aware of which specific subpage of our website has been visited by the affected person.

If the affected person is simultaneously logged into YouTube, YouTube recognizes which specific subpage of our website the affected person is visiting when they access a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the affected person.

YouTube and Google receive information through the YouTube component whenever the affected person visits our website, if they are logged into YouTube at the time of accessing our website; this occurs independently of whether the affected person clicks on a YouTube video or not. If the affected person does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account prior to accessing our website.

The data protection policy published by YouTube, accessible at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google.

13. Legal Basis for Processing

Article 6 (1) a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as in the case of processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) b GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures, for example, in the case of inquiries concerning our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the performance of tax obligations, the processing is based on Article 6 (1) c GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case if a visitor were to be injured in our operation and their name, age, health insurance data, or other vital information had to be disclosed to a doctor, a hospital, or other third parties. In this situation, the processing would be based on Article 6 (1) d GDPR. Ultimately, processing operations may be based on Article 6 (1) f GDPR. This legal basis is applicable to processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided the interests, fundamental rights, and freedoms of the data subject do not override such interests. Such processing operations are particularly permitted, as they have been mentioned specifically by the European legislator. He took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 GDPR).

14. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6 (1) f GDPR, our legitimate interest is the conduct of our business in favour of the welfare of all our employees. This legitimate interest is weighed against the interest of the affected persons in accordance with the recital 47 of the GDPR.

15. Duration for Which Personal Data are Stored

The data will be deleted as soon as the purpose for which they were collected ceases to apply or if the consent is withdrawn, provided that there are no legal retention requirements. After the last legal retention requirement has ceased to apply, the data will be deleted.

16. Legal or Contractual Provisions Regarding the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Disclosure

We inform you that the provision of personal data is, in part, legally required (e.g. tax regulations) or may result from contractual arrangements (e.g. information about the contractual partner). Under certain circumstances, it may be necessary for the conclusion of a contract that an affected person provides us with personal data, which subsequently must be processed by us. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide personal data would result in the contract with the affected person not being concluded. Before providing personal data, the affected person must contact one of our employees. Our employee will clarify on a case-by-case basis whether the provision of personal data is legally or contractually required, necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and what consequences non-provision of personal data would have.

17. Existence of Automated Decision-Making

As a responsible company, we waive automated decision-making or profiling.

This privacy policy has been generated by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as an External Data Protection Officer Hamburg, in cooperation with Data Protection Lawyer Christian Solmecke.