Privacy Policy
General part
Opt-Out-Cookie
The Google Analytics - Tracking & Analysis Cookie (with US_Data Transfer) on this site is:
The YouTube tracking & analysis cookie (with US data transfer) on this site is:
Data protection at a glance.
Article 12 of the General Data Protection Regulation requires us to inform you how we process your data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. We want to make a sincere contribution to this and summarize our privacy policy as follows. The details can be found below the summary:
Processing operations | any tools/processing operations used |
Processing operations necessary for the performance of contracts | Contact form, appointment booking portal |
Google Analytics, YouTube | |
Informational use of the website, transient cookies, rights management, external advice if you assert claims | |
Processing operations involving automated decision-making, including profiling | No processing takes place here. |
Target group.
This privacy policy applies to all persons who visit our website. All references to persons refer to both male and female, as well as diverse persons and language forms, and are always to be understood with the suffix “(m/f/d)”.
Person responsible.
The controller within the meaning of Article 4, Paragraph 7 of the GDPR for the processing of personal data of visitors to this website is: BERLIN CHIROPRACTORS, CHAUSSEESTRASSE 88, 10115, BERLIN, GERMANY, Tel. (030) 2887 543, Email: info@berlin-chiropraktoren.de, represented by Laura Groom. References to “we” or “us” refer to the controller described here. We have appointed an external data protection officer, namely the attorney Dr. Stephan Gärtner, who can be reached at dsb@stanhope.de.
Rights of website visitors.
Visitors have several rights with regard to the personal data processed about them under the General Data Protection Regulation. In particular
the right to information about the personal data stored,
the right to rectification of incorrectly stored personal data,
the right to erasure of personal data for which there is no legal basis for further storage,
the right to restrict the processing of stored personal data,
the right to data portability,
the right to complain to the supervisory authority responsible for data protection.
If the requirements for the respective claims are met and we can identify you, we will fulfill your claims promptly.
Processing operations involving automated decision-making (possibly also profiling)
(1) In the last row of the table above (” Data Protection at a Glance “) (” Processing operations involving automated decision-making, possibly also profiling “), we list any tools and/or processing configurations we may use, meaning that we exceptionally carry out a special form of data processing with these tools/processing configurations. In this context, we draw your attention to the following:
A specific form of processing is so-called automated decision-making. These are decisions based exclusively on automated processing that significantly affect you, legally or otherwise (e.g., a decision on the conclusion of a contract). Profiling is any form of automated processing of personal data that evaluates personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, insofar as this produces legal effects concerning the data subject or similarly significantly affects him or her.
Such processing operations are generally prohibited (see Article 22, Paragraph 1, GDPR), although there are exceptions to this prohibition. Where we invoke exceptions, we explain them in our privacy policy for individuals with whom we make contractual decisions, i.e., generally customers and/or suppliers. We refer to this policy.
(2) In principle, such processing operations are As far as we do not list anything in the last line of the table above (“ Data protection at a glance ”) (“ Processing operations in which automated decision-making, possibly also profiling, takes place ”), we do not use this technology on our website.
Data transfer to locations outside the European Union
(1) It is possible that we may transfer and/or have transferred personal data to entities located outside the European Union or at least cannot exclude this (hereinafter: third-country entity). In these cases, we must guarantee, in accordance with Article 44 GDPR, that the level of protection provided by the General Data Protection Regulation is not compromised. As a precautionary measure, we would like to point out that the third-country entity may be both a controller and a processor.
(2) If we refer to a so-called adequacy decision in the following declaration, this means that the third-country entity is located in a country, territory, or specific sector for which the Commission has decided that it offers an adequate level of protection. This guarantee then follows from Article 45 GDPR.
(3) If we refer to the so-called standard contractual clauses in the following declaration, this means that the third-country entity has accepted the so-called EU standard contractual clauses and has thus contractually committed itself to respecting the level of protection provided for by the General Data Protection Regulation. This guarantee then follows from Article 46 (1) and (5) GDPR.
(4) If we refer in the following declaration to the fact that you have consented to the transfer to the third country office, this means that you have been informed of all possible risks associated with such transfers for which there is no adequacy decision or other guarantees, and you have nevertheless consented to the data transfer. This guarantee then follows from Article 49 (1) (a) GDPR. For reasons of transparency, we describe the corresponding risks separately.
(5) We provide this notice only as a precautionary measure. It only applies if we refer to it in the following statement. It is also possible that we do not make use of this provision.
Special constellation: EU standard contractual clauses and third-country entities based in the USA
(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 3, we draw your attention to a special situation. For transfers to third-country entities based in the USA, the possibility of invoking the EU standard contractual clauses is limited. Therefore, if we intend to invoke the EU standard contractual clauses in this context (or already do so), we would like to point out the following:
(2) We will only base the transfer of personal data to US third-country entities on the EU standard contractual clauses if we have previously conducted a thorough review of the relevant circumstances. We will first determine a risk level (type and, in particular, sensitivity of the data concerned, scope of data processing, purpose of data processing, susceptibility to misuse). We will then examine whether the contractual commitments of the US third-country entity and the technical and organizational measures implemented there (e.g., processing of data exclusively in EU-based data centers, encryption technology) sufficiently minimize the previously identified risks. We will only invoke them if we conclude that the EU standard contractual clauses are, exceptionally, also a sufficient guarantee for a US third-country entity.
(3) This notice is provided solely as a precautionary measure. It only applies if we refer to it in the following statement. It is also possible that we do not make use of this provision.
Special situation: Consent to transmission to third country entities based in the USA, including risk information
(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 4, we would like to draw your attention to another special situation. For transfers to third-country entities based in the USA, the ability to rely on the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you grant this consent, we ask you to be aware of the following risks and consider them when deciding whether to consent:
(2) We expressly point out that data transfer to the USA without the protection of an adequacy decision may entail significant risks. In particular, the following risks apply:
1. There is no uniform data protection law in the US, and certainly not one comparable to the data protection law applicable in the EU. This means that both US companies and government agencies have more options to process your personal data, particularly for advertising purposes, profiling, and conducting (criminal) investigations. Our options for taking action against this are significantly limited.
2. The US legislature has granted itself numerous rights of access to your personal data (see, for example, Section 702 of the FISA or EO 12333 in conjunction with PPD-28) that are incompatible with our understanding of the law. In particular, no proportionality review comparable to that in the European Union is carried out before access.
3. Citizens of the European Union cannot expect effective legal protection in the USA.
4. We will generally only ask you for such consent if we have come to the conclusion that the US third-country entity cannot successfully invoke EU standard contractual clauses.
(3) We provide this declaration merely as a precautionary measure. It is only valid if we refer to it in the subsequent declaration. It is also possible that we do not make use of this provision.
Special situation: Consent to transmission to third country entities located in the Russian Federation, including risk information
(1) In addition to the information provided under “Data transfer to entities outside the European Union” – paragraph 4, we would like to draw your attention to another special situation. For transfers to third-country entities based in the Russian Federation, the ability to rely on the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you grant this consent, we ask you to be aware of the following risks and consider them when deciding whether to consent:
(2) We expressly point out that data transfer to the Russian Federation without the protection of an adequacy decision may entail significant risks. In particular, the following risks should be noted:
Although the legislature of the Russian Federation has ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (so-called European Data Protection Convention), there may be implementation deficits.
The legislature of the Russian Federation has granted itself and its investigative authorities rights of access to your personal data that are at least not entirely compatible with our understanding of the law. In particular, no proportionality assessment comparable to that in the European Union is carried out prior to access.
Citizens of the European Union cannot expect the same legal protection in the Russian Federation as in the EU.
We will generally only ask you for such consent if we have come to the conclusion that the third country office in Russia cannot successfully invoke EU standard contractual clauses.
Note on the legal processing obligation.
Only if we refer to Article 6 paragraph 1 sentence 1 letter c GDPR in the following data protection declaration, there is a legal obligation to process data.
Processing operations that are necessary for the performance of contracts (primary legal basis Article 6 paragraph 1 sentence 1 letter b GDPR).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is the establishment, execution and termination of contracts as well as the defense against claims on your part that are directly or indirectly related to the respective contract.
(2) To the extent that the processing is intended to establish, execute, or terminate contracts, Article 6 (1) (b) GDPR is the legal basis for the processing of your personal data. According to this provision, the processing of your personal data is permissible even without your consent if it is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request.
(3) To the extent that the processing is intended to defend against your claims that are directly or indirectly related to the respective contract, Article 6 (1) (f) GDPR also forms the legal basis in addition to Article 6 (1) (b) GDPR. Our legitimate interest in this respect stems from our right to defend ourselves against your claims.
(4) Only if we process your data on this website in your capacity as an applicant or current or former employee is Article 88 GDPR in conjunction with Section 26 Paragraph 1 of the BDSG 2018 the legal basis. According to this provision, the processing of your personal employee data (including your applicant data) is permissible even without your consent if it is necessary for the performance of an employment contract to which you are a party or for the implementation of pre-contractual measures.
(5) To the extent that we refer to Article 6 (1) (f) GDPR, you have the right to object to processing, which, in cases of justified objection, will result in the termination of the processing based on this. And unless we expressly refer to Article 6 (1) (c) GDPR, there is no obligation to process your data.
General information on the storage period for data within the scope of the processing operations described below.
(1) We store the data as long as this is necessary to establish, execute, or if necessary terminate the contract and/or to defend ourselves against claims by you that are directly or indirectly related to the respective contract.
(2) If a contractual relationship is established between us, we will additionally store the data until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence 1 lit. c GDPR in conjunction with Section 147 AO, Section 257 HGB. According to these regulations, some of the above-mentioned data must be retained even beyond the time when the purpose has been achieved. We may therefore be obliged
to retain personal data relating to you arising from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balance sheets, accounting documents, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books, as well as the work instructions and other organizational documents necessary for their understanding, for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB),
Data about you that arises from received commercial or business letters, from the reproduction of received commercial or business letters and from other documents that are relevant for taxation must be retained for six years, whereby the retention period usually begins at the end of the calendar year in which the relevant document was created (Article 6 paragraph 1 sentence 1 letter c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB).
(3) If we process your data in your capacity as an applicant on this website, we generally store the data until a final decision has been made on your application and
in the event of cancellation for a further six months after the cancellation, whereby the legal basis for the six-month storage is Article 6 paragraph 1 sentence 1 letter f GDPR and our legitimate interest follows from the right to defend ourselves against complaints under the AGG (cf. Section 15 paragraph 4 AGG),
in the event that we ask you whether you would like to be included in our applicant pool and you confirm this, until the time of revocation of your consent, whereby the legal basis for this storage is your consent in accordance with Article 88 GDPR in conjunction with Section 26 Paragraph 2 BDSG2018.
In the cases referred to in paragraph 3, numbers 1 and 2, we only reserve the right to store data; however, this data protection declaration does not create an obligation to retain data.
(4) To the extent that we refer to Article 6 (1) (f) GDPR, you have the right to object to processing, which, in cases of justified objection, will result in the termination of the processing based on this. And unless we expressly refer to Article 6 (1) (c) GDPR, there is no obligation to process your data.
Contact form.
(1) We would like to briefly describe this processing procedure: We provide you with a contact form on this website. We will receive, review, and use the data processed through this form to respond to you if necessary.
(2) We generally process the following data from you:
the contact details you entered,
the communication data.
Appointment booking.
(1) We would like to briefly describe this processing procedure: On our website, you have the option of booking an appointment with us. For this purpose, we use the appointment booking tool provided by CompuGroup Medical Deutschland AG, Maria Trost 21, 56070 Koblenz. Further information can be found at http://www.cgm.com/de/impressum_de/impressum.de.jsp and http://www.cgm.com/de/datenschutz_de/Datenschutzerklaerung.de.jsp. We process all of your data necessary to initiate, execute, and terminate the respective contract.
(2) In doing so, we generally process the following data from you: (1) the contact details you have entered, (2) the data about the appointment itself and (3) data about actions that serve to make inquiries and assert rights.
(3) In addition, if you book an appointment with us to execute a contract (free of charge or for a fee), we will inform you of the following:
We may inform you about our services at regular or irregular intervals (promotional emails, customer satisfaction surveys and similar) and use your email address and/or your address for this purpose.
The legal basis for this separate processing is Article 6 (1) (f) GDPR, which states that processing is permissible to protect our legitimate interests, unless your interests or fundamental rights and freedoms that require the protection of personal data override them. We derive our legitimate interest from Recital 47 of the GDPR, which states, among other things: ” The processing of personal data for direct marketing purposes can be considered processing serving a legitimate interest.” Given that we have a business relationship, contacting you for advertising purposes is in our legitimate interest.
You have the option to object to the use of your data for advertising purposes at any time by sending an informal notification, for example, to the contact details provided above (“Who are we?”), without incurring any costs other than the transmission costs according to the basic rates. Upon your objection, processing for these purposes will cease. Unless there is another reason for retention, we will then delete the data.
Processing operations for which your consent is required (legal basis Article 6 paragraph 1 sentence 1 letter a GDPR).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is described separately for each tool.
(2) The legal basis for the respective data processing is your consent in accordance with Article 6, paragraph 1, sentence 1, letter a of the GDPR. According to this provision, the processing of your personal data is permissible if you have given your consent to the processing of the personal data concerning you for one or more specific purposes.
General information on the storage period for data within the scope of the processing operations described below.
(1) We will store the data until you revoke your consent.
(2) If, following processing based on your consent, a contractual relationship is established between us, we may additionally store some of your data until the expiry of our statutory retention periods. The legal basis for this is Article 6 (1) (c) GDPR in conjunction with Section 147 AO, Section 257 HGB. According to these provisions, some of the above-mentioned data must be retained even beyond the time when the purpose has been achieved. We may therefore be obliged
to retain your personal data arising from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balance sheets, accounting documents, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organizational documents necessary for their understanding for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB),
Data about you that arises from received commercial or business letters, from the reproduction of received commercial or business letters and from other documents that are relevant for taxation must be retained for six years, whereby the retention period usually begins at the end of the calendar year in which the relevant document was created (Article 6 paragraph 1 sentence 1 letter c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB).
Note on the legal basis “consent”.
(1) If we obtain your consent for processing, you have the right to revoke this consent at any time with future effect. This is generally possible by sending us an informal message (see “Controller” above).
(2) We would also like to point out that we process further personal data of yours in the context of obtaining your consent. These include, on the one hand, identity details (such as your name, email address, IP address) and, on the other hand, log data relating to the consent (time of consent, status of consent, scope of consent). We base this data processing on Article 6 (1) (c) GDPR in conjunction with Article 7 (1) GDPR. The purpose is the need to prove that you have given your consent.
(3) We will store the identity details and log data relating to your consent until the end of the third calendar year following the year in which you revoke your consent. The legal basis for this retention is Article 6 (1) (f) GDPR, whereby our legitimate interest arises from the fact that we must be able to prove, within the relevant civil law limitation period, that you have consented and to what extent.
Data processing when using Google Analytics.
(1) To analyze your user behavior on our website, we use the following service provider with the tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: The tool uses so-called “cookies.” These are text files that are stored on your computer and that enable an analysis of your use of the website. The provider will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. You can find this provider’s privacy policy here: https://policies.google.com/privacy?fg=1 .
(2) The purpose can be described as follows: We use this tool to analyze and regularly improve the use of our website. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. Further information on the processing methods used by this provider can be found here: https://marketingplatform.google.com/intl/de/about/analytics/ .
(3) We generally process the following data from you: This tool uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated in this way about your use of the website is usually transferred to a server of the provider in the USA and stored there. However, your IP address will be shortened beforehand by the provider within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server of the provider in the USA and shortened there. The IP address transmitted by your browser when using this tool will not be merged with other data by the provider. We also use this tool for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”. For your information, please note that we use this tool with the extension “_anonymizeIp().” This means that IP addresses are processed in a shortened form, thus preventing any personal reference. If the data collected about you is personally identifiable, this will be immediately excluded and the personal data will be deleted immediately.
(3) The data processing operations are also not precluded by the fact that the data may be processed outside the European Union by the provider, possibly in cooperation with Google LLC. This is because you have consented to this in accordance with Article 49 (1) (a) GDPR.
Data processing when using YouTube (with your own channel)
(1) We use the aforementioned video platform or video portal on our website. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The provider’s privacy policy can be found here: https://policies.google.com/privacy?fg=1 .
(2) We would like to briefly describe this processing procedure: Plug-ins from the video portal YouTube are integrated into our website. Every time you visit a page that offers one or more YouTube video clips, a direct connection is established between your browser and a YouTube server. These videos are all integrated in “extended data protection mode”. No data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in paragraph 3 is only transferred when you play the videos. We have no influence on this data transfer. If you use a Google account and do not want this to be associated with your YouTube profile, you must log out before activating the button.
(3) We generally process the following data from you: When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or tailoring its website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right you must contact YouTube. Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy .
(4) We also maintain a company page with this provider. If you interact with this company page, there is a possibility that the provider will process your data as described in paragraph 3.
(5) The data processing operations are also not precluded by the fact that the data may be processed outside the European Union by the provider, possibly in cooperation with Google LLC. This is because you have consented to this in accordance with Article 49 (1) (a) GDPR.
Processing operations that are in our legitimate interest (legal basis Article 6 paragraph 1 sentence 1 letter f GDPR).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is described separately for each tool. It is the primary justification for our legitimate interest in the processing.
(2) The legal basis for the respective data processing is Article 6 (1) (f) GDPR. According to this provision, the processing of your personal data is permissible even without your consent if it is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data override these interests.
General information on the storage period for data within the scope of the processing operations described below.
(1) We store the data until our purpose no longer applies, which is always the case if you have raised a justified objection (see “Note on the right of objection.”).
(2) Should a contractual relationship be established between us following processing based on legitimate interest, we will additionally store the data until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence 1 lit. c GDPR in conjunction with Section 147 AO, Section 257 HGB. According to these regulations, some of the above-mentioned data must be retained even beyond the time when the purpose has been achieved. We may therefore be obliged
to retain your personal data arising from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balance sheets, accounting documents, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organizational documents necessary for their understanding for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB),
Data about you that arises from received commercial or business letters, from the reproduction of received commercial or business letters and from other documents that are relevant for taxation must be retained for six years, whereby the retention period usually begins at the end of the calendar year in which the relevant document was created (Article 6 paragraph 1 sentence 1 letter c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB).
Note on the right of objection.
(1) To the extent that we base data processing in the following privacy policy on Article 6, paragraph 1, sentence 1, letter f of the GDPR, i.e., on a legitimate interest in processing, you always have the right to object to the processing. This is generally possible by sending us an informal message (see “Controller” above). If the objection is justified, we will discontinue processing.
(2) If the legitimate interest is based on the interest in direct advertising or advertising, your objection is always justified, provided you have been identified.
Informational use of the website.
(1) If you use our website purely for information purposes, i.e., if you neither register as a user nor otherwise provide information, we collect the following data from you: IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request originated, browser, operating system and its interface, language and version of the browser software. We receive this data via cookies and directly from your browser.
(2) The purpose of this processing is to provide our website and for statistical evaluation.
Transient cookies.
(1) We would like to briefly describe this processing procedure: We use so-called transient cookies on our website. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from the visitor’s browser to the shared session. This allows the visitor’s computer to be recognized when the visitor returns to your website.
(2) The purpose, from which our legitimate interest also follows, can be described as follows: The cookies serve to display and use the website in a way that is appropriate for you.
(3) We generally process the following data from you: Session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Rights management.
(1) You have certain rights with respect to us (see General Section, Rights of Website Visitors). If you assert these rights with respect to us, we will process the associated contact, communication, and transaction data.
(2) We process your data as follows:
We accept your request.
We will review your request.
If justified, we will comply with your request.
We store the data associated with this.
(3) While the processing within the meaning of paragraph 2 numbers 1 to 3 is justified by Article 6 paragraph 1 sentence 1 letter c GDPR (we are generally obliged to process your requests under the GDPR), the purpose of storage (paragraph 2 number 4) is to save the data so that we can later defend ourselves against claims from you. This is also our legitimate interest. We store your data until the end of the third calendar year following your request/input (cf. Article 6 paragraph 1 sentence 1 letter f GDPR in conjunction with Sections 193 and 195 of the German Civil Code).
External advice if you make claims.
(1) You have certain rights with respect to us (see General Section, Rights of Website Visitors). If you assert your rights with respect to us, we will transmit your data to external consultants who are either bound to confidentiality by us or who are bound to secrecy by professional law.
(2) The purpose of the processing is to obtain expert advice in order to address your concerns in a legally compliant manner. This is in both our and your legitimate interest.
Verarbeitungsvorgänge, die unserem berechtigten Interesse liegen (Rechtsgrundlage Artikel 6 Absatz 1 Satz 1 lit. f DSGVO).
Allgemeine Hinweise zu Zweck und Rechtsgrundlage der nachfolgend beschriebenen Verarbeitungsvorgänge.
(1) Der Zweck der nachfolgend beschriebenen Verarbeitungsvorgänge ist bei jedem Tool gesondert beschrieben. Er ist maßgebliche Begründung für unser berechtigtes Interesse an der Verarbeitung.
(2) Rechtsgrundlage für die jeweilige Datenverarbeitung ist Artikel 6 Absatz 1 Satz 1 lit. f DSGVO. Nach dieser Vorschrift ist die Verarbeitung Ihrer personenbezogenen Daten auch ohne Ihre Einwilligung zulässig, wenn sie zur Wahrung unserer berechtigten Interessen oder eines Dritten erforderlich ist, sofern nicht Ihre Interessen oder Grundrechte und Grundfreiheiten, die den Schutz personenbezogener Daten erfordern, überwiegen.
Allgemeine Hinweise zur Speicherungsdauer bzgl. der Daten im Rahmen der nachfolgend beschriebenen Verarbeitungsvorgänge.
(1) Wir speichern die Daten, bis unser Zweck weggefallen ist, was stets der Fall ist, wenn Sie einen begründeten Widerspruch erhoben haben (vgl. „Hinweis zum Widerspruchsrecht.“).
(2) Sollte sich im Anschluss an eine Verarbeitung, die auf das berechtigte Interesse gestützt wird, zwischen uns ein Vertragsverhältnis zustande kommen, speichern wir die Daten ergänzend bis zum Ablauf unserer gesetzlichen Aufbewahrungsfristen. Rechtsgrundlage hierfür ist Artikel 6 Absatz 1 Satz 1 lit. c DSGVO i.V.m. § 147 AO, § 257 HGB. Nach diesen Vorschriften sind einige der o.g. Daten auch über den Zeitpunkt der Zweckerreichung hinaus aufzubewahren. So sind wir ggf. verpflichtet,
Daten zu Ihrer Person, die sich aus Büchern und Aufzeichnungen, Inventaren, Jahresabschlüssen, Einzelabschlüssen nach § 325 Abs. 2a HGB, Konzernabschlüssen, Lageberichten und Konzernlageberichten, Eröffnungsbilanzen, Buchungsbelegen, Unterlagen nach Artikel 15 Absatz 1 und Artikel 163 des Zollkodex der Union, Handelsbüchern sowie die zu ihrem Verständnis erforderlichen Arbeitsanweisungen und sonstigen Organisationsunterlagen ergeben, für zehn Jahre aufzubewahren, wobei die Aufbewahrungsfrist i.d.R. mit dem Schluss des Kalenderjahrs beginnt, in dem das maßgebliche Dokument entstanden ist (Artikel 6 Absatz 1 Satz 1 lit. c DSGVO i.V.m. § 147 AO bzw. i.V.m. § 257 HGB),
Daten zu Ihrer Person, die sich aus empfangenen Handels- oder Geschäftsbriefen, aus der Wiedergabe der empfangenen Handels- oder Geschäftsbriefe sowie aus sonstigen Unterlagen, die für die Besteuerung von Bedeutung sind, für sechs Jahre aufzubewahren, wobei die Aufbewahrungsfrist i.d.R. mit dem Schluss des Kalenderjahrs beginnt, in dem das maßgebliche Dokument entstanden ist (Artikel 6 Absatz 1 Satz 1 lit. c DSGVO i.V.m. § 147 AO bzw. i.V.m. § 257 HGB).
Hinweis zum Widerspruchsrecht.
(1) Soweit wir in der nachfolgenden Datenschutzerklärung eine Datenverarbeitung auf Artikel 6 Absatz 1 Satz 1 lit. f DSGVO, also auf ein berechtigtes Interesse an der Verarbeitung, stützen, haben Sie stets das Recht, der Verarbeitung zu widersprechen. In der Regel ist dies durch formlose Nachricht an uns (vgl. oben „Verantwortlicher.“) möglich. Sofern der Widerspruch begründet ist, werden wir die Verarbeitung einstellen.
(2) Wenn das berechtigte Interesse auf dem Interesse an Direktwerbung bzw. werblicher Ansprache beruht, ist Ihr Widerspruch, soweit Sie identifiziert sind, stets begründet.
Informatorische Nutzung der Internetseite.
(1) Wenn Sie unsere Internetseite rein informatorisch nutzen, also wenn Sie sich als Nutzer weder registrieren noch anderweitig Informationen übermitteln, erheben wir folgende Daten von Ihnen: IP-Adresse, Datum und Uhrzeit der Anfrage, Zeitzonendifferenz zur Greenwich Mean Time (GMT), Inhalt der Anforderung (konkrete Seite), Zugriffsstatus/HTTP-Statuscode, jeweils übertragene Datenmenge , Website, von der die Anforderung kommt, Browser, Betriebssystem und dessen Oberfläche, Sprache und Version der Browsersoftware. Wir erhalten diese Daten über Cookies und direkt von Ihrem Browser.
(2) Zweck dieser Verarbeitung ist die Bereitstellung unserer Internetseite sowie die statistische Auswertung.
Transiente Cookies.
(1) Gern beschreiben wir diesen Verarbeitungsvorgang kurz: Wir setzen auf unserer Internetseite sog. transiente Cookies ein. Dazu zählen insbesondere die Session-Cookies. Diese speichern eine sogenannte Session-ID, mit welcher sich verschiedene Anfragen des Besucher-Browsers der gemeinsamen Sitzung zuordnen lassen. Dadurch kann der Besucher-Rechner wiedererkannt werden, wenn der Besucher auf Ihre Website zurückkehrt.
(2) Der Zweck, aus dem auch unser berechtigtes Interesse folgt, kann wie folgt beschrieben werden: Die Cookies dienen der für Sie passenden Darstellung und Nutzung der Internetseite.
(3) Hierbei verarbeiten wir in der Regel folgende Daten von Ihnen: Session-Cookies. Diese speichern eine sogenannte Session-ID, mit welcher sich verschiedene Anfragen Ihres Browsers der gemeinsamen Sitzung zuordnen lassen. Dadurch kann Ihr Rechner wiedererkannt werden, wenn Sie auf unsere Website zurückkehren. Die Session-Cookies werden gelöscht, wenn Sie sich ausloggen oder den Browser schließen.
Rechtemanagement.
(1) Sie haben uns gegenüber einige Rechte (vgl. Allgemeiner Teil, Rechte der Besucher der Internetseite). Sofern Sie Rechte uns gegenüber geltend machen, verarbeiten wir die hiermit verbundenen Kontakt-, Kommunikations- und Vorgangsdaten.
(2) Wir verarbeiten Ihre Daten wie folgt:
Wir nehmen Ihr Anliegen entgegen.
Wir prüfen Ihr Anliegen.
Sofern begründet, kommen wir Ihrem Anliegen nach.
Wir speichern die hiermit verbundenen Daten.
(3) Während die Verarbeitung i.S.v. Absatz 2 Ziffern 1 bis 3 durch Artikel 6 Absatz 1 Satz 1 lit. c DSGVO gerechtfertigt ist (wir sind zur Bearbeitung Ihrer Anliegen i.d.R. aus der DSGVO heraus verpflichtet), liegt der Zweck der Speicherung (Absatz 2 Ziffer 4) darin, dass wir die Daten speichern, um uns später gegen Ansprüche Ihrerseits verteidigen zu können. Darin liegt auch unser berechtigtes Interesse. Wir speichern Ihre Daten bis zum Ablauf des dritten Kalenderjahre, das auf Ihre Anfrage/Eingabe folgt (vgl. Artikel 6 Absatz 1 Satz 1 lit. f DSGVO i.V.m. §§ 193, 195 BGB).
Externe Beratung, sofern Sie Ansprüche geltend machen.
(1) Sie haben uns gegenüber einige Rechte (vgl. Allgemeiner Teil, Rechte der Besucher der Internetseite). Sofern Sie Rechte uns gegenüber geltend machen, übermitteln wir Ihre Daten an externe Berater, die wir entweder zur Verschwiegenheit verpflichtet haben oder die qua Berufsrecht zum Schweigen verpflichtet sind.
(2) Zweck der Verarbeitung ist, dass wir uns fachkundigen Rat einholen, um Ihre Anliegen rechtskonform zu bearbeiten. Das liegt sowohl in unserem als auch in Ihrem berechtigten Interesse.