Data Privacy Statement

The protection of your personal data is a task which is given top priority at ExperTeach Gesellschaft für Netzwerkkompetenz mbH. For this reason, we will process your data under consideration of all legal stipulations on data protection. The data is processed in compliance with the General Data Protection Regulation (GDPR) of the European Union on the basis of the principles listed below. In order to protect your data, we use comprehensive technical and organizational measures and keep our IT systems state-of-the-art.

With the data protection statement at hand, we would like to inform you about the type, scope, and purpose of the data retrieved, used and processed by us. The data protection statement at hand serves to specify the rights you have in this context.

Entity Responsible for Data Processing (Controller)

Controller of processing of your personal data is

ExperTeach Gesellschaft für Netzwerkkompetenz mbH
Waldstrasse 94
63128 Dietzenbach
Germany
Phone: +49 6074 4868 0
Fax.: +49 6074 4868 109
E-Mail: info@experteach.de

There are further entities responsible for the processing of your personal data. For this purpose a joint controllership agreement according to Art. 26 para. 1 sentence 2 of the General Data Protection Regulation (GDPR) has been stipulated. Information on the entities in the joint controllership agree-ment is available on request from our data protection officer.
 
The joint controllers have stipulated an agreement which controller in each case fulfills which obliga-tion under Art. 26 para. 1 sentence 2 of the GDPR. Our data protection officer will provide you with information about the essentials of this agreement on request.

Data Protection Officer
Dr. Inge Rötlich
Waldstrasse 94
63128 Dietzenbach
Germany
E-Mail: dataprivacy@experteach-training.com

Purpose of Data Processing
Personal data which is retrieved in the context of contacting or requesting a service shall be processed by ExperTeach for the purpose of performing the service commissioned or requested by you. Our services include the execution and organization of trainings and seminars, consulting, translations and technical documentation, the support for certifications and exams, the rental of seminar rooms, as well as the personal support and consulting of our customers. For this purpose, we process the required data which enables us to submit offers and perform our services.

Categories of Processed Data
We exclusively process data types which are necessary for contacting you, creating offers, and performing our services. Specifically, this includes the name, address, e-mail address, phone number and – if necessary - further data required to answer your questions, process your registration, perform or invoice our services, or to consult you, which is communicated by you to us for this purpose (e.g. additional phone number, certification ID, specifications about the company). We will process further information only after you have given your explicit consent.

If you submit a request to us or have yourself registered for a training event or another service and make specifications on your person in the process, we will use this data only as far as it is required to implement the business relation between you and ExperTeach GmbH. If necessary, we will process further data, such as information on our courses visited by you, or other services you are using, with the aim to support you appropriately. The details of the data types which relate to your person and are processed by us depend on the contacting mode, the commissioning of services, and on your acceptance and use of our offers. In this context, we process the data which you transfer to us in the corresponding forms or communicate in other ways.

Existing Data
We process and use the previously processed data and information provided by the customers voluntarily to perform new services for you as well as to inform you on current offers and services of ExperTeach GmbH. We evaluate data for internal, statistical purposes. As a matter of principle, all evaluations are anonymized, which means that no conclusions can be drawn with regard to your person.

Data Transfer
As a rule, we do not transfer your personal data to third parties. If you are using services for which the transfer of your data to third parties is required in order to perform the service in question, we will inform you on the purpose of the data transfer, the type of data transferred, and the processing entity (e.g. if you register as the participant of a seminar at the venue of the event). You can veto the transfer of your data any time.

Deletion of Data
We will block or delete your personal data if the purpose of the processing no longer applies and if we are not obliged by other legal stipulations to process your data over a longer time period.

Data Processing on our Website
On our website www.experteach.de (internet homepage) as well as on the correspondingly localized websites we process general data and information after any log-on and save this information to log files. Here, the following data types will be processed:

  • Data on the browser type and version
  • Operating system
  • Date and time of the access
  • IP address
  • ISP of the accessing system
  • Referrer (Internet page from which the visiting person was forwarded)
  • Pages visited on our website
  • Data to prevent threats to our IT systems

We do not draw any conclusions about your person from this data. We use this data exclusively for the faultless presentation of our website, the optimization of the contents, the maintenance of the function of our IT systems, and in an anonymized form for statistic purposes as well as for the improvement of data protection and data security on our website.

Contact Form on our Website
You can use the contact form on our website to contact us in writing and send messages to us. We process your information in the form exclusively in order to process your inquiry and answer it. The data is transmitted via a secure connection.  

Cookies
Our website uses "cookies". Cookies serve to make our presentation more user-friendly and efficient. Cookies are text files which are stored on your PC and which will subsequently be saved by your browser. Cookies do not contain any personal data. This data is not merged with other data sources. Most cookies used by us are so-called "session cookies", which will be deleted when you terminate your browser session. These cookies are required for transactions and contain a transaction ID. You have the option to configure your browser in such a way that these cookies will not be stored or that they will be deleted at the end of your session on our site. Please note, however, that in this case you may not be able to use the full scope of functions of our web pages.

Google Analytics
We use Google Analytics for the demand-oriented design and continuous optimization of our pages. Google Analytics is a Web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; subsequently referred to as "Google"). In this context, usage profiles under pseudonyms are created and cookies are used (see cookies). The information about your usage of this website generated by the cookie, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the page visited previously),
  • host name of the accessing computer (IP address),
  • time of the server request,

is transferred to a server of Google in the U.S.A. and stored there. The information is used to evaluate the usage of the website, to create reports on the website activities, and to perform further services connected with the usage of the website and of the Internet for the purpose of market research and the demand-oriented design of these Internet pages. If required, this information will also be transferred to third parties, as far as this is legally stipulated and as far third parties process this data when commissioned to do so. In no case will your IP address be merged with other data of Google. The IP addresses are anonymized so that they cannot be assigned to persons (IP masking). You can prevent the installation of cookies by corresponding settings of your browser software. We would like to point out, however, that in this case you may not be able to use all functions of this Website to the full extent. In addition, you can prevent the capturing the data which is generated by the cookie and relates to your usage of the website (including your IP address), as well as the processing of this data by Google by downloading and installing the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially with browsers on mobile end devices, you can also prevent the capturing by Google Analytics by clicking on the following link https://tools.google.com/dlpage/gaoptout.An opt-out cookie will be set which will prevent the future capturing of your data when visiting this Website. The opt-out cookie will only be effective on this browser and only for our Website and will be stored on your device. If you delete the cookies in your browser, you will have to set the opt-out cookie again. For further information on data protection in the context with Google Analytics, please refer to the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).

Social Media Plug-ins
On the basis of Article 6 Paragraph 1 Page 1 Letter f of the GDPR, we are using the social plug-ins of the social networks Facebook, Twitter, XING, and LinkedIn on our Website in order to make our company well-known over these networks. The commercial purpose behind this endeavor is considered a legitimate interest in the sense of the GDPR. The responsibility for the operation compliant to data protection regulations rests with the corresponding provider, who has to ensure it. We integrate these plug-ins by means of the so-called two-click method, which we apply to protect visitors to our website in the best possible way.

a) Facebook
On our website we apply social media plug-ins of Facebook to make the usage more personal. For this purpose, we use the "LIKE" or "SHARE" button. This is an offer by Facebook.
If you call a page of our website which contains such a plug-in, your browser will set up a direct connection to the servers of Facebook. Facebook directly transfers the contents of the plug-in to your browser. The contents will then be integrated into the website.
Via the integration of the plug-ins, Facebook receives the information that your browser has called the corresponding page of our Website, even if you do not have a Facebook account or if you are currently not logged on to Facebook. This information (including your IP address) is directly transferred from your browser to another server of Facebook in the U.S.A. and is stored there.
If you are logged on to Facebook, Facebook can assign the visit to our Website directly to your Facebook account. If you interact with the plug-ins, for instance if you use the "LIKE" or "SHARE" button, the corresponding information will also be transferred directly to a server of Facebook and be stored there. In addition, this information will also published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research, and demand-oriented design of the Facebook pages. To do this, Facebook creates usage, interest and relation profiles, for instance to evaluate your usage of our Website in terms of the advertisements displayed under your Facebook account, to inform other Facebook users about your activities on our Website, and to perform further services connected with the use of Facebook.
If you do not want Facebook to assign the data retrieved about our Web appearance to your Facebook account, you have to log off from Facebook prior to visiting our Website.
To learn more about the purpose and scope of data capturing and the further processing and use of the data by Facebook as well as about your corresponding rights and setting options to protect you privacy, please refer to the data protection hints (https://www.facebook.com/about/privacy/) by Facebook.

b) X
Plug-ins of the short message network X of X Inc. (X) are integrated into our Internet pages. You can identify the X plug-ins (Tweet button) by the X icon on our page. You can find an overview of the Tweet buttons at (https://about.twitter.com/resources/buttons).
If you call a page of our Website which contains such a plug-in, a direct connection will be set up between your browser and the X server. As a result, X will receive the information that you have visited our Website with your IP address. If you click on the "Tweet button" of X while you are logged on to your X account, you will be able to link the contents of our pages on your X profile. As a result, X can assign your visit to our Web pages to your user account. We would like to point out that as the provider of the pages we have no knowledge of the contents of the data transferred or of its usage by X.
If you do not want Twitter to be able to assign the visit of our pages to your X account, you have to log off from your X user account prior to visiting our Website.
You can find further information in the data privacy statement by X (https://twitter.com/privacy).

c) XING
On our website, so-called social plug-ins ("plug-ins") of XING are also used. XING is operated by XING SE, Dammtorstr. 30, 20354 Hamburg, Germany ("XING").
The plug-ins are marked by a XING icon, respectively by an "X".
If you visit a page of our website which contains such a plug-in, your browser will set up a direct connection to the servers of XING. XING directly transfers the contents of the plug-in to your browser. The contents will then be integrated into the website. Via the integration of the plug-ins, XING receives the information that your browser has called the corresponding page of our Website, even if you do not have a XING profile or if you are currently not logged on to XING.
This information (including your IP address) is directly transferred from your browser to another server of XING and is stored there. If you are logged on to XING, XING can assign the visit to our website directly to your XING account. If you interact with the plug-ins, for instance if you use the "XING" button, the corresponding information will also be transferred directly to a server of XING and be stored there.
Moreover, this information will be published on your XING account and displayed to your contacts there.
If you do not want XING to assign the data retrieved about our Web appearance to your XING account, you have to log off from XING prior to visiting our Website. For further information, please refer to the data privacy statement of XING (https://privacy.xing.com/de/datenschutzerklaerung).

 d) LinkedIn

On our Website, we also use so-called social “plug-ins” of LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).The plug-ins are marked by a LinkedIn icon, respectively by an "In".If you visit a page of our Website which contains such a plug-in, your browser will set up a direct connection to the servers of LinkedIn. LinkedIn directly transfers the contents of the plug-in to your browser. The contents will then be integrated into the Website. Via the integration of the plug-ins, LinkedIn receives the information that your browser has called the corresponding page of our Website, even if you do not have a LinkedIn profile or if you are currently not logged on to LinkedIn.This information (including your IP address) is directly transferred from your browser to another server of LinkedIn and is stored there. If you are logged on to LinkedIn, LinkedIn can assign the visit to our Website directly to your LinkedIn account. If you interact with the plug-ins, for instance if you use the "LinkedIn" button, the corresponding information will also be transferred directly to a server of LinkedIn and be stored there.Moreover, this information will be published on your LinkedIn account and displayed to your contacts there.If you do not want LinkedIn to directly assign the data retrieved about our Web appearance to your LinkedIn account, you have to log off from LinkedIn prior to visiting our Website. For further information, refer to the LinkedIn data privacy statement (https://www.linkedin.com/legal/privacy-policy).

WhatsApp
Plug-ins of the WhatsApp service (WhatsApp Ireland Limited, Attn: Privacy Policy, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are integrated on our Internet pages. You can identify the plug-ins via the WhatsApp icon (speech bubble with telephone handset on a green field) on our Web page. If you call a page of our Website which contains such a plug-in, a direct connection will be set up between your browser and the WhatsApp server. As a result, WhatsApp will receive the information that you have visited our Website with your IP address. If you click the WhatsApp icon while you are logged on to WhatsApp, you can send the contents of our Web pages via a link to your WhatsApp contacts. As a result, WhatsApp can assign your visit to our Web pages to your user account. We would like to point out that as the provider of the pages we have no knowledge of the contents of the data transferred or of its usage by WhatsApp. If you do not want WhatsApp to be able to assign the visit to our Web pages, please do not use the pages on a mobile phone with the WhatsApp app enabled. For further information, please refer to the data privacy statement of WhatsApp (https://www.whatsapp.com/legal/#privacy-policy).

Payment
Application of PayPal and PayPal-PLUS as Payment Mode
(1) If you opt for payment via the online payment service provider PayPal in the context of your ordering process, your contact data will be transferred to PayPal in the scope of the initiated order. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal takes over the function of an online payment service provider as well as of a trustee and offers protection for buyers.
 
(2) The data transferred to PayPal usually includes the first name, last name, address, phone number, IP address, e-mail address, or other data which is required for the ordering process, as well as data which relates to the order, such as the quantity of items, item number, invoice amount and taxes in percent, invoice information, etc.
 
(3) This data transfer is necessary to process your order by means of the payment mode selected by you, in particular to confirm your identity, as well as to administrate your payment and customer relation. Please note, however: PayPal is entitled to forward person-related data to service providers, subcontractors, or other related companies, as far as this is required to fulfil the contractual obligations resulting from your order or as far as this person-related data is to be processed in the scope of the order.
 
(4) Depending on the payment mode selected via PayPal, e.g. by invoice or debit, PayPal will transfer the person-related data transmitted to PayPal to business information offices. This transfer serves to check the identity and credit-worthiness in terms of the order placed by you. To see which information offices are involved and which data is generally captured, processed, stored, and forwarded, please see the data privacy declaration by PayPal at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN
 

Usage of Cisco Webex, Jitsi (Netways), and Microsoft Teams for online meetings, online and hybrid training, and video-conferences

In the following, we will inform you on the processing of person-related data in the context of of the usage of Cisco WebEx, Jitsi (Netways), and Microsoft Teams.

Purpose of Data Processing
We are using the “WebEx”, “Microsoft Teams”, and “Jitsy (Netways)” tools to perform online meetings, online and hybrid training, and video-conferences (subsequently: “online events”).

Data Privacy Notes
You can view the data privacy notes by Cisco WebEx at:
https://help.webex.com/de-de/pdz31w/Cisco-Webex-Compliance-and-Certifications

You can view the data privacy notes by Microsoft Teams at:
https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/

You can view the data privacy notes by Jitsi (Netways) at:
https://www.netways.de/rechtliches/datenschutz/

Person Responsible
ExperTeach Gesellschaft für Netzwerkkompetenz mbH, Waldstraße 94, 63128 Dietzenbach, Germany, shall be responsible for the processing of data in the immediate context with the performance of “online events”.

As far as you call the Internet pages of Cisco WebEx, Microsoft, or Jitsi (Netways), the corresponding provider shall be responsible for data processing.

If you do not wish to use the apps of the providers WebEx, Jitsi, or MS Teams for our “online events”, the basic functions of the meetings can also be used via a browser version.

What types of data are processed?
When using WebEx, MS Teams, or Jitsi (Netways), different types of data are processed. The volume of the data depends on the specification on the data which you make prior to or during an “online event”.

The following, person-related data is subject of the processing:

Specifications about the user: First name, last name, phone (optional), e-mail address, password (optional)

Online meta-data: Topic, description (optional), subscriber IP addresses, device/hardware information

In the case of recordings (optional): MP4 file of all video, audio, and presentation recordings, MP4 file with all audio-recordings, text file of the online meeting chat

When dialing in via phone: Specification of incoming and outgoing call number, country name, start and end time. If required, further connection data can be stored, such as the IP address of the device.

Text, audio, and video data: You may have the option to use the chat, question, or survey functions as well as further functions for file upload and download, such as image, sound, video, etc. The data provided by you is processed as far as to display this data in the “online event” and to make it accessible to other participants during or after the event and to log it, where required.

To allow the display of the video and replay of the audio data, the data from the microphone of your end device as well as of optional video cameras of the end devices will be processed accordingly during the duration of the event. You can switch off the camera or set the microphone to mute any time by means of the corresponding applications.

To participate in an “online event”or to enter the online room, you have to specify your name, as a minimum.

Scope of the Processing
We are using WebEx, MS Teams, and Jitsi (Netways) to perform “online events”. As a rule, these events are not recorded. If we wish to record an “online event”, we will inform you prior to the event and will ask for your consent.

Cisco (Webex) will store person-related data for a sufficient time period as required to fulfill the purposes for which the data was captured. The person-related data will be stored and used as long as this is required to fulfill the business requirements and legal obligations, to resolve disputes, and to protect its resources and fulfill the contractual obligations.

If you are registered as user under MS Teams or participate as a guest in a conference, reports about “online events” (meeting meta-data, data on dial-in by phone, questions and answers in webinars, survey functions in webinars) can be stored in MS Teams up to one month.

Reception/Forwarding of Data
Person-related data which is processed in Cisco WebEx, MS Teams and Jitsi (Netways) in the context of a participation in “online events” is not forwarded to third-parties as a matter of principle, as far as the data has not been explicitly been determined for forwarding.

Data Processing outside of the European Union
Cisco WebEx and MS Teams are services, which are rendered by providers located in the U.S.A. The person-related data may possibly also be processed in a third country. An appropriate data protection level is ensured by the completion of standard protection clauses according to Art. 46 para. 2 lit. c) GDPR.

Data by Jitsi (Netways) are exclusively processed in Germany in accordance with the GDPR.

Usage of OTRS

We use an internal ticket system for the most diverse requests within our company. This system is provided by the company OTRS AG, Zimmersmühlenweg 11, 61440 Oberursel, Germany. This ticket system is e.g. used to process requests for offers, technical requests, or requests for resources. The person-related data captured in the context of contact establishment or the performance of a service is stored by OTRS in the Hetzner data centers.

Legal Basis: The legal basis for data processing is Art. 6 Abs. 1 lit. a) General Data Protection Regulation (GDPR).

Receiver: The reeiver of the data is OTRS AG respectively the Hetzner data centers.

Transfer to Third Countries: The data will not be transferred to third countries.

Further Data Protection Hints: For further details, please see the data protection hints by OTRS at: https://otrs.com/privacy-policy/ as well as the data sheet  Ihre Daten unsere Verantwortung.pdf. You can find all details on the data protection policies of Hetzner at https://www.hetzner.com/legal/legal-notice/.

 

Usage of HubSpot

We use HubSpot on this website. The provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA..

Among other things, HubSpot enables us to administrate existing and potential customers as well as customer contacts. HubSpot helps us to capture, sort, and analyze customer interactions via e-mail, social media, or phone beyond different channels. The person-related data captured in this way can be evaluated and be used for the communication with the potential customer or for marketing measures (e.g. newsletter mailings). Moreover, HubSpot enables us to capture and analyze the user behavior of our contacts on our Website.

HubSpot is used on the basis of Art. 6 para. 1 lit. f GDPR. The operator of the Website has a legitimate interest in a highly efficient customer administration and customer communication. As far as corresponding declaration of consent has been queried, the processing is exclusively performed on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (Telecommunications Telemedia Data Privacy Regulation). This declaration of consent can be revoked any time. For more details, see the data privacy regulations of HubSpot at: https://legal.hubspot.com/de/privacy-policy.

We have concluded a “Data Processing Agreement” with HubSpot. This contract can be viewed under the following link: 

https://742851.fs1.hubspotusercontent-na1.net/hubfs/742851/HubSpot_DPA_1Sep2023_SubP_SCC_UK.pdf

The data transfer into the U.S.A. is based on the EU-U.S. Data Privacy Framework and the Adequacy Decision of the European Commission dated July 10, 2023, as well as on the EU standard contractual clauses additionally negotiated by HubSpot.

 

Use of myExperTeach
You can register for myExperTeach on our website. In this case, we will process the data which you transfer when activating your myExperTeach account in order to provide you with information about the courses you intend to visit, additional materials, and further information.

We will use your registration with voluntarily transmitted personal data to offer you contents or services, which can only be offered to registered users. You have the option, however, to modify the personal data specified during the registration or to have them completely deleted from myExper-Teach. In addition, the further rights specified below in the "Your Rights as the Person Concerned" section shall be valid for you.

Newsletter
You can subscribe to our ExperTeach Newsletter via our website or by using other options. We will process the data which you enter into a form when subscribing to the Newsletter or which you trans-fer in another way. We need your name and a valid e-mail address. We will send you a confirmation e-mail to your e-mail address in order to check the authenticity of the owner (double-opt-in proce-dure). You can have yourself be deleted from the list of subscribers to the Newsletter by contacting us or by following the link for the unsubscription in the electronic Newsletter or on our website.

Usage of rapidmail
Description and Purpose: We use rapidmail for the creation and transmission of e-mailings. The provider is rapidmail GmbH Augustinerplatz 2, 79098 Freiburg i.Br., Germany. We use rapidmail e.g. to organize and analyze the transfer of e-mailings. The data entered by you for the purpose of e-mailing is stored on the servers of rapidmail in Germany. If you do not wish any analysis to be performed via rapidmail, you have to unsubscribe for the e-mailings. For this purpose, we provide a corresponding link in each e-mailing. Moreover, you can also unsubscribe for the e-mailings directly on our Website. For the purpose of analysis, e-mails transferred with rapidmail contain a so-called tracking pixel, which sets up a connection to the servers of rapidmail after opening the e-mail. In this way, it can be determined whether a message has been opened. Moreover, we can determine with the help of rapidmail whether and which links have been clicked in the e-mailing. All links in the e-mail are so-called tracking links, which serve to count your clicks.

Legal Basis: The legal basis for data processing is Art. 6 Abs. 1 lit. a) General Data Protection Regulation (GDPR).

Receiver: The receiver of the data is rapidmail GmbH.

Transfer to Third Countries: The data will not be transferred to third countries.

Duration: The data you have stored on our servers in the context of the consent for the purpose of the distribution of newsletters and e-mailings will be stored by us up to your unsubscription. After the unsubscription for the e-mailing, the data will be deleted both from our servers and from the servers of rapidmail. Data we have stored for other purposes (e.g. e-mail addresses for the subscriber section) shall remain unaffected by this.

Option of Revoking: You have the option to revoke your consent to data processing with effect for the future any time. The legitimacy of the already performed data processing procedures shall remain unaffected by the revoking.

Information Offers
If you do not wish to receive any further information on our offers and services, you can veto the use of your data any time informally, for instance via e-mail sent to the address datenschutz@experteach.de or in writing to ExperTeach GmbH.

Electronic Application Procedure
You can use the option to send to send us electronic application documents. We will use the data which we process via the electronic application procedure via the electronic application procedure exclusively for processing your application. When filling in the form, you will specifically be informed about data protection measures in a data privacy statement in the application procedure.

If you send application documents in paper form, e.g. by mail, we will with your permission scan the documents and process the data  in our electronic application procedure. You will then receive back your original documents. For e-mail applications, your data will automatically be transferred to our system. If you do not agree, we ask you to actively contradict this procedure. 

 

Legal Basis for the Processing of Your Data

After you have given your consent, we will process your data according to Article 6 Paragraph 1 (a) GDPR as the legal basis. When performing a contract to which you are a contractual party, such as performing a training service for you, the data processing is based on Article 6 Paragraph 1 (b) GDPR. The same is valid for the processing of premature measures, such as inquiries for offers for our services. In order to comply with taxation obligations, the processing of your data by us is based on Article 6 Paragraph 1 (c) GDPR. In exceptional cases, it may be necessary to process specific data according to Article 6 Paragraph 1 (d) GDPR to protect you or vital interests, e.g. if accidents occur on our premises and if your health insurance data has to be processed in this context. In addi-tion, we will process data on the basis of Article 6 Paragraph 1 (f) GDPR if this is necessary to pro-tect legitimate interests of our company or of third parties. When processing your data according to Article 6 Paragraph 1 (f) GDPR, we assert the claim to our legitimate interest in the performance of our business operations.

 

Processing Period

For the duration of the processing of your data, we will adhere to the legally stipulated timelines for data storage. After expiration of the deadlines we will delete your data, as far as it is no longer re-quired for the fulfilment or initiation of contracts or if you do not wish to receive consulting services, offers, or other information from us..

 

Your Rights as the Person Concerned

Your rights regarding your personal data result from the General Data Protection Regulation of the European Union (GDPR, Regulation (EU) 2016/679) as well as the Bundesdatenschutzgesetz (BDSG, Federal Data Protection Act of the Republic of Germany, in the new version). In the following, we will point out your rights separately.

If you wish to claim your rights, feel free to contact our data protection officer any time or alternatively one of our employees. To do this, please contact us in writing, via e-mail, or by phone. We will subsequently deal with your request as soon as possible.

In the following, we will explain your rights in detail.

Right to Confirmation
According to Article 13 GDPR, you have the right to demand a confirmation whether personal data are processed which relate to you.

Right to Information
According to Article 15 GDPR, you have the right to be informed at your request any time as to which data records are stored by us about you and for which purpose these data records are stored. More-over, you are entitled to have incorrect data corrected or to have data records deleted for which stor-age is not permitted or no longer required.

Right to Correction
According to Article 16 GDPR, you have the right to demand the immediate correction or completion of your data which are processed by us.

Right to Deletion
According to Article 17 GDPR, you have the right to demand the deletion of your data as far as one of the following reasons applies to the deletion of your data and as far as the further processing is not required:

  • The personal data is retrieved for such purposes or in such a manner for which the data is no longer required.
  • You revoke your consent on which the processing according to Article 6 Paragraph 1 a GDPR is based and there is no other legal basis for the processing.
  • You veto the processing according to Article 21 Paragraph 1 GDPR and there are no prefer-ential legitimate reasons for the processing, or you veto the processing according to Article 21 Paragraph 2 GDPR.
  • The personal data was processed in an illegitimate manner.
  • The deletion of the personal data is required to fulfil a legal obligation according to the legis-lation of the European Union or of the member states.
  • The personal data is captured with reference to the services of the information society ac-cording to Article 8 Paragraph 1 GDPR.

Right to Restriction (Blocking)
According to Article 18 GDPR, you have the right of restriction (blocking) of your data until a clarification has been achieved:

  • if the correctness of your data is disputed,
  • if you require your data to state, execute or defend legal claims, or
  • if you have vetoed a processing according to Article 21 and it has not yet been de-termined whether the data has to be deleted.

We will inform you as soon as a blocking has been disabled.

Revoking of Consent
According to Article 7 GDPR, you have the right to revoke your consent to the processing of your personal data. If your data is not processed due to other (legal) basic regulations and as far as we do not present compelling reasons which overrule your interests, rights, and liberties, your data will not be further processed. Data which serves to state, execute or defend legal claims is exempted from this ruling.

Veto against Processing
According to Article 21 GDPR, you have the right to veto the processing of your data if there are reasons against that caused by your special personal situation and if the data has been captured according to Article 6 Paragraph 1 e and f. In this case, we shall refrain from further processing your data unless we can state compelling reasons requiring processing, which overrule your interests, rights, and liberties. Data which serves to state, execute or defend legal claims is exempted from this ruling.

Transferability of Data
According to Article 20 GDPR, you have the right to receive your data in a standardized, structured, and machine-readable format and to transfer this data to another person responsible for it without being hindered by us. As a prerequisite, the processing has to be performed according to Article 6 Paragraph 1or Article 9 Paragraph 2 or has to be based on a contract according to Article 6 Para-graph 1 b GDPR, and the processing has to be performed with the help of an automated procedure.

Right to Complain
If it can be suspected that your data is processed in an illegitimate manner, you have the right to contact the data protection agency and to file a complaint there. The responsibility rests with the regulatory authorities of the corresponding state. In Germany, it rests with the federal state in which the company is located. You can also contact other data protection agencies (e.g. in the country in which the service was performed) in order to acquire information about the complaint process.