It is gene­rally possible to use the website without provi­ding any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be neces­sary to process personal data. If the proces­sing of personal data is neces­sary and there is no legal basis for such proces­sing, we gene­rally obtain the consent of the data subject. The proces­sing of personal data, such as the name, address, e‑mail address, or tele­phone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-​specific data protec­tion regu­la­tions appli­cable to the Dr. Sophia Wachner.

By means of this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy. As the controller, the Zentrum Funktionelle Medizin has imple­mented nume­rous tech­nical and orga­niza­tional measures to ensure the most complete protec­tion of personal data processed through this website. Nevertheless, Internet-​based data trans­mis­sions can gene­rally have secu­rity gaps, so abso­lute protec­tion cannot be guaran­teed. For this reason, every data subject is free to transmit personal data to us by alter­na­tive means, for example by tele­phone.

The data protec­tion decla­ra­tion of the Dr. Sophia Wachner is based on the terms used by the European legis­lator for the adop­tion of the General Data Protection Regulation (GDPR). Our data protec­tion decla­ra­tion should be legible and under­stan­dable for the general public, as well as our custo­mers and busi­ness part­ners. To ensure this, we would like to explain the termi­no­logy used in advance. We use the follo­wing terms, among others, in this privacy policy 

a) personal data
Personal data means any infor­ma­tion rela­ting to an iden­ti­fied or iden­ti­fiable natural person (herein­after referred to as „data subject“). An iden­ti­fiable natural person is one who can be iden­ti­fied, directly or indi­rectly, in parti­cular by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­tion number, loca­tion data, an online iden­ti­fier or to one or more factors specific to the physical, physio­lo­gical, genetic, mental, economic, cultural or social iden­tity of that natural person.

b) Person concerned
Data subject is any iden­ti­fied or iden­ti­fiable natural person whose personal data is processed by the controller respon­sible for the proces­sing.

c) Processing
Processing is any opera­tion or set of opera­tions which is performed on personal data or on sets of personal data, whether or not by auto­mated means, such as coll­ec­tion, recor­ding, orga­niza­tion, struc­tu­ring, storage, adapt­a­tion or altera­tion, retrieval, consul­ta­tion, use, disclo­sure by trans­mis­sion, disse­mi­na­tion or other­wise making available, alignment or combi­na­tion, rest­ric­tion, erasure or destruc­tion.

d) Restriction of proces­sing
Restriction of proces­sing is the marking of stored personal data with the aim of rest­ric­ting its future proces­sing.

e) Profiling
Profiling means any form of auto­mated proces­sing of personal data consis­ting of the use of personal data to evaluate certain personal aspects rela­ting to a natural person, in parti­cular to analyze or predict aspects concer­ning that natural person’s perfor­mance at work, economic situa­tion, health, personal prefe­rences, inte­rests, relia­bi­lity, beha­vior, loca­tion or move­ments.

f) Pseudonymization
Pseudonymization is the proces­sing of personal data in such a manner that the personal data can no longer be attri­buted to a specific data subject without the use of addi­tional infor­ma­tion, provided that such addi­tional infor­ma­tion is kept sepa­ra­tely and is subject to tech­nical and orga­niza­tional measures to ensure that the personal data are not attri­buted to an iden­ti­fied or iden­ti­fiable natural person.

g) Controller or controller respon­sible for the proces­sing
Controller or controller respon­sible for the proces­sing is the natural or legal person, public autho­rity, agency or other body which, alone or jointly with others, deter­mines the purposes and means of the proces­sing of personal data. Where the purposes and means of such proces­sing are deter­mined by Union or Member State law, the controller or the specific criteria for its nomi­na­tion may be provided for by Union or Member State law.

h) Processor
Processor is a natural or legal person, public autho­rity, agency or other body which processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public autho­rity, agency or another body, to which the personal data are disc­losed, whether a third party or not. However, public autho­ri­ties which may receive personal data in the frame­work of a parti­cular inquiry in accordance with Union or Member State law shall not be regarded as reci­pi­ents.

j) Third party
Third party is a natural or legal person, public autho­rity, agency or body other than the data subject, controller, processor and persons who, under the direct autho­rity of the controller or processor, are autho­rized to process personal data.

k) Consent
Consent is any freely given, specific, informed and unam­bi­guous indi­ca­tion of the data subject’s wishes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the proces­sing of personal data rela­ting to him or her.

The controller within the meaning of the General Data Protection Regulation, other data protec­tion laws appli­cable in the Member States of the European Union and other provi­sions of a data protec­tion nature is the:

Dr. Sophia Wachner
Waisenhausstrasse 52a
80637 Munich
Germany
Phone: +49 (0) 89–306 420 93
E‑mail: empfang@zentrum-funktionelle-medizin.de
Website: www.zentrum-funktionelle-medizin.de

The Internet pages of Dr. Sophia Wachner use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser. Numerous websites and servers use cookies. Many cookies contain a so-​called cookie ID. A cookie ID is a unique iden­ti­fier for the cookie. It consists of a string of charac­ters that can be used to assign websites and servers to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distin­guish the indi­vi­dual browser of the data subject from other Internet brow­sers that contain other cookies. A specific Internet browser can be reco­gnized and iden­ti­fied via the unique cookie ID. Through the use of cookies, the Dr. Sophia Wachner can provide the users of this website with more user-​friendly services that would not be possible without the cookie setting. By means of a cookie, the infor­ma­tion and offers on our website can be opti­mized for the benefit of the user. As already mentioned, cookies enable us to reco­gnize the users of our website. The purpose of this reco­gni­tion is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-​enter their access data each time they visit the website because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie for a shop­ping basket in an online store. The online store remem­bers the items that a customer has placed in the virtual shop­ping cart via a cookie. The data subject can prevent the setting of cookies by our website at any time by means of a corre­spon­ding setting of the Internet browser used and thus perma­nently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other soft­ware programs. This is possible in all common Internet brow­sers. If the data subject deac­ti­vates the setting of cookies in the Internet browser used, not all func­tions of our website may be fully usable.

The website of the Dr. Sophia Wachner coll­ects a series of general data and infor­ma­tion when a data subject or auto­mated system calls up the website. This general data and infor­ma­tion is stored in the server log files. The (1) browser types and versions used, (2) the opera­ting system used by the acces­sing system, (3) the website from which an acces­sing system accesses our website (so-​called referrer), (4) the sub-​websites which are accessed via an acces­sing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the acces­sing system and (8) other similar data and infor­ma­tion used for secu­rity purposes in the event of attacks on our infor­ma­tion tech­no­logy systems. When using these general data and infor­ma­tion, the Dr. Sophia Wachner does not draw any conclu­sions about the data subject. Rather, this infor­ma­tion is needed to (1) deliver the content of our website correctly, (2) opti­mize the content of our website as well as its adver­ti­se­ment, (3) ensure the long-​term viabi­lity of our infor­ma­tion tech­no­logy systems and website tech­no­logy, and (4) provide law enforce­ment autho­ri­ties with the infor­ma­tion neces­sary for criminal prose­cu­tion in case of a cyber-​attack. Therefore, the Dr. Sophia Wachner analyzes anony­mously coll­ected data and infor­ma­tion statis­ti­cally, with the aim of incre­asing the data protec­tion and data secu­rity of our enter­prise, and to ensure an optimal level of protec­tion for the personal data we process. The anony­mous data of the server log files are stored sepa­ra­tely from all personal data provided by a data subject.

The controller shall process and store the personal data of the data subject only for the period neces­sary to achieve the purpose of storage, or as far as this is granted by the European legis­lator or other legis­la­tors in laws or regu­la­tions to which the controller is subject to. If the storage purpose no longer applies or if a storage period prescribed by the European legis­lator or another compe­tent legis­lator expires, the personal data is routi­nely blocked or erased in accordance with the statu­tory provi­sions.

a) Right to confir­ma­tion
Each data subject shall have the right granted by the European legis­lator to obtain from the controller the confir­ma­tion as to whether or not personal data concer­ning him or her are being processed. If a data subject wishes to avail himself of this right of confir­ma­tion, he or she may, at any time, contact any employee of the controller.

b) Right to infor­ma­tion
Any person affected by the proces­sing of personal data has the right, granted by the European legis­lator, to obtain from the controller free infor­ma­tion about the personal data stored about him/​her and a copy of this infor­ma­tion at any time. Furthermore, the European legis­lator has granted the data subject access to the follo­wing infor­ma­tion the purposes of the proces­sing the cate­go­ries of personal data being processed the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the personal data have been or will be disc­losed, in parti­cular reci­pi­ents in third count­ries or inter­na­tional orga­niza­tions where possible the envi­saged period for which the personal data will be stored, or, if not possible, the criteria used to deter­mine that period the exis­tence of the right to request from the controller recti­fi­ca­tion or erasure of personal data or rest­ric­tion of proces­sing of personal data concer­ning the data subject or to object to such proces­sing the exis­tence of the right to lodge a complaint with a super­vi­sory autho­rity where the personal data are not coll­ected from the data subject: All available infor­ma­tion on the origin of the data The exis­tence of auto­mated decision-​making, inclu­ding profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful infor­ma­tion on the logic involved and the scope and intended effects of such proces­sing for the data subject Furthermore, the data subject has a right of access as to whether personal data has been trans­ferred to a third country or to an inter­na­tional orga­niza­tion. If this is the case, the data subject also has the right to obtain infor­ma­tion about the appro­priate safe­guards in connec­tion with the transfer.If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

c) Right to recti­fi­ca­tion
Any person affected by the proces­sing of personal data has the right granted by the European legis­lator of direc­tives and regu­la­tions to demand the imme­diate correc­tion of incor­rect personal data concer­ning them. Taking into account the purposes of the proces­sing, the data subject shall also have the right to have incom­plete personal data completed, inclu­ding by means of provi­ding a supple­men­tary statement.If a data subject wishes to exer­cise this right to recti­fi­ca­tion, he or she may, at any time, contact any employee of the controller.

d) Right to erasure (right to be forgotten)
Each data subject shall have the right granted by the European legis­lator to obtain from the controller the erasure of personal data concer­ning him or her without undue delay, and the controller shall have the obli­ga­tion to erase personal data without undue delay where one of the follo­wing grounds applies, as long as the proces­sing is not neces­sary: the personal data are no longer neces­sary in rela­tion to the purposes for which they were coll­ected or other­wise processed. The data subject with­draws consent on which the proces­sing is based accor­ding to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the proces­sing. The data subject objects to the proces­sing pursuant to Article 21(1) of the GDPR and there are no over­ri­ding legi­ti­mate grounds for the proces­sing, or the data subject objects to the proces­sing pursuant to Article 21(2) of the GDPR. The personal data has been processed unlawfully. The personal data must be erased for compli­ance with a legal obli­ga­tion in Union or Member State law to which the controller is subject. The personal data have been coll­ected in rela­tion to the offer of infor­ma­tion society services referred to in Article 8(1) GDPR. If one of the afore­men­tioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Dr. Sophia Wachner, he or she may, at any time, contact any employee of the controller. An employee of Dr. Sophia Wachner shall promptly ensure that the erasure request is complied with immediately.If the personal data has been made public by Dr. Sophia Wachner and our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, Dr. Sophia Wachner shall take appro­priate measures, inclu­ding tech­nical measures, taking into account the available tech­no­logy and the imple­men­ta­tion costs, to inform other persons respon­sible for data proces­sing who process the published personal data, that the person concerned has requested the dele­tion of all links to this personal data or of copies or repli­ca­tions of this personal data from these other persons respon­sible for data proces­sing, insofar as the proces­sing is not neces­sary. An employees of the Dr. Sophia Wachner will arrange the neces­sary measures in indi­vi­dual cases.

e) Right to rest­ric­tion of proces­sing
Any person affected by the proces­sing of personal data has the right, granted by the European legis­lator, to obtain from the controller rest­ric­tion of proces­sing where one of the follo­wing applies: The accu­racy of the personal data is contested by the data subject, for a period enab­ling the controller to verify the accu­racy of the personal data. The proces­sing is unlawful and the data subject opposes the erasure of the personal data and requests the rest­ric­tion of their use instead. The controller no longer needs the personal data for the purposes of the proces­sing, but they are required by the data subject for the estab­lish­ment, exer­cise or defense of legal claims. The data subject has objected to proces­sing pursuant to Article 21(1) GDPR pending the veri­fi­ca­tion whether the legi­ti­mate grounds of the controller over­ride those of the data subject. If one of the afore­men­tioned condi­tions is met, and a data subject wishes to request the rest­ric­tion of the proces­sing of personal data stored by the Dr. Sophia Wachner, he or she may at any time contact any employee of the controller. The employee of the Dr. Sophia Wachner will arrange the rest­ric­tion of the proces­sing.

f) Right to data porta­bi­lity
Any person affected by the proces­sing of personal data has the right, granted by the European legis­lator, to receive the personal data concer­ning him or her, which he or she has provided to a controller, in a struc­tured, commonly used and machine-​readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the proces­sing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the proces­sing is carried out by auto­mated means, unless the proces­sing is neces­sary for the perfor­mance of a task carried out in the public inte­rest or in the exer­cise of offi­cial autho­rity vested in the controller.Furthermore, in exer­cising their right to data porta­bi­lity pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data trans­mitted directly from one controller to another, where tech­ni­cally feasible and provided that this does not adver­sely affect the rights and free­doms of others.In order to assert the right to data porta­bi­lity, the data subject may at any time contact any employee of the Dr. Sophia Wachner.

g) Right to object
Any person affected by the proces­sing of personal data has the right granted by the European legis­lator to object, on grounds rela­ting to his or her parti­cular situa­tion, at any time to proces­sing of personal data concer­ning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.The Dr. Sophia Wachner shall no longer process the personal data in the event of the objec­tion, unless we can demons­trate compel­ling legi­ti­mate grounds for the proces­sing which over­ride the inte­rests, rights and free­doms of the data subject, or for the estab­lish­ment, exer­cise or defense of legal claims.If the Dr. Sophia Wachner processes personal data for direct marke­ting purposes, the data subject shall have the right to object at any time to proces­sing of personal data concer­ning him or her for such marke­ting. This also applies to profiling to the extent that it is related to such direct marke­ting. If the data subject objects to the Dr. Sophia Wachner to the proces­sing for direct marke­ting purposes, the Dr. Sophia Wachner will no longer process the personal data for these purposes.In addi­tion, the data subject has the right, on grounds rela­ting to his or her parti­cular situa­tion, to object to proces­sing of personal data concer­ning him or her by the Dr. Sophia Wachner for scien­tific or histo­rical rese­arch purposes, or for statis­tical purposes pursuant to Article 89(1) of the GDPR, unless the proces­sing is neces­sary for the perfor­mance of a task carried out for reasons of public interest.In order to exer­cise the right to object, the data subject may contact any employee of the Dr. Sophia Wachner. In addi­tion, the data subject is free in the context of the use of infor­ma­tion society services, and notwi­th­stan­ding Directive 2002/​58/​EC, to use his or her right to object by auto­mated means using tech­nical speci­fi­ca­tions.

h) Automated decis­ions in indi­vi­dual cases inclu­ding profiling
Each data subject shall have the right granted by the European legis­lator not to be subject to a decision based solely on auto­mated proces­sing, inclu­ding profiling, which produces legal effects concer­ning him or her, or simi­larly signi­fi­cantly affects him or her, if the decision (1) is not neces­sary for ente­ring into, or perfor­mance of, a contract between the data subject and the controller, or (2) is autho­rized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safe­guard the data subject’s rights and free­doms and legi­ti­mate inte­rests, or (3) is based on the data subject’s explicit consent.If the decision (1) is neces­sary for ente­ring into, or the perfor­mance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the Dr. Sophia Wachner shall imple­ment suitable measures to safe­guard the data subject’s rights and free­doms and legi­ti­mate inte­rests, at least the right to obtain human inter­ven­tion on the part of the controller, to express his or her point of view and contest the decision.If the data subject wishes to exer­cise the rights concer­ning auto­mated indi­vi­dual decision-​making, he or she may, at any time, contact any employee of the controller.

i) Right to with­draw consent under data protec­tion law
Any person affected by the proces­sing of personal data has the right granted by the European legis­lator of direc­tives and regu­la­tions to revoke consent to the proces­sing of personal data at any time.If the data subject wishes to exer­cise the right to with­draw the consent, he or she may, at any time, contact any employee of the controller.

The controller has inte­grated the Google Analytics compo­nent (with anony­miza­tion func­tion) on this website. Google Analytics is a web analysis service. Web analysis is the coll­ec­tion, gathe­ring and evalua­tion of data about the beha­vior of visi­tors to websites. Among other things, a web analysis service coll­ects data about the website from which a data subject came to a website (so-​called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to opti­mize a website and for the cost-​benefit analysis of Internet adver­ti­sing. The opera­ting company of the Google Analytics compo­nent is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043–1351, USA. The data controller uses the addi­tion “_gat._anonymizeIp” for web analysis via Google Analytics. This addi­tion is used by Google to shorten and anony­mize the IP address of the data subject’s Internet connec­tion if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area. The purpose of the Google Analytics compo­nent is to analyze the flow of visi­tors to our website. Google uses the data and infor­ma­tion obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the acti­vi­ties on our website, and to provide other services related to the use of our website. Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the indi­vi­dual pages of this website is accessed, which is operated by the controller and on which a Google Analytics compo­nent has been inte­grated, the Internet browser on the infor­ma­tion tech­no­logy system of the data subject is auto­ma­ti­cally prompted by the respec­tive Google Analytics compo­nent to transmit data to Google for the purpose of online analysis. During the course of this tech­nical proce­dure, Google gains know­ledge of personal infor­ma­tion, such as the IP address of the data subject, which serves Google, inter alia, to under­stand the origin of visi­tors and clicks, and subse­quently create commis­sion sett­le­ments. The cookie is used to store personal infor­ma­tion, such as the access time, the loca­tion from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, inclu­ding the IP address of the Internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data coll­ected through the tech­nical process with third parties. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corre­spon­ding adjus­t­ment of the web browser used and thus perma­nently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject’s IT system. In addi­tion, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other soft­ware programs. Furthermore, the data subject has the option of objec­ting to and preven­ting the coll­ec­tion of data gene­rated by Google Analytics rela­ting to the use of this website and the proces­sing of this data by Google. To do this, the data subject must down­load and install a browser add-​on from the link https://tools.google.com/dlpage/gaoptout. This browser add-​on informs Google Analytics via JavaScript that no data and infor­ma­tion about visits to websites may be trans­mitted to Google Analytics. The instal­la­tion of the browser add-​on is considered an objec­tion by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-​on in order to deac­ti­vate Google Analytics. If the browser add-​on is unin­stalled or deac­ti­vated by the data subject or another person who is attri­bu­table to their sphere of control, it is possible to reinstall or reac­ti­vate the browser add-​on. Further infor­ma­tion and the appli­cable data protec­tion provi­sions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

The data controller has inte­grated Google AdWords on this website. Google AdWords is an Internet adver­ti­sing service that allows adver­ti­sers to place ads both in Google’s search engine results and in the Google adver­ti­sing network. Google AdWords allows an adver­tiser to specify certain keywords in advance, which are used to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-​relevant search result. In the Google adver­ti­sing network, the ads are distri­buted to rele­vant websites using an auto­matic algo­rithm and taking into account the previously defined keywords. The opera­ting company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043–1351, USA. The purpose of Google AdWords is to adver­tise our website by displaying interest-​relevant adver­ti­sing on the websites of third-​party compa­nies and in the search engine results of the Google search engine and by displaying third-​party adver­ti­sing on our website. If a data subject reaches our website via a Google ad, a so-​called conver­sion cookie is stored on the data subject’s IT system by Google. What cookies are has already been explained above. A conver­sion cookie loses its vali­dity after thirty days and is not used to iden­tify the data subject. If the cookie has not yet expired, the conver­sion cookie is used to track whether certain sub-​pages, such as the shop­ping cart from an online store system, have been accessed on our website. The conver­sion cookie enables both us and Google to track whether a data subject who has reached our website via an AdWords ad has gene­rated sales, i.e. completed or canceled a purchase. The data and infor­ma­tion coll­ected through the use of the conver­sion cookie is used by Google to compile visit statis­tics for our website. These visit statis­tics are in turn used by us to deter­mine the total number of users who were referred to us via AdWords ads, i.e. to deter­mine the success or failure of the respec­tive AdWords ad and to opti­mize our AdWords ads for the future. Neither our company nor other Google AdWords adver­ti­sers receive infor­ma­tion from Google that could be used to iden­tify the data subject. The conver­sion cookie is used to store personal infor­ma­tion, such as the websites visited by the data subject. Each time our website is visited, personal data, inclu­ding the IP address of the Internet connec­tion used by the data subject, is trans­mitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data coll­ected through the tech­nical process with third parties. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corre­spon­ding adjus­t­ment of the web browser used and thus perma­nently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conver­sion cookie on the data subject’s IT system. In addi­tion, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other soft­ware programs. Furthermore, the data subject has the option of objec­ting to interest-​based adver­ti­sing by Google. To do this, the data subject must call up the link www.google.de/settings/ads from each of the Internet brow­sers they use and make the desired settings there. Further infor­ma­tion and the appli­cable data protec­tion provi­sions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.

Art. 6 I lit. a GDPR serves our company as the legal basis for proces­sing opera­tions for which we obtain consent for a specific proces­sing purpose. If the proces­sing of personal data is neces­sary for the perfor­mance of a contract to which the data subject is party, as is the case, for example, when proces­sing opera­tions are neces­sary for the supply of goods or to provide any other service or conside­ra­tion, the proces­sing is based on Art. 6 I lit. b GDPR. The same applies to such proces­sing opera­tions that are neces­sary to carry out pre-​contractual measures, for example in cases of inqui­ries about our products or services. If our company is subject to a legal obli­ga­tion which requires the proces­sing of personal data, such as for the fulfill­ment of tax obli­ga­tions, the proces­sing is based on Art. 6 I lit. c GDPR. In rare cases, the proces­sing of personal data may become neces­sary in order to protect the vital inte­rests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insu­rance data or other vital infor­ma­tion would have to be passed on to a doctor, hospital or other third party. The proces­sing would then be based on Art. 6 I lit. d GDPR. Ultimately, proces­sing opera­tions could be based on Art. 6 I lit. f GDPR. Processing opera­tions that are not covered by any of the afore­men­tioned legal bases are based on this legal basis if the proces­sing is neces­sary to safe­guard a legi­ti­mate inte­rest of our company or a third party, provided that the inte­rests, funda­mental rights and free­doms of the data subject do not prevail. We are permitted to carry out such proces­sing opera­tions in parti­cular because they have been speci­fi­cally mentioned by the European legis­lator. In this respect, it took the view that a legi­ti­mate inte­rest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Where the proces­sing of personal data is based on Article 6 I lit. f GDPR, our legi­ti­mate inte­rest is the perfor­mance of our busi­ness acti­vi­ties for the benefit of the well-​being of all our employees and our share­hol­ders.

The criterion for the dura­tion of the storage of personal data is the respec­tive statu­tory reten­tion period. After this period has expired, the corre­spon­ding data is routi­nely deleted, provided that it is no longer required for contract fulfill­ment or contract initia­tion.

We would like to inform you that the provi­sion of personal data is partly required by law (e.g. tax regu­la­tions) or may also result from contrac­tual regu­la­tions (e.g. infor­ma­tion on the contrac­tual partner). Sometimes it may be neces­sary for a contract to be concluded for a data subject to provide us with personal data that must subse­quently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-​by-​case basis whether the provi­sion of the personal data is required by law or contract or is neces­sary for the conclu­sion of the contract, whether there is an obli­ga­tion to provide the personal data and what the conse­quences would be if the personal data were not provided.

As a respon­sible company, we do not use auto­mated decision-​making or profiling. This Privacy Policy has been gene­rated by the Privacy Policy Generator of the German Association for Data Protection that was deve­loped in coope­ra­tion with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.