Vitarights Innovations GmbH
1. DATA PROTECTION AT A GLANCE
General information
Hello and welcome to our beautiful website. Our privacy policy provides you with a simple overview of the type, scope and purpose of the collection and processing of personal data when visiting and using our website, the associated websites, functions and content as well as external online presentations.
Our privacy policy is based on terms used by the European General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG). You can view the corresponding definitions (Art. 4 GDPR) e.g. under https://dejure.org/gesetze/DSGVO/4.html.
Data collection on this website
Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the responsible body” in this privacy policy.
How do we collect your information?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time for this and other questions on the subject of data protection.
Analytics and third-party tools
When you visit this website, your surfing behaviour can be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. GENERAL INFORMATION AND MANDATORY INFORMATION
Privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.
Note on the responsible body
The person responsible for data processing on this website is:
Vitarights Innovations GmbH
Managing Directors: Zorica Ebach, Felix Stürken, Christian J. Carlen
Bussardweg 3
41468 Neuss
Tel.: +49 (0) 2131 387850
Fax: +49 (0) 2131 3878501
E-Mail: info@vitarights.de
The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Storage period
Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which the data is processed no longer applies. If you assert a justified request for erasure or revoke consent to data processing, your data will be deleted, unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons have ceased to exist.
General information on the legal basis of data processing on this website
If you have consented to data processing, we process your personal data based on Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information in your device (e.g. via device fingerprinting), data processing is also carried out based on Section 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation based on Art. 6 (1) (c) GDPR. Data processing may also be carried out based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this data protection declaration.
Data protection supervisor
We have appointed a data protection officer.
LIEBENSTEIN CONFIDENTIAL GmbH
Prof. Dr. jur. Hans-Hermann Dirksen
Eschersheimer Landstraße 351
60320 Frankfurt am Main
Telefon: +49 (0) 69 272 95 921
E-Mail: mail@liebenstein-confidential.de
Note on the transfer of data to third countries that are not secure in terms of data protection law and the transfer to US companies that are not DPF-certified
Among other things, we use tools from companies based in third countries that are not secure in terms of data protection law as well as US tools whose providers are not certified according to the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that in third countries that are uncertain in terms of data protection law, no level of data protection comparable to that of the EU can be guaranteed.
We would like to point out that the USA, as a safe third country, basically has a level of data protection comparable to that of the EU. Data transfer to the USA is permissible if the recipient has certification under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.
Recipients of personal data/order processing
As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transmit personal data to these external bodies. We only pass on personal data to external bodies if this is necessary in the context of the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure in accordance with Art. 6 (1) (f) GDPR or if another legal basis allows the data transfer.
When using processors, we only share our customers’ personal data based on a valid data processing agreement. If we commission third parties to process data based on a data processing agreement, this is done on the basis of Art. 28 GDPR. These are carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
In the case of joint processing, a contract for joint processing is concluded in accordance with Art. 26 GDPR.
3. YOUR RIGHTS
You have the following rights vis-à-vis us in relation to the personal data concerning you:
4. INFORMATION, CORRECTION AND DELETION
Within the framework of the applicable legal provisions, you have the right to free information at any time in accordance with Art. 15 GDPR about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to rectification or deletion of this data. According to legal requirements in Germany, storage is carried out in particular for 6 years in accordance with § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
You can contact us at any time for this and other questions on the subject of personal data.
5. RIGHT TO RESTRICTION OF PROCESSING
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, this data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
6. REVOCATION OF YOUR CONSENT TO DATA PROCESSING
Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out up to the time of revocation remains unaffected by the revocation.
7. RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AS WELL AS TO DIRECT MARKETING (ART. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
You can inform us of your objection using the following contact details:
Vitarights Innovations GmbH
Managing Directors: Zorica Ebach, Felix Stürken, Christian J. Carlen
Bussardweg 3
41468 Neuss
Tel.: +49 (0) 2131 387850
Fax: +49 (0) 2131 3878501
E-Mail: info@vitarights.de
8. RIGHT TO DATA PORTABILITY
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
9. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY
In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal exists without prejudice to other administrative or judicial remedies.
You can contact the state data protection officer responsible at:
The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI)
P.O. Box 20 04 44; 40102 Düsseldorf
Phone: +49 (0) 211 38424 – 0
Fax: +49 (0) 211 38424 – 999
Mail: poststelle@ldi.nrw.de
10. OBJECTION TO PROMOTIONAL EMAILS
The use of contact details published in the context of the imprint obligation for the sending of unsolicited advertising and information material is hereby contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.
11. DATA COLLECTION ON THIS WEBSITE
Cookies
Our websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them.
Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored based on Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be limited.
You can find out which cookies and services are used on this website in this privacy policy.
Consent with Real Cookie Banner
Our website uses the consent management tool Real Cookie Banner, offered by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. With the help of this tool, we inform you about the use of cookies and other technologies on our website and enable you to decide on their use.
When you visit our website, a cookie is set in which the consents you have given or the revocation of these consents are stored. This data will not be passed on to the provider of Real Cookie Banner.
The processing is carried out based on Art. 6 (1) (c) GDPR in order to obtain the legally required consents for the use of cookies.
For more information on data processing by Real Cookie Banner, please refer to devowl.io’s privacy policy: https://devowl.io/de/datenschutzerklaerung/
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
This data is not merged with other data sources.
This data is collected based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Contact
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is carried out based on Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to the storage or the purpose for which the data is stored no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is carried out based on Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
12. HOSTING UND CONTENT DELIVERY NETWORKS (CDN)
In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage and database services, as well as security services and technical maintenance services. We host the content of our website with the following provider:
ALL-INKL
The provider is ALL-INKL.COM – Neue Medien München, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as ALL-INKL).
Details can be found in the privacy policy of ALL-INKL: https://all-inkl.com/datenschutzinformationen.
The use of ALL-INKL is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
Order processing
We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
13. SOCIAL MEDIA
Social media elements with Shariff
This website uses elements of social media (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).
You can usually recognize the social media elements by the respective social media logos. To ensure data protection on this website, we only use these elements together with the so-called “Shariff” solution. This application prevents the social media elements integrated on this website from transmitting your personal data to the respective provider as soon as you first enter the page.
Only when you activate the respective social media element by clicking on the corresponding button will a direct connection to the provider’s server be established (consent). As soon as you activate the social media element, the respective provider receives the information that you have visited this website with your IP address. If you are logged in to your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to this website to your user account.
Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke this consent at any time with effect for the future.
The Service is used to obtain the consents required by law for the use of certain technologies. The legal basis for this is Art. 6 (1) (c) GDPR.
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thus receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate the visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) (a) GDPR and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website and forwarded to Facebook with the help of the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its disclosure to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert the rights of data subjects (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Functions of the Instagram service are integrated into this website. These features are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram will receive information about your visit to this website.
If you are logged in to your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) (a) GDPR and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of the data and its disclosure to Facebook or Instagram. The processing by Facebook or Instagram after the transfer is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook or Instagram tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of the Facebook and Instagram products. You can assert the rights of data subjects (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information, please see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Every time a page of this website that contains elements of LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn will be informed that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to this website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) (a) GDPR and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
For more information, please refer to LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.
14. ANALYTICS TOOLS AND ADVERTISING
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Furthermore, we can use Google Analytics to, among other things: Record your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on the handling of user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to verify whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data is carried out based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its websites from abusive automated spying and spam. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). In addition, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Elementor
To design and maintain our website, we use the page builder Elementor, a service of Elementor Ltd., Tuval St 40, Ramat Gan, 5126112, Israel. Elementor is a plugin for the WordPress content management system that allows us to create and display page content in a visual and user-friendly way.
Elementor itself usually does not process any personal data of website visitors. However, it may be technically necessary for certain content (e.g. fonts, scripts or layout components) to be loaded via external servers. Your IP address may be transmitted to the respective service provider.
Israel is considered a third country that is safe in terms of data protection within the meaning of the GDPR. The European Commission, by Decision of 31 January 2011 (2011/61/EU) and Implementing Decision of 16 December 2016 (2016/2295/EU), has determined that there is an adequate level of protection of personal data in Israel. You can find more information here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02011D0061-20161217
For more information about data processing by Elementor, please visit:
https://elementor.com/about/privacy/
15. PLUGINS AND TOOLS
Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is enabled, Google may use Google Fonts for the purpose of displaying fonts consistently. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Fonts (gstatic)
Our website uses so-called web fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts directly from the servers under fonts.gstatic.com in order to display texts and fonts correctly.
Your IP address is transmitted to Google. According to Google, there will be no merging with other Google services. The use of Google Fonts is based on our legitimate interest in a uniform and appealing presentation of our website in accordance with Art. 6 para. 1 lit. f GDPR.
Google processes data within the EU and, in exceptional cases, may transfer it to the parent company in the USA. Google relies on the EU Commission’s standard contractual clauses.
Further information can be found here: https://policies.google.com/privacy?hl=de
Use of our portal
If you want to use our portal, you must register by entering your e-mail address, a password of your choice and your freely selectable user name. There is no obligation to use a real name, pseudonymous use is possible. We use the so-called double opt-in procedure for registration, i.e. Your registration is only complete if you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm this within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory, all further information can be provided voluntarily by using our portal.
If you use our portal, we will store your data required for the performance of the contract, including information on the method of payment, until you permanently delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.
If you use the portal, your data may be accessible to other participants in the portal in accordance with the contractual performance. Non-registered members will not receive any information about you. Your [username and photo] will be visible to all registered members, regardless of whether you have shared them. On the other hand, your entire profile with the data you have shared is visible to all members you have confirmed as a personal contact. If you make content available to your personal contacts that you do not send by means of a private message, this content can be viewed by third parties if your personal contact has given permission. If you post posts in public groups, these are visible to all registered members of the portal.
In order to prevent unauthorized access to your personal data, especially financial data, by third parties, the connection is encrypted using TLS technology.
16. OWN SERVICES
Healthcare
We process the data of our patients and interested parties and other clients or contractual partners (uniformly referred to as “patients”) in order to be able to provide them with our services. The data processed, the type, scope, purpose and necessity of its processing are determined by the underlying contractual and patient relationship.
In the course of our activities, we may also process special categories of data, in particular information on the health of patients, possibly related to their sex life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. To this end, we obtain the express consent of the patients if necessary and otherwise process the special categories of data for the purposes of preventive health care or to protect the vital interests of the patients.
Insofar as it is necessary for the fulfilment of our contract, for the protection of vital interests or by law, or if the patient’s consent has been obtained, we disclose or transmit the client’s data to third parties or agents, such as authorities, medical facilities, laboratories, billing offices as well as in the field of IT, office or comparable services, in compliance with the professional requirements.
Special categories of personal data: health data (Art. 9 para. 1 GDPR), data on sex life or sexual orientation (Art. 9 para. 1 GDPR), religious or philosophical beliefs (Art. 9 para. 1 GDPR), data revealing racial and ethnic origin, biometric data (Art. 9 para. 1 GDPR), genetic data (Art. 9 para. 1 GDPR), political opinions.
Handling of applicant data
We offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in the strictest confidence.
Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given consent – Art. 6 (1) (a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data you submit will be stored in our data processing systems based on Section 26 of the Federal Data Protection Act (BDSG) and Article 6 (1) (b) of the GDPR for the purpose of carrying out the employment relationship.
Data retention period
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you provide based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for the purpose of providing evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an imminent or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations preclude deletion.
Inclusion in the applicant pool
If we do not make you a job offer, there may be the possibility of including you in our applicant pool. In the event of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Admission to the applicant pool is based exclusively on your explicit consent (Art. 6 para. 1 lit. a GDPR). The submission of consent is voluntary and has no relation to the ongoing application process. The data subject can revoke his consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal retention reasons.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.
Up-to-dateness and modification of this privacy policy
This privacy policy is currently valid and has the status of April 2025.
Due to the further development of our website and offers via it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current privacy policy at any time on the website at https://luxood.com/en/privacy-policy/.