Data Privacy Notice
Data Privacy Notice – Gezeiten Haus Gruppe GmbH
In the following, we wish to provide you with information on how we, Gezeiten Haus Gruppe GmbH, (hereinafter “us” or “we” or “Controller) handle your personal data when you use our Website, contact form or newsletter.
2. Controller of the Processing of Personal Data and Data Protection Officer
Gezeiten Haus Gruppe GmbH
Urfelder Str. 221
Tel.: 02236/39 39-0
Fax.: 02236/ 39 39-199
Data Protection Officer
Ms Jana Lorenz
3.1 General Data Protection Regulation - GDPR
The GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Recipient means a natural or legal person, public authority, agency or any another body, to which the personal data are disclosed, whether a third party or not. However, public authorities, which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law, shall not be regarded as recipients; the processing of data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
3.3 Personal Data
Personal Data means any information relating to a Data Subject (article 4 paragraph 1 GDPR).
3.4 Data Processing
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 paragraph 2 GDPR).
According to article 4 paragraph 7 GDPR, Controller means that it determines the purposes and means of the processing of Personal Data alone or jointly with others.
II. Purposes and Legal Basis of the Data Processing
1. Processing of personal data when visiting our website and as part of marketing measures on third-party websites and in social networks
When you call up our Website, your browser will transfer certain data to our web server. This is done for technical reasons and required to make the requested information available to you. To facilitate your access to the Website, the following data are collected, briefly stored and used:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific site)
- Status of access/HTTP status code
- Transferred volume of data
- Website requesting access
- Browser, language settings, version of browser software operating system and surface
Moreover, to protect our legitimate interests, we will store such data for a limited period of time in order to be able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers. We are allowed to process your personal data pursuant to Art. 6 (1) (f) GDPR.
This Website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.
In view of the importance of data privacy, and our obligations of transparency, we provide information below about cookies, how we use them on our website and what options you have if, despite the benefits they bring, you prefer to disable them. We will assume you agree to accept the cookies that we use on our website if you do not disable or opt out of them as described below.
When trying to understand cookies, and how to control them, it can help to know some terminology:
- Cookies installed on your device by the organization running the website you are visiting are known as “first party” cookies.
- Cookies installed on your device via the website you are visiting by another organization are termed “third party” cookies. An example is a cookie set by a specialist website analytics company that provides the website owner with data on the numbers of people visiting its website.
- So-called “persistent cookies” remain on your device even after you close your internet browser. They are activated each time you visit the website that created that particular cookie. For example, where a "persistent cookie" is used on a website to remember your login details, you will not need to enter those details each time you visit that website.
- Session cookies, by contrast, are temporary and are typically used to enable the website to operate, e.g. by permitting a user to move from page to page without having to log in again. Once you close your browser, all session cookies are deleted.
- "Flash cookies" are installed from websites that contain media (e.g. video clips). This requires specific software. This allows content to be downloaded and information to be stored faster, e.g. that the content has been accessed from your device.
1.1.2 Cookies we use
To enhance user experience, this website uses ‘persistent’ and ‘session’ cookies for the purposes described below. These cookies are generally ‘first party’ cookies, but may also be ‘third party’ cookies.
(1) Website functionality
Cookies that are essential for our website to function technically or which provide a service or option that you have requested. For example, a cookie that “remembers” your authentication details so you can remain logged into secure internet banking facilities, or a cookie that remembers the country or language you have selected.
(2) Website performance analysis
Cookies that help us improve our website by providing us with aggregate statistics on how many users visit it, which parts of the site are viewed the most, and the city or regional location of those users. These may be installed by a third party analytics provider under a contract with us.
(3) Tracking and Targeting Cookies
We may also use this information for the purposes of our advertising campaigns on third party websites. In that case, we may also receive information about the websites of our marketing partners on which you saw our advertisements. Similarly, third parties may display their advertisements on our website and they may become aware that you have visited our website.
1.1.3 How to control cookies – Opt Out
We are permitted to process data in this context by law Art. 6 (1) (f) GDPR. We store this data until the cookie in question expires or until you delete it.
Any further processing of personal data using cookies is outlined in the relevant sections within this information.
1.2 Web Analytics
1.2.1 Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
(2) The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you includes a personal reference, this will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR.
(6) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms & conditions: http://www.google.com/analytics/terms/de.html
Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html,
1.2.2 Google Analytics Remarketing
(1) Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google (see sections 1.2.3). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
(2) This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on a terminal device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
(3) If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. This way, the same personalized advertising messages can be delivered to every device you sign in to with your Google Account. To support this feature, Google Analytics collects Google authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by disabling personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.
(4) The summary of the data collected in your Google Account is exclusively based on your consent, which you can submit or revoke to Google (Art. 6 (1) (a) GDPR). For data collection operations that are not aggregated in your Google Account (e.g. because you do not have a Google Account or have opposed the aggregation), the collection of data is based on Article 6 (1) (f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in anonymous analysis of website visitors for advertising purposes.
(5) This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time from the display settings in your Google Account or opt-out of the collection of your data by Google Analytics as described in "Opt-out of data collection".
(6) You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set which prevents the collection of your data on future visits to this website: Disable Google Analytics.
1.2.3 Google AdWords
(1) Our website uses the Google AdWords service. Google AdWords is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use the remarketing function within the Google AdWords service. The remarketing function enables us to present advertisements based on their interests to users of our website on other websites within the Google display network (on Google itself, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores a number in the browsers of users who visit certain Google services or websites on the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular computer and not to identify a person.
(3) Furthermore, we use the so-called Conversion Tracking when using the Google AdWords service. When you click on an advertisement served by Google, a conversion tracking cookie is placed on your computer or device. These cookies lose their validity after 30 days, and will only be used for personal identification. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking.
(5) We process your personal data based on our legitimate interest in playing off product recommendations and carrying out marketing measures pursuant to Art. 6 (1) (f) GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
1.2.4 Google ReCAPTCHA
(1) This website uses Google ReCAPTCHA (“ReCAPTCHA”).The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
(2) With ReCAPTCHA it should be checked whether the data input on our websites (e.g. in a contact form) is done by a human being or by an automated program. ReCAPTCHA analyzes the behavior of the web site visitor on the basis different characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis ReCAPTCHA evaluates various information (e.g. IP address, duration time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
(3) The ReCAPTCHA analyzes completely runs in the background. Visitors of our website are not informed that an analysis is taking place.
(4) The legal basis for the processing of your data is Art. 6 (1) (f) GDPR. As a website host, we have a legitimate interest in protecting our websites from abusive automated spying and spamming.
1.3 Links to social media websites
On our website you will find links to social media networks such as Facebook and Twitter. These are not plugins provided by the provider Facebook or Twitter, which already transmit data to the provider when the page is loaded without the users having any influence. Behind the buttons to the social media networks there is only a link to the social media network including the transfer of the website to be shared. No user data is transmitted from the website to the social media network. If you are already logged in to the relevant social media service at the time you click the button, the sharing dialog will detect this so that you can share the content directly. If this is not the case, you will be asked to log in to the social media network. From this point on you will be on the website of the respective social media network. Information on data processing of the respective providers can be found below.
1.4 Integration of Youtube, Vimeo, Google Maps, Google Fonts, Ajax and jQuery
(1) We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. The videos are all integrated in the "extended data protection mode". That means, no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos the data mentioned in paragraph 2 will be transmitted. We have no influence on this data transmission.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under II. 1. of this declaration will be transmitted. Regardless, whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; however you must contact YouTube to exercise this right.
(1) Our website uses plug-ins from Vimeo.com, which is operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. If you visit such a plugin on our website, a connection to the Vimeo servers is built and the plug-in is displayed on the website by notifying your browser. This will transmit to the Vimeo server which of our web pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user accounts on these platforms. When using these plug-ins, such as clicking/starting a video or sending a comment, this information is assigned to your e.g. Vimeo user account, which you can only prevent by logging out before using the plug-in.
(2) Information on the collection and use of data by the above-mentioned platform or plug-ins can be found in the data protection information of Vimeo: http://vimeo.com/privacy.
1.4.3 Integration of Google Maps
(1) Our website uses the Google Maps service. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
(2) By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under II. 1. of this declaration will be transmitted. Regardless whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
1.4.4 Usage of Ajay and iQuery
(1) Our website uses Ajax and jQuery technologies to optimize loading speeds. Therefore, program libraries are called up from Google servers. The CDN (Content delivery network) from Google is used. If you have used jQuery on another page of the Google CDN before, your browser will use the cached copy. If this is not the case, it requires a download, whereby data from your browser is sent to Google Inc. ("Google").
(2) The use of Google Ajax and jQuery is in the interest of a uniform and appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
(3) For more information please visit: https://developers.google.com/speed/libraries/#jquery and http://www.google.de/intl/de/policies/privacy. Your data will be transferred to the USA. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
1.4.5 Google Fonts
(1) This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly.
(2) To do this, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is automatically used by your computer.
2. Contact Form
You can contact us directly via the contact forms available on our Website. In particular, you have to provide us with the following information:
- First and last name,
- Phone number,
- E-Mail address
In addition you can provide the following information voluntarily:
- Type of insurance,
- Callback request,
We collect, process and use the information provided by you via the contact forms exclusively for the processing of your specific request. Data processing is therefore justified in accordance with Art. 6 (1) (f) GDPR. If contact by email is aimed to concluding a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.
3. Email Requests
You can contact us via email. If you send us an email, we collect, store and process the following data:
- First and last names,
- e-mail address and
- the content of your message
The data processing will only take place to the extent necessary for the response of your request and for the correspondence with you.
The legal basis for email inquiries is set out in Art. 6 (1) (f) GDPR. If contact by email is aimed to concluding a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.
The collected data is solely used for the purpose of responding to your request.
The data will only be stored until we have fully answered your request to your satisfaction and the process has been completed and there are no legal storage obligations to the contrary.
4. Information Email & Newsletter
With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers and product innovations. The advertised goods and services are named in the letter of consent.
For subscription to our newsletter we use the so-called double opt-in procedure. After you have subscribed to the newsletter on our website, we will send you a message to the indicated email address asking for your confirmation. If you do not confirm your subscription within [24 hours], your information will be locked and will automatically be deleted within a month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
For the dispatch of the newsletter we need only your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) (a) GDPR.
You can withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail, or by sending an e-mail to Newsletter@gezeitenhaus.de or by sending a message to the contact details given in the imprint.
You have the possibility to write a guestbook entry on our website. For this purpose, we collect the following personal data: Name, IP address, time of posting. You can submit your e-mail address on a voluntary basis.
There is no obligation to give a clear name. This means that you have the possibility to use a pseudonym instead of your name or to write a contribution anonymously. The entry, name and time of the post can be viewed by any visitor to the website. Your used e-mail address is not displayed.
The legal basis for the processing of the data is Art. 6 (1) (f) GDPR. The guestbook function is in our legitimate interest to receive your voluntary feedback and to give interested parties in our clinics an insight into your experiences.
Since we want to draw attention to our long tradition as a specialized clinic with your entry, we store your data until you send us a request for deletion.
III. Categories of Recipients
1. Data Transfer for data processing on our behalf
We use specialized group-internal as well as external service providers to process some of your data. Our service providers are carefully selected and regularly checked by us. They process personal data only on our behalf and strictly in accordance with our instructions based on appropriate contracts for order processing.
2. Data Transfer due to legal obligation
Beyond that we transfer your personal data only and in so far a legal obligation exists on our part to the passing on. The transmission takes place pursuant to Art. 6 (1) (c) GDPR (e.g. to the police authorities in the context of criminal investigations or to the data protection supervisory authorities).
3. Processing of data outside the EU/EEA
Some of your data will also be processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where a generally lower level of data protection may prevail. In these cases, we ensure, for example through standard contractual clauses with our contractual partners that an adequate level of data protection is guaranteed for your data. We have informed you of the existing suitable protection guarantees in the context of this data protection information.
IV. Deletion of your data
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes.
This applies, for example, to data that must be retained for commercial or tax reasons. In accordance with statutory requirements in Germany, the records are kept in particular for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, manual letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
V. Your Rights
1. Rights of the Data Subjects
The following rights are in general available to you according to applicable data privacy laws:
- Right of information about your personal data stored by us;
- Right to request the correction, deletion or restricted processing of your personal data;
- Right to data portability;
- Right to file a complaint with a data protection authority;
- You may at any time with future effect withdraw your consent to the collection, processing and use of your personal data. For further information please refer to the chapters above describing the processing of data based on your consent;
- Right to object to a processing for reasons of our own legitimate interest pursuant to Art. (1) (f) GDPR, public interest, or profiling pursuant to Art. 6 (1) (e) GDPR, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims.
If you wish to exercise your rights, please address your request in the contact form or to our company data protection officer indicated below.
For any question, you may have with respect to data privacy, please contact our company data protection officer at the following address:
Data Protection Officer
Ms. Jana Lorenz
VI. Amendment of Privacy Statement
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our Website. Any amendments become effective upon publication on our Website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.