With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under the Data Protection Act. Personal data will only be processed if the data subject has given his consent, if this is necessary for the performance of a contract, or if the EU General Data Protection Regulation (DSGVO) or another law permits or requires processing.
- Who is responsible for data processing and who can I contact?
Responsible acc. Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is
Waldheim International GmbH
You can reach our data protection officer under
Waldheim International GmbH
Data Protection Officer
- Which sources and data do we use?
We process personal data that we receive from our customers or other affected parties as part of our business relationship for the preparation of appointments and for the organization of assisted living through other care facilities (hereinafter also referred to as “partners”). In addition, we process – to the extent necessary for the provision of our service – personal data that we legitimately gain from publicly available sources (press, Internet) or which are transmitted to us by other third parties.
Relevant personal information is personal information (name, address and other contact information, date and place of birth) or credentials (such as identity card information). In addition, this can also include order data (eg for the preparation of a consultation appointment), data from the fulfillment of our contractual obligations (eg billing data in the context of billing), information about your health situation (diseases or complaints as well as treatments or examinations), documentation data (eg discussion log , Advertising and sales data) as well as other data comparable to the mentioned categories.
In detail, we process the following personal data:
a) When visiting the website waldheim-international.com
In the case of the informational use of the website, ie if you do not provide us with any information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 (1) sentence 1 lit. GDPR):
- IP address
- Date and time of the request
- Time Zone Difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
This website uses the following types of cookies, the scope and operation of which are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser setting according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site.
b) Using our services
To use our services, you must provide other personal information that we use in order to provide the service and for which the aforementioned data processing principles apply.
Furthermore, we can pass on your personal data to third parties if contracts or similar services are offered by us together with partners. For more information, please refer to your personal data.
As far as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this fact in the description of the offer.
- What do we use to process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)
a) for the fulfillment of contractual obligations (Article 6 (1) (b) GDPR)
The processing of data is carried out to provide counseling, to carry out pre-contractual actions (for example, consultation), which are made on request. The purposes of data processing are primarily based on the specific service requested and may include, but are not limited to, advice, support and the provision of appropriate services.
b) in the context of the balance of interests (Article 6 (1) (f) GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties.
- Ensuring the IT security and IT operation of our company,
- Asserting legal claims and defense in legal disputes,
- Prevention and investigation of criminal offenses,
- Advertising or market research as far as you have not objected to the use of your data,
- Measures for business management and further development of services and products.
c) based on your consent (Article 6 (1) a GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (eg evaluation of data for marketing purposes, newsletter delivery), the legality of this processing is based on your consent. The processing of special categories of personal data within the meaning of Art. 9 GDPR such as health data also takes place only and exclusively on the basis of your consent.
A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us before the validity of the GDPR, ie before 25 May 2018. The revocation of consent is only effective for the future and does not affect the legality of the data processed until the revocation.
- Who receives my data?
Within our company, those areas have access to your data, which they need to fulfill our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes if they in particular uphold the confidentiality and special sensitivity of the data.
You therefore agree that we transfer your data for the purpose of independent consultation, information or customer service through cooperation partners to third parties, process and use as well as contact you for this purpose and for the purposes stated above by e-mail or phone / SMS.
With regard to the data transfer to recipients outside of our company, it should first be noted that we only pass on information about you if statutory provisions require or you have given your consent.
Under these conditions, recipients of personal data, can be for example:
- Partner houses and partner clinics,
- Service providers we use in the context of assignment processing.
Other data recipients may be those for whom you have given us your consent to submit the data or to whom we have the authority to transfer personal information due to weighing of interests.
- Is data transmitted to a third country or an international organization?
A transfer of data to places in countries outside the European Union takes place, as far as
- it is required by law (e.g. tax reporting obligations) or
- you have given us your consent.
- How long will my data be stored?
- Fulfillment of commercial and tax retention obligations, e.g. can result from the Commercial Code (HGB) or the Tax Code (AO),
- Preservation of evidence within the statutory limitation period. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period amounts to 3 years.
- Which data protection rights do I have?
Every affected person has the right to information according to Art. 15 GDPR, the right of correction according to Art. 16 GDPR, the right to cancellation according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right of opposition according to Art. 21 DSGVO and the right of data transferability according to Art. 20 GDPR.
With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us before the validity of the GDPR, i.e. before 25 June 2019. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
- Is there an obligation for me to provide data?
As part of our business relationship, you must provide the personal information necessary to initiate, conduct and terminate a business relationship and to perform the related contractual obligations, or that we are required to collect by law. Without this data, we will generally be unable to conclude, execute and terminate a contract with you.
- To what extent is there an automated decision-making process?
For the establishment and implementation of the business relationship, we do not use fully automated decision-making pursuant to Art. 22 GDPR.
- Is profiling taking place?
We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
- Web analytics services
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.
The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed shortened, a person-relatedness can thus be excluded. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.
- Use of social media plug-ins
We are currently using the following social media plug-ins: Facebook, Google+.
We use the so-called two-click solution. In other words, when you visit our site, initially no personal data is passed on to the providers of the plug-ins. The provider of the plug-in can be recognized by the marking on the box above the first letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the highlighted field and activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, the under no. 2 a) of this declaration. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies before clicking on the greyed box via the security settings of your browser.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purpose of processing, the retention periods. We also have no information to delete the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise this. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user.
The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and z. For example, if you link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.
For more information on the purpose and scope of the data collection and how it is processed by the plug-in provider, please refer to the privacy statements of these providers provided below. There you will also find further information about your rights and settings options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Information about your right of objection according to Art. 21 GDPR
You have the right, at any time and for reasons arising from your particular situation, to prevent the processing of personal data relating to you pursuant to Article 6 (1) (e) GDPR (Data Processing in the Public Interest) and Article 6 (1) (f) GDPR (Data Processing based on weighing of interests).
If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Right to object to the processing of data for direct marketing purposes.
In individual cases, we process your personal data in order to operate direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, as far as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Recipient of an objection
The objection can be form-free with the subject “objection” stating your name and address and should be addressed to:
Waldheim International GmbH
Valid as of: 23. June 2019