I. Introduction and terms
"Personal data" is any information relating to an identified or identifiable individual (Art. 4 No. 1 GDPR). Information about an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one's own or third-party information and thereby ascertaining who the data subject is. A person becomes identifiable, for example, through the provision of their address or bank details, their date of birth or user name, their IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
The term "processing" is understood by Art. 4 No. 2 GDPR to mean any operation related to personal data. This applies in particular to the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
The term "health data" is defined in Art. 4 No. 15 GDPR as personal data relating to the physical or mental health of an individual, including the provision of health care services, and revealing information about that individual's health status.
II. Person responsible and data protection officer
The party responsible for data processing is:
Company: Kleinsman Varzideh MVZ GmbH ("we")
Legal representative: Dr. Jörn Thiemer (Managing Director)
Address: Casinowall 1-3, 46399 Bocholt
Phone: 02871 / 236800
DATA PROTECTION OFFICER
We have appointed an external data protection officer for our company. You can reach him at:
Daniel Schaar, Graduate in Business Administration (BA)
kraussfirmengruppe GmbH & Co. KG
kraussmanagement – kraussakademie – kraussmedien
Streitheimer Straße 22
Phone: +49 (8294) 511 48 0
Fax: +49 (8294) 511 48 29
Mobile: +49 (176) 460 83 572
III. Processing framework
PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data from you listed in detail below in section IV. We only process data from you which you actively provide on the website (e.g. by filling out forms) or which you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called commissioned processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use external service providers for hosting. We host our website with the external provider Amazon Web Services AWS (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA) in the data center location in Germany. If further external service providers are used for individual processing operations listed in Section IV, they will be named there.
We do not transfer data to third countries and do not plan to do so. We will inform about exceptions to this principle in the processing operations presented below. Any data transfer to third countries then takes place on the basis of the so-called EU standard contractual clauses.
IV. The processing in detail
PROVISION OF THE WEBSITE AND SERVER LOGFILES
Each time you visit our website, we automatically collect information that your browser transmits to our server. These are the following data:
Browser software used, as well as its version and language
The website from which visitors have reached the website (so-called referrer)
The subpages accessed on the website
The date and time of the call of the website
These are also stored in the so-called logfiles of our system. The temporary storage of your IP address by the system is necessary to deliver our website to a user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session. The IP address is recorded in the log files only shortened by the last three digits.
The processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 6.2.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The logfiles are deleted after 7 days.
You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the [...]consent tool.
The processing is necessary with regard to technically required cookies, as well as the use of the consent tool to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the purpose named in section 7.2. In the case of processing with regard to all other - i.e. non-technically necessary - cookies, the legal basis is consent (Art. 6 para. 1 lit. a of the GDPR in conjunction with Section 25 para. 1 of the TTDSG). Such consent is voluntary.
Storage period, revocation of consent
CONTACT FORM AND CONTACT BY EMAIL
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your email will be used exclusively for the purpose of processing and responding to your request.
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 8.2. If the email contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).
We delete the data as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the legal retention period has expired.
Our website does not use so-called social media plugins. The Facebook, Instagram and YouTube logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.
Our profiles within the social networks do, however, constitute data processing. If you are logged in to the respective social network when visiting such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, "share", "like" or "retweet" a post, this information will also be stored in your user account. Your interactions with our profile are usually also viewable by us.
On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page and our Instagram profile, respectively, via the so-called "Insights" function. These statistics are provided by Facebook and Instagram, respectively. The "Insights function" cannot be deactivated. We cannot opt to turn this feature on or off. It is available to all Facebook Fan Page operators and all Instagram business account operators, regardless of whether you use the Insights feature or not.
We are provided with the following data via Facebook Insights for a selectable period of time in anonymized form with regard to fans, subscribers, people reached, and people interacting: Total page views, "likes" including origin, page activity, post interactions, reach, post reach (broken down into organic, viral, and paid interactions), comments, shared content, replies, and demographic analysis, i.e. country of origin, gender, and age. Insights statistics do not allow us to identify subscribers and fans of our site and view their profiles.
Furthermore, Instagram Insights provides us with anonymized data about the development and reach of our Instagram profiles, as well as the posts, stories, and videos we post there. We also receive statistical information in Instagram Insights about the place of origin, gender, and age of subscribers to our Instagram profile.
The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the social networks directly.
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 9.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) lit. a GDPR. The data processing with regard to our presences on Facebook, and Instagram otherwise takes place on the basis of joint responsibility pursuant to Art. 26 GDPR.
Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. For further information on data protection with regard to our profile on the social networks, please refer to the linked data protection regulations.
Facebook: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data protection regulations: www.facebook.com/policy.php;www[AC1] .facebook.com/help/186325668085084,www.facebook.com/about/privacy/your-info-on-other#applications as well as www.facebook.com/about/privacy/your-info#everyoneinfo.
Instagram: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Data Policy: help.instagram.com/155833707900388/
Youtube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection regulations of Youtube/Google: policies.google.com/technologies/partner-sites
The social networks also process your personal data in the USA.
The processing takes place in order for us to be able to evaluate the use of our website. The information obtained in this way is used to improve our online presence and to design it in line with requirements.
The processing is based on consent pursuant to Art. 6 para. 1 lit. a of the GDPR. This is obtained by us via the consent tool (see section 7.1). Such consent is voluntary.
Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 7.4. You can revoke the consent you have given with regard to Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics is automatically deleted by us after 14 months.
Recipients and transfer to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics is jointly responsible for data processing on our behalf. With this in mind, we have also entered into the "Google Measurement Controller-Controller Data Protection Terms" with Google. Google also processes your personal data in the USA.
GOOGLE TAG MANAGER
Our website uses the "Google Tag Manager", a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). No personal data is collected via the Google Tag Manager and no cookies are set. This service only allows us to include and manage tags on our website. Tags are small pieces of code on our website that are helpful to build upon with other tools to, for example, measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and audience targeting, test and optimize the website. For more information about Google Tag Manager, visit www.google.com/intl/de/tagmanager/use-policy.html.
Applicant data processing
12.1 Processing description
We process the data you provide in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. This includes general information about you (such as your name, address and contact details), information about your professional qualifications and academic education, information about professional training, knowledge and skills, and other information that you disclose to us in connection with your application. This is usually done by means of letters of application, resume, references, correspondence, telephone or verbal information from you.
We would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain as far as possible from communicating "special categories of personal data" in accordance with Art. 9 of the General Data Protection Regulation in the application (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered.
If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment.
If we are currently unable to offer you employment, we will continue to process your data after sending the rejection in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process.
If you are not selected for the vacant position, we will transfer your data to our applicant pool - provided we have your consent to do so.
Processing is carried out in order to conduct the application process, to decide on the establishment of an employment relationship with us and to document compliance with legal requirements in the application process.
12.3 Legal basis
Data processing in connection with the application procedure has its legal basis in Section 26 (1) sentence 1 BDSG and Article 6 (1) (1) b of the GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR in conjunction with Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is based on Art. 6 (1) (1) a GDPR. The legal basis for data processing after a cancellation is Art. 6 (1) (1) (f) GDPR. Our legitimate interest is the defense against legal claims.
12.4 Storage duration
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool in the event of a subsequent establishment of an employment relationship or otherwise two years after inclusion.
12.5 Recipients of your data, transfer of data to third parties and transfer to third countries
After we have received your application, your applicant data will be viewed by the Human Resources department and by the personnel service provider zahneins GmbH commissioned by us (zahneins GmbH, Legal Representative: Daniel Wichels (Managing Director), Mühlenkamp 6c, 22303 Hamburg; phone:040 33 46 12 90. Suitable applications are then forwarded internally to the department managers for the respective open position. Then the further procedure is coordinated. In principle, only those persons in the company have access to your data who need it for the proper course of our application procedure. For the processing of personnel administration, the program Recruitee of Recruitee B.V., Keizersgracht 313,1016 EE Amsterdam, Netherlands is used within the framework of order processing. Data is not transferred to third countries.
13.1 Processing description
The processing is carried out in order to be able to show you an interactive map on our website.
13.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 13.2.
13.4 Recipients and transfer to third countries
Open Streetmap also processes your personal data in England.
V. Security measures
To protect your personal data from unauthorized access, we have equipped our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's terminal device. You can recognize active SSL or TLS encryption by a small lock logo that appears on the far left of the browser's address bar.
VI. Your rights
Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
- Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.
- Rectification (Art. 16 GDPR)
You have the right to demand that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.
- Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data concerning you without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.
- Restriction of data processing (Art. 18 GDPR)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
- Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request the return of the data concerning you in a structured, common and machine-readable format.
- Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it functions for the future. The processing therefore does not become retroactively unlawful by the revocation of consent.
- Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right by contacting a supervisory authority in the EU Member State where you are located, where you work or where the alleged infringement took place.
- Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data - including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.
- Right of objection (Art. 21 GDPR)
If we process personal data from you on the basis of Art. 6 (1) f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any event - also irrespective of a specific situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Last updated: January 2023
[AC1]Link 1 funktioniert nicht, für eine Lokalisierung der anderen Links ist ein Login über Facebook erforderlich.