Privacy Policy

Introduction

 

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

Status: March 2, 2020

Table of Content

• Introduction
• Responsible
• Overview of the processing
• Applicable legal baseline
• Security measures
• Transfer and disclosure of personal data
• Use of cookies
• Commercial and business services
• Blogs and publication media
• Contact
• Communication via messenger
• Provision of the online offer and web hosting
• Cloud-Dienste
• Social network presences
• Plugins and embedded functions and content
• Deletion of data
• Modification and update of the privacy policy
• Rights of impacted persons
• Definition of terms

Responsible

Tierheilkommunikation Nicole Zellmer
Nicole Zellmer
Luhering 20
21629 Neu Wulmstorf

Email address: nicole@tierheilkommunikation.de

Imprint: https://tierheilkommunikation.de/impressum

Overview of the processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

• Master data (e.g. names, addresses).
• Content data (e.g. text input, photographs, videos).
• Contact information (e.g., email, phone numbers).
• Meta/communication data (e.g. device information, IP addresses).
• Usage data (e.g. websites visited, interest in content, access times).
• Contract data (e.g. subject matter of the contract, duration, customer category).
• Payment data (e.g. bank details, invoices, payment history).

Categories of persons affected

• Employees (e.g., employees, applicants, former employees).
• Business and Contractual Partners.
• Interested parties.
• Communication partners.
• Customers.
• Users (e.g., website visitors, users of online services).

Purposes of processing

• Affiliate tracking.
• Office- and organizational procedures.
• Feedback (e.g. collecting feedback via online form).
• Contact requests and communication.
• Remarketing.
• Reach measurement (e.g. access statistics, recognition of returning visitors).
• Tracking (e.g., interest/behavioral profiling, use of cookies).
• Contractual benefits and service.
• Managing and responding to inquiries.

Applicable legal baseline

In the following, we share the legal basis of the General Data Protection Regulation (GDPR) on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply.

• Consent (Art. 6 para. 1 p. 1 lit. a GDPR) - The concerned person has given consent to the processing of personal data concerning him or her for a specific purpose or purposes.
• Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO) - The processing is necessary for the performance of a contract to which the concerned person is a party or for the implementation of pre-contractual measures taken at the request of the concerned person.
• Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR) - Processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the concerned person which require the protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure the exercise of affected person rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https)To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer and disclosure of personal data

In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transfer within the organization: We may transfer or grant access to personal data to other entities within our organization. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and operational interests or is made where it is necessary for the fulfillment of our contract-related obligations or where there is consent from the data subjects or legal permission.

Use of cookies

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data for the fulfillment of our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the framework of applicable law, we only disclose the data of the contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We inform the contractual partners which data are required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

Consulting: We process the data of our clients and interested parties and other clients or contractual partners (uniformly referred to as "clients") in accordance with Art. 6 (1) lit. b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The processed data basically includes inventory and master data of the clients (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, fees, names of contact persons, etc.) and payment data (e.g., bank details, payment history, etc.).
Within the scope of our services, we may also process special categories of data pursuant to Art. 9 (1) GDPR, in particular information on the health of clients, possibly with reference to their sexual life or sexual orientation, ethnic origin or religious or ideological beliefs. For this purpose, we obtain, if necessary, according to Art. 6 para. 1 lit. a., Art. 7, Art. 9 para. 2 lit. a. GDPR an explicit consent of the clients and otherwise process the special categories of data for health care purposes on the basis of Art. 9 para. 2 lit. h. GDPR, § 22 para. 1 no. 1 b. BDSG.
If necessary for the fulfillment of the contract or required by law, we disclose or transmit client data in the context of communication with other professionals, third parties involved in the fulfillment of the contract necessarily or typically, such as billing agencies or comparable service providers, provided that this serves the provision of our services pursuant to Art. 6 para. 1 lit b. GDPR, is required by law pursuant to Art. 6 para. 1 lit c. GDPR, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Art. 6 para. 1 lit f. GDPR or is necessary according to Art. 6 para. 1 lit. d. GDPR to protect vital interests of the client or another natural person or in the context of consent according to Art. 6 para. 1 lit. a., Art. 7 GDPR.
The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations, whereby the necessity of the retention of the data is reviewed every three years; in all other respects, the legal retention obligations apply.

• Types of data processed: Master data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of contract, term, customer category).
• Concerned persons: Interested parties, business and contractual partners.
• Purposes of processing: Contractual performance and service, contact requests and communication, office and organizational procedures, administration and response to requests.
• Applicable legal baseline: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.

• Types of data processed: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Concerned persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contractual performance and service, feedback (e.g. collecting feedback via online form).
• Applicable legal baseline: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Services used and service providers:

• WordPress.com: Hosting platform for blogs; Service provider: Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/.

Contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is made in order to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.

• Types of data processed: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos).
• Concerned persons: Communication partners.
• Purposes of processing: Contact requests and communication.
• Applicable legal baseline: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Communication via messenger

We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, on encryption, on the use of the metadata of the communication and on your objection options.

You can also contact us by alternative means, e.g. via telephone or e-mail. Please use the contact options provided to you or the contact options specified within our online offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), please note that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use an up-to-date version of Messenger with encryption enabled to ensure that message content is encrypted.

However, we additionally point out to our communication partners that the providers of the messengers cannot view the content, but can learn that and when communication partners communicate with us as well as technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata) is processed.

Notes on legal principles: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communication via Messenger. Furthermore, we would like to point out that we do not transmit the contact data provided to us to the messenger for the first time without your consent.

Revocation, objection and deletion: You can revoke any consent given and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.

Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer inquiries via Messenger. This is the case if, for example, internal contractual information requires special confidentiality or an answer via Messenger does not meet the formal requirements. In such cases, we will refer you to more adequate communication channels.