Privacy Policy.

Privacy Policy.

Introduction

With the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process, for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer") ).

The terms used are not gender specific.

Stand: 1. September 2022

Contents

Responsible

Bjoern Habegger, Buchentalstr. 4, 97816 Lohr am MainEmail address: 

info@autohub.de

Overview of the processing

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

Types of processed data

  • inventory data.
  • payment details.
  • Contact details.
  • content data.
  • contract data.
  • usage data.
  • Meta/Communication Data.

Categories of affected persons

  • Customers.
  • Interested persons.
  • Communication partner.
  • user.
  • Business and contractor.

Purposes of processing

  • Provision of contractual services and customer service.
  • Contact requests and communication.
  • Safety measures.
  • range measurement.
  • tracking.
  • Office and organizational procedures.
  • Affiliate tracking.
  • Management and answering of inquiries.
  • Firewall.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Providing our online offer and user-friendliness.
  • information technology infrastructure.

Relevant legal basics

Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
  • Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - The processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Safety measures

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different probabilities of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.

TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (ie, outside the European Union (EU), the European Economic Area (EEA)) or processing in the context of the use of third party services or the disclosure or transfer of data to other persons, entities or companies takes place, this is done only in accordance with the legal requirements. 

Subject to express consent or contractually or legally required transmission, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as your consent to processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other, legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. 

Our data protection information may also contain further information on the storage and deletion of data, which have priority for the respective processing.

Use of cookies

Cookies are small text files or other memory notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the content of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and comfort of online offers as well as the creation of analyzes of visitor flows. 

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except where not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the users with a telemedia service (i.e. our online offer) that they have expressly requested. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on data protection legal bases: The data protection legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for their consent. If the users consent, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to enable our to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage time: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.

General information on revocation and opposition (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 DSGVO. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (which can also limit the functionality of our online services). You can also object to the use of cookies for online marketing purposes via the websites https://optout.aboutads.info  and https://www.youronlinechoices.com/ be explained.

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a procedure for cookie consent management, in the context of which the consent of the user to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure is obtained and managed and revoked by the user can become. The declaration of consent is stored here so that the query does not have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of the consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and end device used.

Business Achievements

We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries answer.

We process this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the case of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of the administrative tasks associated with these obligations and the corporate organization. In addition, we process the data on the basis of our legitimate interests in proper and economical business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of the applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

Which data for the aforementioned purposes are necessary, we inform the contracting parties before or in the context of the data collection, eg in on-line forms, by special marking (eg colors) and / or symbols (eg asterisk), or in person with.

We delete the data after statutory warranty and comparable obligations have expired, ie, in principle after 4 years, unless the data is stored in a customer account, e.g. for as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law and for trading books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents and accounting documents required to understand these documents, and six years for received commercial and business letters and reproductions of the commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were drawn up, the commercial or business letter was received or sent or the accounting document was created, and the recording was also made has been made or the other documents have been created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers. 

  • Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); Contact information (e.g. email, phone numbers); Contract data (e.g. subject of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Customers; Interested persons; business and contractual partners.
  • Purposes of processing: Provision of contractual services and customer service; Safety measures; contact requests and communication; office and organizational procedures; Management and response to inquiries.
  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Customer account: Contractual partners can create an account within our online offer (e.g. customer or user account, “customer account” for short). If it is necessary to register a customer account, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent registrations and uses of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove the registration and to prevent any misuse of the customer account. If customers have terminated their customer account, the data relating to the customer account will be deleted, subject to their retention being required for legal reasons. Customers are responsible for backing up their data upon termination of the customer account; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
  • Agency Services: We process our customers' data as part of our contractual services, which may include, for example, conceptual and strategic advice, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services ; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
  • Artistic and literary achievements: We process the data of our clients in order to enable them to select, purchase or commission the selected services or works and related activities as well as their payment and delivery or execution or provision. The required information is marked as such within the framework of the contract, order or comparable contract and includes the information required for delivery and billing as well as contact information in order to be able to hold any consultations; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).

Provision of the online offer and web hosting

We process user data in order to be able to provide our online services to them. For this purpose we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the end device of the user.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Content data (e.g. entries in online forms).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Safety measures; firewall.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web hoster") or obtain otherwise; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
  • Email delivery and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the e-mail dispatch (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent in encrypted form on the Internet. As a rule, e-mails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of the e-mails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://wordpress.comDatenschutzerklärung: https://automattic.com/de/privacy/Order processing contract:https://wordpress.com/support/data-processing-agreements/.
  • Wordfence: firewall and security and error detection functions; Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.wordfence.comDatenschutzerklärung: https://www.wordfence.com/privacy-policy/Standard contractual clauses (ensuring the level of data protection when processing in third countries):https://www.wordfence.com/standard-contractual-clauses/.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). The reader's data are only processed for the purposes of the publication medium to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. We also refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

  • Processed data types: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Contract data (e.g. subject of the contract, term, customer category).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness; Safety measures; contact requests and communication; Management and response to inquiries.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

  • Comments and contributions: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author. Furthermore, we reserve the right to process user information for the purpose of spam detection on the basis of our legitimate interests. On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the survey and to use cookies to avoid multiple votes. The personal information provided in the comments and posts, any contact and website information as well as the content will be stored by us permanently until the user objects; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Comment subscriptions: The follow-up comments can be subscribed to by users with their consent. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on the cancellation options. For the purpose of proving the user's consent, we store the time of registration along with the IP address of the user and delete this information if the user unsubscribes from the subscription. You can cancel receiving our subscription at any time, ie revoke your consent. We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
  • Retrieving WordPress emojis and milies: Retrieval of WordPress emojis and smilies – Within our WordPress blog, graphic emojis (or smilies), which are small graphic files that express feelings, are used for the purpose of efficiently integrating content elements, obtained from external servers. The server providers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to the users' browsers; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://automattic.comDatenschutzerklärung: https://automattic.com/privacy.
  • Akismet Anti-Spam Check: Akismet Anti-Spam Checking - We use the Akismet service based on our legitimate interests. With the help of Akismet, comments from real people are distinguished from spam comments. For this purpose, all comment information is sent to a server in the USA, where it is analyzed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored beyond this time. This information includes the name entered, the e-mail address, the IP address, the content of the comment, the referrer, information about the browser used and the computer system and the time of the entry. Users are welcome to use pseudonyms or not to enter their name or email address. You can completely prevent the transfer of data by not using our comment system. That would be a shame, but unfortunately we don't see any alternatives that work just as effectively; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://automattic.comDatenschutzerklärung: https://automattic.com/privacy.
  • UpdraftPlus: backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St Neots, Cambs., PE19 1LW, UK; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://updraftplus.com/Datenschutzerklärung: https://updraftplus.com/data-protection-and-privacy-centre/.

Contact and request management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) and in the context of existing user and business relationships, the details of the requesting person are processed to the extent necessary to answer the contact request and any requested measures.

The answering of the contact inquiries as well as the management of contact and inquiry data within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of the legitimate interests in answering the inquiries and maintenance of User or Business Relationships.

  • Processed data types: Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Communication partner.
  • Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness; Provision of contractual services and customer service.
  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context to process the communicated request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment and otherwise on the basis of our legitimate interests and the interests of the communication partners in answering the concerns and our legal storage obligations; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Web analysis, monitoring and optimization

The web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at what time our online offer or its functions or content are used most often or invite you to reuse. We can also understand which areas need optimization. 

In addition to the web analysis, we can also use test methods, for example, to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles, ie data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have given their consent to us or the providers of the services we use to collect their location data, location data can also be processed.

It also stores the IP addresses of the users. However, we use an IP masking method (ie, pseudonymization by truncating the IP address) to protect users. In general, in the context of web analysis, A / B-testing and optimization, no clear data of users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Range measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Tracking (e.g. interest/behavioural profiling, use of cookies); Provision of our online offer and user-friendliness.
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

Online marketing

We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness. 

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used, by means of which the user information relevant for the presentation of the aforementioned content is stored. This information can include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (ie pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing process do not know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar procedures. These cookies can later generally also on other websites that use the same online marketing method, read and analyzed for purposes of displaying content as well as be supplemented with other data and stored on the server of the online marketing process provider.

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.

In principle, we only have access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can examine which of our online marketing methods led to a so-called conversion, ie, for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing efforts.

Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Range measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioural profiling, use of cookies); Marketing; Profiles with user-related information (creating user profiles).
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Opposition possibility (opt-out): We refer to the data protection notices of the respective providers and the options for objection specified for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you can switch off cookies in your browser settings. However, this can limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu, b) Canada: https://www.youradchoices.ca/choices, c) USA: https://www.aboutads.info/choices, d) Territorial: https://optout.aboutads.info.

Affiliate Programs and Affiliate Links

We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third parties in our online offer (collectively referred to as “affiliate links”). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to be able to track whether the users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party providers to know that the users have followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business transactions or to other actions (e.g. purchases) serves solely the purpose of the commission statement and is canceled as soon as it is no longer required for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented by certain values ​​that are part of the link or otherwise, eg in a cookie, can be stored. The values ​​may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online user ID.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users' data will be processed based on our legitimate interests (ie interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Contract data (e.g. subject of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Affiliate tracking.
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Presence in social networks (social media)

We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example.

Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of the user behavior and resulting user interests. The usage profiles can in turn be used, for example, to switch advertisements inside and outside the networks that are supposed to correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of opting out (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.

  • Processed data types: Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.instagram.comDatenschutzerklärung: https://instagram.com/about/legal/privacy.
  • Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things Done and Provided by You and Others” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook data policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to site operators so that they can gain insights into how people are using their Pages and interact with the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information", https://www.facebook.com/legal/terms/page_controller_addendum), in which it is regulated in particular which security measures Facebook must observe and in which Facebook has declared its willingness to fulfill the rights of the data subject (ie users can, for example, send information or requests for deletion directly to Facebook). The rights of users (in particular to information, deletion, objection and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. For more information, see “About Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.facebook.comDatenschutzerklärung:https://www.facebook.com/about/privacyStandard contractual clauses (ensuring the level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendumFurther information: Agreement of joint responsibility: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, an EU based company. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://www.linkedin.comDatenschutzerklärung: https://www.linkedin.com/legal/privacy-policyOrder processing contract: https://legal.linkedin.com/dpaStandard contractual clauses (ensuring the level of data protection when processing in third countries): https://legal.linkedin.com/dpaOpposition possibility (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Datenschutzerklärung: https://twitter.com/privacy, (settings: https://twitter.com/personalization).

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information on the browser and operating system, the websites to be referred to, the time of visit and other information on the use of our online offer, as well as being linked to information from other sources.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms).
  • Affected people: Users (eg website visitors, users of online services).
  • Purposes of processing: Providing our online offer and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Google Fonts (obtained from Google Server): Obtaining fonts (and symbols) for the purpose of technically safe, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform representation and consideration of possible license restrictions. The provider of the fonts is informed of the IP address of the user so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted that are necessary for the provision of the fonts depending on the devices used and the technical environment; Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/Datenschutzerklärung:https://policies.google.com/privacy.
  • YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.youtube.comDatenschutzerklärung: https://policies.google.com/privacyOpposition possibility (opt-out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://adssettings.google.com/authenticated.

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will inform you as soon as the changes require your participation (eg consent) or other individual notification.

Sofern wir in dieser Datenschutzerklärung Adressen und Kontaktinformationen von Unternehmen und Organization in angeben, bitten wir zu beachten, dass die Adressen sich über die Zeit ändern können und bitten die Angaben vor Kontaktaufnahme zu prüfen.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
  • Withdrawal with consent: You have the right to revoke your consent at any time.
  • Right: You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
  • Right to cancellation and limitation of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately, or alternatively to demand a restriction of the processing of data in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive data relating to you provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is contrary to the Violates the requirements of the GDPR.

definitions

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are intended above all to aid understanding. The terms are sorted alphabetically.

  • Affiliate tracking: As part of affiliate tracking, links that the linking websites use to direct users to websites that offer products or other services are logged. The operators of the linked websites can receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g. buy goods or use services). To do this, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. It is therefore necessary for affiliate links to work that they are supplemented with certain values ​​that become part of the link or are stored in some other way, e.g. in a cookie. The values ​​include in particular the source website (referrer), the time, an online ID of the operator of the website on which the affiliate link was located, an online ID of the respective offer, an online ID of the user and tracking-specific values , such as advertising media ID, partner ID and categorizations 
  • Firewall: A firewall is a security system that protects a computer network or an individual computer from unwanted network access. 
  • Personal data: "Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data that consists of using this personal data to identify certain personal aspects that relate to a natural person (depending on Depending on the type of profile formation, different information regarding demographics, behavior and interests, such as the interaction with websites and their content, etc.) can be analyzed, evaluated or in order to predict them (e.g. the interests in certain content or products, the Click behavior on a website or the whereabouts). Cookies and web beacons are often used for profiling purposes. 
  • Audience measurement: The range measurement (also known as web analytics) serves to evaluate the flow of visitors to an online offer and may include the behavior or interests of visitors to certain information, such as content of websites. With the help of the range analysis, website owners can recognize, for example, at what time visitors visit their website and what content they are interested in. As a result, they can, for example, better adapt the contents of the website to the needs of their visitors. For purposes of reach analysis, pseudonymous cookies and web beacons are often used to detect returning visitors for more accurate analysis of how to use an online offer. 
  • Tracking: One speaks of "tracking" when the behavior of users can be traced across several online offers. As a rule, behavioral and interest information with regard to the online offers used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to correspond to their interests. 
  • Responsible: The "liability holder" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. 
  • Processing: “Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data. The term goes far and includes practically every handling of data, be it the collection, the evaluation, the storage, the transmission or the deletion. 
Legal text of Dr. med. Swivel - please click for more information.