As the operator of this website and of linked sub-pages, we as the controller take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.
I. Who we are:
The controller within the meaning of the EU General Data Protection Regulation (GDPR), other national data protection legislation of the Member States and sundry data protection regulations is:
LipoClinic Dr. Heck GmbH Zeppelinstr. 321 45470 Mühlheim an der Ruhr Tel.: +49 208 444 759-81 E-Mail: info@lipo.clinic
If you have any questions about the issue of data protection, please feel free to contact our Data Protection Officer, Mr Matthias Klagge:
Matthias Klagge TIGGES DCO GmbH Zollhof 8 40221 Düsseldorf Deutschland Tel.: 0211 81 99 82 0 E-Mail: mk@tigges-dco.de Website: www.tigges-dco.de
II. What data do we collect from you, and how do we use them?
1. Scope of the processing of personal data
Generally, we process personal data of our users only to the extent that this is necessary for the provision of a functional website and of our content and services. Personal data of our users are normally only processed with the consent of the user. An exception applies in those cases where practical reasons make it impossible for us to obtain your prior consent, or processing of the data is allowed by law.
2. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for the processing of personal data, the legal basis for doing so is point (a) of Art. 6(1) of the EU General Data Protection Regulation (GDPR).
Point (b) of Art. 6(1) GDPR serves as the legal basis for the processing of personal data that are required for the performance of a contract to which the data subject is a party. This also applies for processing operations that are necessary in order to take steps prior to entering into a contract.
Where processing is necessary for the purposes of a legitimate interest pursued by us or a third party, and if your interests, basic rights or basic freedoms do not override the former interest, the legal basis for the processing is point (f) of Art. 6(1) GDPR.
3. Erasure of data and duration of storage
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. They may be stored for longer if this has been provided for by European or national regulators in Union regulations, laws or other provisions to which the controller is subject. The data will also be erased or blocked when a time limit for storage specified by one of the above standards expires, unless it is necessary to continue storing the data in order to enter into or perform a contract.
III. How can we provide the website?
1. Description and extent of data processing
Every time our website is accessed, our system automatically records data and information from the system of the accessing computer.
The following data are collected:
information about the browser type and version used
the user’s operating system
the user’s internet service provider
the user’s IP address
the date and time of access
the host name of the accessing computer
websites from which the user’s system gains access to our website
websites accessed by the user’s system via our website
The data will likewise be stored in the log files of our system. These data will not be stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is point (f) of Art. 6(1) GDPR.
3. Purpose of data processing
The system has to store the IP address temporarily in order to enable the website to be delivered to the user’s computer. This requires the user’s IP address to be stored for the duration of the session.
Data are stored in log files in order to ensure the functionality of the website. We also use the data to technically optimise the website and to ensure the security of our IT systems. The data will not be analysed for marketing purposes in this regard.
These purposes also constitute a legitimate interest of ours in the processing of personal data pursuant to point (f) of Art. 6(1) GDPR.
4. Duration of storage
The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. Where the data are collected for the purpose of providing the website, this is the case when the respective session ends.
Where data are stored in log files, this will be the case after not more than seven days. It is possible for them to be stored for longer, in which case the users’ IP addresses will be erased or anonymised so that the IP address can no longer be associated with the respective client.
5. Possibility of objection and removal
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing. Please note, however, that if you object successfully, we will be unable to continue delivering this website to you.
IV. What first-party cookies do we use?
1. Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored either in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s device. This cookie contains a distinct character string that allows unique identification of the browser the next time the website is accessed.
We install cookies in order to make our website work properly. Some elements of our website require the accessing device to be identifiable after a change of page as well.
The following data are stored and transmitted in the cookie:
language settings
items in a shopping cart
Login information
On our website we also use cookies that enable user’s browsing patterns to be analysed.
The following data can be stored and transmitted in this way:
search terms entered
frequency of page views
use of website functions
On this website the Elementor cookie is used for this purpose. Further information can be found in our Cookie Policy at: Cookie Policy (EU)
2. Legal basis for data processing
The legal basis justifying the setting of technically necessary cookies is section 25 (2) no. 2 German Telecommunications and Telemedia Data Protection Act (TTDSG). The legal basis for the processing of the personal data obtained thereby is point (f) of Art. 6(1) GDPR.
The legal basis for the setting of non-essential cookies and the processing of the personal data obtained thereby is your consent granted under section 25 (1) TTDSG and point (a) of Art. 6(1) GDPR.
3. Purpose of data processing
The purpose of the technically necessary cookies is to enable users to access the website. Some basic functions of our website cannot be offered without the installation of the necessary cookies. These pages require the accessing device to be identified even after a change of page.
Storage of the consent status for cookies
Adopting language settings
Login information
The user data collected via technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to determine how the website is used, so that we can constantly optimise what we offer. Further information can be found under tab VI “Third-party cookies and tracking tools”.
4. Duration of storage
On this website we (also) use what are known as persistent cookies. These are stored on your device and can be deleted in your browser at any time.
5. Possibility of objection and removal
You as the user have full control over the use of cookies. You can disable or restrict the storage of cookies by making the corresponding settings in your internet browser. Cookies that are already stored can be deleted at any time. This can also be done automatically.
You can also withdraw at any time with effect for the future any consent already given to the processing of data collected using the cookies. This does not affect the lawfulness of the data processing prior to withdrawal.
If cookies for our website are disabled, you may no longer be able to make full use of all the functions of the website.
V. What other analysis tools do we use?
Google Analytics
1. Description and extent of data processing
If you have given your consent, Google Analytics, a web analysis service of Google LLC. (“Google”), will be used on this website. Google Analytics uses cookies, which are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there.
This website uses Google Analytics with the extension “anonymizeIp()”. It allows IP addresses to be processed in an abbreviated form that prevents them being traced back to any particular person. If the data collected about you contain any reference to you personally, therefore, they will be excluded immediately and the personal data will then be erased at once.
We have concluded a data processing contract with Google and are fully compliant with the strict requirements of the German data protection authorities in our use of Google Analytics.
Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/de.html, Privacy Principles: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.de/intl/de/policies/privacy.
2. Legal basis for data processing
The legal basis for the setting of the Google Analytics cookie and the processing of the personal data obtained thereby is your consent granted under section 25(1) TTDSG and point (a) of Art. 6(1) GDPR. Consent will be obtained by asking for your consent to the setting of cookies.
3. Purpose of data processing
Google will use this information on our behalf to compile reports on the website activities and to provide additional services to us as the website operator in connection with the use of the website and the internet. We use Google Analytics in order to analyse the use of our website and keep improving it. The statistics obtained enable us to improve what we offer and make it more interesting for users. The IP address transmitted by your browser as part of Google Analytics is not associated with other Google data.
4. Duration of storage
The data sent by us and linked with cookies will be erased automatically after 14 months. The erasure of data which have reached this retention limit takes place automatically once a month. The cookies we have set will expire on your device after 2 years at the latest.
5. Possibility of objection and removal
There are several ways of objecting to or preventing your data from being recorded by Google Analytics:
Opt-out cookie: Set an opt-out cookie that prevents your data from being recorded on future visits to this website. To do so, use the following link: Disable Google Analytics. More information about how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .
You can also prevent your data from being recorded by not giving consent to cookies for marketing purposes when consenting to other cookies. If you have already given consent, you can withdraw this at any time. You can also prevent Google from recording the data relating to your use of the website that are generated by the cookie (including your IP address) and from processing these data by downloading and installing the browser plugin available on the following link: http://tools.google.com/dlpage/gaoptout?hl=de .
Google Ads
1. Description and extent of data processing
If you reach our website through a Google advertisement, Google Ads will store a cookie on your PC. In addition to this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wants to be contacted) are stored for the purpose of analysis. These cookies enable Google to recognise your web browser again. If a user visits certain pages of the website of an Ads customer and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was forwarded to this page. Each Ads customer is assigned a different cookie. This means that cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the advertising set out above. Google only provides us with statistical analyses. We can determine from these analyses which of the advertisements used are particularly effective. We do not receive any further data from the use of the advertisements, and in particular we are unable to identify the user from this information. The marketing tools used enable your browser to automatically establish a direct connection with the Google server. We do not have any influence on the extent and the further use of the data that are collected by Google through the use of this tool. We therefore provide the following information to the best of our knowledge: The incorporation of Ads gives Google the information that you have accessed the corresponding part of our website or have clicked on an advertisement of ours. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out your IP address and store it.
2. Legal basis for data processing
The legal basis for the setting of the Google Analytics cookie and the processing of the personal data obtained thereby is your consent granted under section 25(1) TTDSG and point (a) of Art. 6(1) GDPR. Consent will be obtained by asking for your consent to the setting of cookies.
3. Purpose of data processing
By setting these cookies, we can monitor the effectiveness of individual advertising measures. Our aims in doing so are to only show you the advertising that you are interested in, make our website more interesting and obtain a reasonable calculation of advertising costs.
4. Duration of storage
The data sent by us and linked with cookies will be erased automatically after one month. The erasure of data which have reached this retention limit takes place automatically once a month. You can delete the persistent cookie in your browser at any time.
5. Possibility of objection and removal
You can prevent participation in this tracking process in a number of different ways:
by making the corresponding setting in your browser software, in particular suppressing third-party cookies so that you do not receive any advertisements from third-party providers;
by disabling the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked (see www.google.de/settings/ads ), although this setting will be deleted if you delete your cookies;
by disabling the interest-related advertisements of providers which are part of the “About Ads” self-regulation campaign using the link www.aboutads.info/choices , although this setting will be deleted if you delete your cookies.
by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers using the link http://www.google.com/settings/ads/plugin .
Meta-Pixel
1. Description and extent of data processing
On our website we also use what are known as tracking pixels. These are small graphics which enable log files to be recorded and analysed and which are used for statistical purposes. The tracking pixels write information to the cookie file in your browser when you visit the website.
Our website uses the visitor action pixel from Facebook for conversion measurement. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the recorded data are also transmitted to the USA and other third countries. In that regard we refer to the statements in section XI.
The collected data are anonymous for us as operator of this website; we cannot draw any inferences about the identity of the users. However, the data are stored and processed by Facebook, so it is possible to associated them with the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with the Facebook privacy policy. This enables Facebook to deliver advertisements on Facebook pages and outside Facebook. We as site operator cannot influence this use of the data.
Further information about the protection of your privacy can be found in Facebook’s data privacy policy: https://de-de.facebook.com/about/privacy/ .
2. Legal basis for data processing
The legal basis for the setting of the Google Analytics cookie and the processing of the personal data obtained thereby is your consent granted under section 25(1) TTDSG and point (a) of Art. 6(1) GDPR. Consent will be obtained by asking for your consent to the setting of cookies.
3. Purpose of data processing
The use of the Facebook pixel allows the behaviour of visitors to the site to be tracked after they have been forwarded to the provider’s website by clicking on a Facebook advertisement. The effectiveness of the Facebook advertisements can then be analysed for statistical and market research purposes so that future advertising measures can be optimised.
4. Duration of storage
You can delete the pixels in your browser at any time.
5. Possibility of objection and removal
You can also disable the “Custom Audiences” remarketing function in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . You must log in to Facebook in order to do so.
If you do not have a Facebook account, you can disable use-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/ .
VI. How do we process your data on social media?
Facebook fan page
1. Description and extent of data processing
Under case law of the European Court of Justice, we have joint responsibility within the meaning of data protection law with Meta Platform Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Meta) for the processing of personal data that are collected on a visit to our Facebook page.
If you visit our profile page, Meta will automatically collect personal data about you as a visitor to the page. We are unable to influence this. Further information about data collection by Meta can be found in Meta’s privacy policy:
https://www.facebook.com/privacy/explanation.
Meta makes various anonymised statistics concerning visitors to our profile page available to us in the form of what are known as page insights. We have no influence on the compilation of this information. In particular, we cannot stop it being collected and processed by Meta. For a selectable period as well as for each of the categories of fans, followers, people reached and people engaging, Meta provides us with the following anonymised data regarding our profile page:
Total number of page accesses, “like” information, page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin by country and city, language, hits and clicks in the shop, clicks on the route planner, clicks on telephone numbers. Further information regarding page insights can be obtained from the corresponding Meta website: https://www.facebook.com/business/a/page/page-insights
The mutual obligations relating to the joint responsibility are set out in the “Page Insights Controller Addendum” https://www.facebook.com/legal/terms/page_controller_addendum .
Therein Meta assumes primary responsibility within the meaning of the GDPR for the processing of insights data and states that it will fulfil all obligations under the GDPR in respect of the processing of insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Only Meta can make and implement decisions concerning the processing of insights data. Since Meta has sole discretion in deciding how it will fulfil its obligations under this agreement, we do not have any influence on the fulfilment of Meta’s data privacy obligations. Should we receive enquiries in connection with the insights data, we are obliged to forward all relevant information on to Meta.
2. Legal basis for data processing
The data processing is based on a legitimate interest of ours within the meaning of point (f) of Art. 6(1) GDPR.
3. Purpose of data processing
We use this information in order to make our profile page and the content shown on it more attractive for visitors to our profile page.
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing. On the basis of the agreement between Meta and us mentioned in number 1, please send any objection direct to Meta. If you send us the objection, we will pass it on to Meta.
Instagram fan page
1. Description and extent of data processing
Under case law of the European Court of Justice, we have joint responsibility within the meaning of data protection law with Meta Platform Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Meta) for the processing of personal data that are collected on a visit to our Instagram fan pages.
If you visit our Instagram fan pages, Meta will automatically collect personal data about you as a visitor to the respective fan page without our being able to influence this. Further information about data collection by Meta can be found in Instagram’s Privacy Policy .
Meta makes various anonymised statistics concerning visitors to our Instagram fan pages available to us in the form of what are known as page insights. We have no influence on the compilation of this information. In particular, we cannot stop it being collected and processed by Meta. For a selectable period, Meta provides us with the following information in anonymised form regarding our respective fan pages:
Activity : Insights for our profiles, including interactions (such as profile visits and website clicks) and about discovery (such as how many people viewed our content and where they found it) are provided in this area.
Content : This gives us insights relating to posts, stories and promotions.
Audience : This tells us more about our followers and our audience.
Further information can be found at https://help.instagram.com/788388387972460?helpref=faq_content .
The mutual obligations relating to the joint responsibility are set out in the “Page Insights Controller Addendum”. Therein Meta assumes primary responsibility within the meaning of the GDPR for the processing of insights data and states that it will fulfil all obligations under the GDPR in respect of the processing of insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Only Meta can make and implement decisions concerning the processing of insights data. Since Meta has sole discretion in deciding how it will fulfil its obligations under this agreement, we do not have any influence on the fulfilment of Meta’s data privacy obligations. Should we receive enquiries in connection with the insights data, we are obliged to forward all relevant information on to Meta.
2. Legal basis for data processing
The data processing is based on a legitimate interest of ours within the meaning of point (f) of Art. 6(1) GDPR.
3. Purpose of data processing
We use this information in order to make our profile page and the content shown on it more attractive for visitors to our profile page.
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing. On the basis of the agreement between Meta and us mentioned in number 1, please send any objection direct to Meta. If you send us the objection, we will pass it on to Meta.
TikTok fan page
1. Description and extent of data processing
Under case law of the European Court of Justice, we have joint responsibility within the meaning of data protection law with TikTok Technology Limited (10 EARLSFORT TERRACE, D02 T380, CO. DUBLIN, DUBLIN, D02T380, Ireland, D02T380) and TikTok Information Technologies UK Limited (Kaleidoscope,4 Lindsey Street, London, EC1A 9HP, United Kingdom), together TikTok, for the processing of personal data that are collected by TikTok on a visit to our TikTok fan pages.
If you visit our TikTok fan pages, TikTok will automatically collect personal data about you as a visitor to the respective fan page without our being able to influence this. Further information about data collection by TikTok can be found in TikTok’s Privacy Policy .
TikTok makes various anonymised statistics concerning visitors to our TikTok fan pages available to us in the form of what are known as page insights. We have no influence on the compilation of this information. In particular, we cannot stop it being collected and processed by TikTok. For a selectable period, TikTok provides us with the following information in anonymised form regarding our respective fan pages:
Activity: Insights for our profiles, including interactions (such as profile visits and website clicks) and about discovery (such as how many people viewed our content and where they found it) are provided in this area.
Content: This gives us insights relating to posts, stories and promotions.
Audience: This tells us more about our followers and our audience.
Further information can be found at Privacy Policy | TikTok
Only TikTok can make and implement decisions concerning the processing of insights data. Since TikTok has sole discretion in deciding how it will fulfil its obligations under joint responsibility, we do not have any influence on the fulfilment of TikTok’s data privacy obligations. Should we receive enquiries in connection with the insights data, we will pass all relevant information on to TikTok.
2. Legal basis for data processing
The data processing is based on a legitimate interest of ours within the meaning of point (f) of Art. 6(1) GDPR.
3. Purpose of data processing
We use this information in order to make our profile page and the content shown on it more attractive for visitors to our profile page.
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing.
Please send your objection directly to TikTok. If you send us the objection, we will pass it on to TikTok.
Processing of your data for the purpose of podcast publication
1. Description and extent of data processing
When we publish our podcast of LipoClinic Dr. Heck, we process your data in joint responsibility with
Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden and
Apple, Apple Park Cupertino, California, USA.
The joint responsibility results from the judgement of the ECJ on Facebook fan pages and its transfer to these circumstances. The data that are processed in joint responsibility are all those data which are created when you visit the podcast page.
If you visit our podcast page, Spotify/Apple will automatically collect personal data about you as a visitor to the relevant podcast page. We are unable to influence this.
These will be made available to us in the form of what are known as page insights as anonymised statistics concerning visitors to our podcast pages. We have no influence on the compilation of this information. In particular, we cannot stop it being collected and processed by Spotify/Apple. For a selectable period, Spotify/Apple provides us with the following information in anonymised form regarding our respective podcast page:
Subscribers
Listeners
Streams
Location
Download sources
Further information about the data processing can be found here:
Spotify: Privacy Center – Spotify
Apple: Legal – Apple Music & Privacy – Apple
Only Spotify/Apple can make and implement decisions concerning the processing of insights data. Since Spotify/Apple have sole discretion in deciding how they will fulfil their obligations under joint responsibility, we do not have any influence on the fulfilment of these two parties’ data privacy obligations. Should we receive enquiries in connection with the insights data, we will pass all relevant information on to Spotify or Apple.
2. Legal basis for data processing
The data processing is based on a legitimate interest of ours within the meaning of point (f) of Art. 6(1) GDPR.
3. Purpose of data processing
We use this information in order to make our podcast page and the content shown on it more attractive for visitors to our podcast page.
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing.
Please send your objection directly to Spotify/Apple. If you send us the objection, we will pass it on Spotify/Apple.
VII. What plugins do we use, and why?
Facebook and Instagram social media plugins
1. Description and extent of data processing
On our website we use so-called social plugins of the social media Facebook and Instagram which enable content to be liked or shared. The plugins can normally be identified by the respective social media logos.
To protect your privacy, we use the Shariff solution on our website. With Shariff, the connection between you and the server of the social network is not established until you actually click on the relevant button (“icon”). Your browser will then establish a direct connection to the relevant social network and the social network will receive the information that you accessed the corresponding page of our online presence, and when, as well as your IP address, details of the browser used, the operating system and the language settings.
You can see an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE .
Further information about data processing by Facebook and about setting options for protecting your privacy can be found at http://www.facebook.com/about/privacy/ .
For Instagram the information is available at https://instagram.com/about/legal/privacy/ .
2. Legal basis for data processing
Activation of the plugin constitutes consent within the meaning of point (a) of Art. 6(1) GDPR.
3. Purpose of data processing
Our brand presence is enhanced through the sharing and liking of our web offering.
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can withdraw your consent at any time with effect for the future. To do so, please contact Facebook.
If you do not want the social network to collect data about you through this online offering, you should not click on the icons. If you are registered on the social network, the social network can also associate the information directly with your account when you activate the button.
Use of YouTube plugins
1. Description and extent of data processing
We use the provider YouTube to offer videos. YouTube is operated by YouTube LLC, which is based at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., registered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The plugin of the provider YouTube that is used on our website is not enabled until you click on the “Enable YouTube now” button and thereby consent to the use of YouTube. With your consent, a connection to the YouTube servers is established and the plugin is shown. In the process, the YouTube servers will be told which of our web pages you have visited. If you have logged on as a member of YouTube, YouTube will associate this information with your personal user account. This information is also associated with your user account when you use the plugin, e.g. by clicking on the start button of a video.
2. Legal basis for data processing
Activation of the plugin constitutes consent within the meaning of point (a) of Art. 6(1) GDPR.
3. Purpose of data processing
We integrated videos in order to make our website more appealing. It also enables us to present you with a better and more detailed picture of us as a company.
For the purpose and scope of the data collection and the further processing and use of the data by YouTube, and for the rights and options you have concerning the protection of your privacy, please refer to YouTube’s data privacy policy at www.google.de/intl/de/policies/privacy/
4. Duration of storage
The data obtained will be erased when the purpose of collection has been achieved, unless there is a statutory duty of retention that prevents earlier erasure.
5. Possibility of objection and removal
You can withdraw your consent at any time with effect for the future. To do so, please contact YouTube.
You can prevent this association by logging out of your YouTube user account and any other user accounts of YouTube LLC and Google Inc. and deleting the companies’ corresponding cookies before accessing our website.
VIII. What happens when the contact form is used?
1. Description and extent of data processing
There is a contact form on our website which can be used for getting in touch electronically. If a user takes advantage of this opportunity, the data entered on the input template will be sent to us and we will store them. These data are your
first name and surname
address
e-mail, telephone
date of birth
body size and weight
previous illnesses/medication
The data on this form will not be forwarded to third parties, but will instead be used solely in order to process the enquiry.
2. Legal basis for data processing
The legal basis for processing of the data based on the user’s consent is point (a) of Art. 6(1) GDPR.
The legal basis for the processing of the data transmitted when an e-mail is sent is point (f) of Art. 6(1) GDPR. If you contact us by e-mail in order to conclude a contract, point (b) of Art. 6(1) GDPR is an additional legal basis for processing.
3. Purpose of data processing
The personal data from the input template will be processed solely so that we can respond to your contact. If you contact us by e-mail, this also gives us the necessary legitimate interest in processing the data.
Other personal data will be processed during the send process in order to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the personal data from the input template of the contact form and the personal data that were sent by e-mail, this will be the case when the relevant enquiry of the user has come to an end. The enquiry is ended if the circumstances permit the conclusion that the matter at hand has definitely been resolved.
The personal data additionally collected during the send process will be erased after not more than seven days.
5. Possibility of objection and removal
The enquiry is based on consent:
Once given, you can withdraw consent at any time with effect for the future. This does not affect the lawfulness of the data processing prior to withdrawal.
Please use the above contact details to inform us of the withdrawal of consent, in which case all personal data saved in the course of the contact will be erased.
Please note that we will be unable to continue dealing with your enquiry if you withdraw consent.
The enquiry is based on a legitimate interest:
You can object to the processing of your personal data at any time if there are grounds relating to your particular situation against such data processing.
Please use the above contact details to inform us of the objection, in which case all personal data saved in the course of the contact will be erased.
Please note, however, that if you object successfully, we will be unable to continue dealing with your enquiry.
The enquiry is required for the conclusion of a contract:
If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, it will only be possible to erase the data early if contractual or legal obligations do not prohibit erasure.
IX. Will the data be processed outside the EU/EEA?
According to the General Data Protection Regulation (GDPR), personal data may only be transferred to a third country if the receiving country or the recipient guarantees an adequate level of data protection. Our website uses tools of companies based in the USA, among others. When these tools are active, your personal data can be transferred to the US servers of the respective companies.
Please note that the USA is not a safe third country within the meaning of EU data protection legislation. US companies are obliged to surrender personal data to security authorities without you as the data subject being able to take any legal steps to prevent this. We cannot therefore exclude the possibility that US authorities (e.g. secret services) will, for monitoring purposes, process, analyse and permanently store your data located on US servers. Furthermore, according to prevailing American regulations the data processing of such monitoring measures is not limited to the absolutely essential, so does not satisfy the minimum requirements existing under the principle of proportionality. We do not have any influence on these processing activities.
The transfer of data to third countries (e.g. the USA, China) is only permitted if, in the absence of an adequacy decision pursuant to Art. 45 GDPR, an appropriate safeguard pursuant to Art. 46 GDPR is provided. An appropriate safeguard pursuant to Art. 46 GDPR constitutes the agreement of the EU standard data protection clauses according to point (c) of Art. 46(2) GDPR. If and to the extent that data are transferred to a third country and this cannot be founded on an adequacy decision or other legal justification, the data transfer is always founded on the current standard data protection clauses according to point (c) of Art. 46(2) GDPR. These are concluded between the data importer and the data exporter in accordance with data protection legislation. If we ourselves are not one of the parties but are a controller within the meaning of the GDPR, we will seek to bring about agreement of the above standard data protection clauses.
X. What about links to other websites?
Our website may contain links to third-party websites. If you follow a link to one of these websites, please note that we cannot accept any responsibility or offer any warranty for third-party content or data protection terms. Please acquaint yourself with the applicable data protection rules before sending personal data to these websites.
XI. What about data security?
Unfortunately, the transfer of information across the internet is not entirely secure, which is why we are unable to guarantee the security of data sent across the internet to and about our website. However, we employ technical and organisational measures on our website and other systems to protect – to the highest possible extent – against the loss, destruction, access, modification or dissemination of your data by unauthorised persons.
We take precautions to ensure the security of your personal data. Your data are conscientiously protected from loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.
XII. What are your rights?
If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You can demand confirmation from the controller of whether we process personal data concerning you.
Where such processing takes place, you can demand details from the controller concerning the following information:
the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipient to whom the personal data concerning you were or will be disclosed;
the planned period for which the personal data concerning you will be stored or, if it is not possible to provide specific information on this, the criteria used to determine that period;
the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of processing by the controller or of a right of objection to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origins of the data, if the personal data were not collected from the data subject;
the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to demand information on whether the personal data concerning you are transferred to a third country or an international organisation. In this regard you can demand to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transfer.
2. Right to rectification
You have a right to the rectification and/or completion of your data vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must bring about the rectification without undue delay.
3. Right to restriction of processing
Under the conditions set out below, you can demand that the processing of the personal data concerning you be restricted:
if you dispute the accuracy of the personal data concerning you, for a period of time that enables the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
if the controller no longer needs the personal data for the purposes of the processing, but you require this for the establishment, exercise or defence of legal claims; or
if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate grounds for the controller override your grounds.
If the processing of the personal data concerning you were restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing was restricted in accordance with the above requirements, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You can demand that the controller erase any personal data concerning you without undue delay and the controller will be obliged to erase such data without undue delay if one of the following grounds exists:
the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based according to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
the personal data concerning you have been unlawfully processed.
the personal data concerning you have to be erased for compliance with a legal obligation in accordance with Union or Member State law to which the controller is subject; or
the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and if he is obliged pursuant to Art. 17(1) GDPR to erase them, then he, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not exist to the extent that processing is necessary
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have exercised your right to have the controller rectify or erase the personal data concerning you or restrict their processing, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have a right vis-à-vis the controller to be informed of these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data were given, provided that
the processing is based on consent pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR; and
the processing is carried out by automated means.
In exercising this right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must be without prejudice to the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the personal data is processed for the establishment, exercise or defence of legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent under data protection regulations
You have the right at any time to withdraw consent given under data protection regulations. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. This does not apply if the decision:
is necessary for entering into, or the performance of, a contract between you and the controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
is based on your explicit consent.
Nevertheless, these decisions may not be based on special categories of personal data referred to in Art. 9(1) GDPR unless point (a) or point (g) of Art. 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
In the cases referred to in (1) and (3) above, the controller will implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The supervisory authority responsible for us is:
LfDI NRW Bettina Gayk Postfach 20 04 44 40102 Düsseldorf
or
Kavalleriestr. 2-4 40213 Düsseldorf