Privacy Policy

General part

Opt-Out-Cookie

The Google Analytics - Tracking & Analysis Cookie (with US_Data Transfer) on this site is:

The YouTube tracking & analysis cookie (with US data transfer) on this site is:

Data protection at a glance.

Article 12 of the General Data Protection Regulation requires us to inform you how we process your data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. We want to make a sincere contribution to this and summarize our privacy policy as follows. The details can be found below the summary:

Processing operations

any tools/processing operations used

Processing operations necessary for the performance of contracts

Contact form, appointment booking portal

Processing operations for which your consent is required

Google Analytics, YouTube

Processing operations that are in our legitimate interest

Informational use of the website, transient cookies, rights management, external advice if you assert claims

Processing operations involving automated decision-making, including profiling

No processing takes place here.

Target group.

This privacy policy applies to all persons who visit our website. All references to persons refer to both male and female, as well as diverse persons and language forms, and are always to be understood with the suffix “(m/f/d)”.

Person responsible.

The controller within the meaning of Article 4, Paragraph 7 of the GDPR for the processing of personal data of visitors to this website is: BERLIN CHIROPRACTORS, CHAUSSEESTRASSE 88, 10115, BERLIN, GERMANY, Tel. (030) 2887 543, Email: info@berlin-chiropraktoren.de, represented by Laura Groom. References to “we” or “us” refer to the controller described here. We have appointed an external data protection officer, namely the attorney Dr. Stephan Gärtner, who can be reached at dsb@stanhope.de.

Rights of website visitors.

Visitors have several rights with regard to the personal data processed about them under the General Data Protection Regulation. In particular

  • the right to information about the personal data stored,

  • the right to rectification of incorrectly stored personal data,

  • the right to erasure of personal data for which there is no legal basis for further storage,

  • the right to restrict the processing of stored personal data,

  • the right to data portability,

  • the right to complain to the supervisory authority responsible for data protection.

If the requirements for the respective claims are met and we can identify you, we will fulfill your claims promptly.

Processing operations involving automated decision-making (possibly also profiling)

(1) In the last row of the table above (” Data Protection at a Glance “) (” Processing operations involving automated decision-making, possibly also profiling “), we list any tools and/or processing configurations we may use, meaning that we exceptionally carry out a special form of data processing with these tools/processing configurations. In this context, we draw your attention to the following:

  1. A specific form of processing is so-called automated decision-making. These are decisions based exclusively on automated processing that significantly affect you, legally or otherwise (e.g., a decision on the conclusion of a contract). Profiling is any form of automated processing of personal data that evaluates personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, insofar as this produces legal effects concerning the data subject or similarly significantly affects him or her.

  2. Such processing operations are generally prohibited (see Article 22, Paragraph 1, GDPR), although there are exceptions to this prohibition. Where we invoke exceptions, we explain them in our privacy policy for individuals with whom we make contractual decisions, i.e., generally customers and/or suppliers. We refer to this policy.

(2) In principle, such processing operations are As far as we do not list anything in the last line of the table above (“ Data protection at a glance ”) (“ Processing operations in which automated decision-making, possibly also profiling, takes place ”), we do not use this technology on our website.

Data transfer to locations outside the European Union

(1) It is possible that we may transfer and/or have transferred personal data to entities located outside the European Union or at least cannot exclude this (hereinafter: third-country entity). In these cases, we must guarantee, in accordance with Article 44 GDPR, that the level of protection provided by the General Data Protection Regulation is not compromised. As a precautionary measure, we would like to point out that the third-country entity may be both a controller and a processor.

(2) If we refer to a so-called adequacy decision in the following declaration, this means that the third-country entity is located in a country, territory, or specific sector for which the Commission has decided that it offers an adequate level of protection. This guarantee then follows from Article 45 GDPR.

(3) If we refer to the so-called standard contractual clauses in the following declaration, this means that the third-country entity has accepted the so-called EU standard contractual clauses and has thus contractually committed itself to respecting the level of protection provided for by the General Data Protection Regulation. This guarantee then follows from Article 46 (1) and (5) GDPR.

(4) If we refer in the following declaration to the fact that you have consented to the transfer to the third country office, this means that you have been informed of all possible risks associated with such transfers for which there is no adequacy decision or other guarantees, and you have nevertheless consented to the data transfer. This guarantee then follows from Article 49 (1) (a) GDPR. For reasons of transparency, we describe the corresponding risks separately.

(5) We provide this notice only as a precautionary measure. It only applies if we refer to it in the following statement. It is also possible that we do not make use of this provision.

Special constellation: EU standard contractual clauses and third-country entities based in the USA

(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 3, we draw your attention to a special situation. For transfers to third-country entities based in the USA, the possibility of invoking the EU standard contractual clauses is limited. Therefore, if we intend to invoke the EU standard contractual clauses in this context (or already do so), we would like to point out the following:

(2) We will only base the transfer of personal data to US third-country entities on the EU standard contractual clauses if we have previously conducted a thorough review of the relevant circumstances. We will first determine a risk level (type and, in particular, sensitivity of the data concerned, scope of data processing, purpose of data processing, susceptibility to misuse). We will then examine whether the contractual commitments of the US third-country entity and the technical and organizational measures implemented there (e.g., processing of data exclusively in EU-based data centers, encryption technology) sufficiently minimize the previously identified risks. We will only invoke them if we conclude that the EU standard contractual clauses are, exceptionally, also a sufficient guarantee for a US third-country entity.

(3) This notice is provided solely as a precautionary measure. It only applies if we refer to it in the following statement. It is also possible that we do not make use of this provision.

Special situation: Consent to transmission to third country entities based in the USA, including risk information

(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 4, we would like to draw your attention to another special situation. For transfers to third-country entities based in the USA, the ability to rely on the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you grant this consent, we ask you to be aware of the following risks and consider them when deciding whether to consent:

(2) We expressly point out that data transfer to the USA without the protection of an adequacy decision may entail significant risks. In particular, the following risks apply:

1. There is no uniform data protection law in the US, and certainly not one comparable to the data protection law applicable in the EU. This means that both US companies and government agencies have more options to process your personal data, particularly for advertising purposes, profiling, and conducting (criminal) investigations. Our options for taking action against this are significantly limited.

2. The US legislature has granted itself numerous rights of access to your personal data (see, for example, Section 702 of the FISA or EO 12333 in conjunction with PPD-28) that are incompatible with our understanding of the law. In particular, no proportionality review comparable to that in the European Union is carried out before access.

3. Citizens of the European Union cannot expect effective legal protection in the USA.

4. We will generally only ask you for such consent if we have come to the conclusion that the US third-country entity cannot successfully invoke EU standard contractual clauses.

(3) We provide this declaration merely as a precautionary measure. It is only valid if we refer to it in the subsequent declaration. It is also possible that we do not make use of this provision.

Special situation: Consent to transmission to third country entities located in the Russian Federation, including risk information

(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 4, we would like to draw your attention to another special situation. For transfers to third-country entities based in the Russian Federation, the ability to rely on the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you grant this consent, we ask you to be aware of the following risks and consider them when deciding whether to consent:

(2) We expressly point out that data transfer to the Russian Federation without the protection of an adequacy decision may entail significant risks. In particular, the following risks should be noted:

  1. Although the legislature of the Russian Federation has ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (so-called European Data Protection Convention), there may be implementation deficits.

  2. The legislature of the Russian Federation has granted itself and its investigative authorities rights of access to your personal data that are at least not entirely compatible with our understanding of the law. In particular, no proportionality assessment comparable to that in the European Union is carried out prior to access.

  3. Citizens of the European Union cannot expect the same legal protection in the Russian Federation as in the EU.

  4. We will generally only ask you for such consent if we have come to the conclusion that the third country office in Russia cannot successfully invoke EU standard contractual clauses.

Note on the legal processing obligation.

Only if we refer to Article 6 paragraph 1 sentence 1 letter c GDPR in the following data protection declaration, there is a legal obligation to process data.

Scroll to Top