Privacy Policy website www.kleinsman.de
I. Introduction and terms
GENERAL
In operating our website with the URL www.kleinsman.de (hereinafter referred to as "website"), we process personal data. These will be treated confidentially by us and processed in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetzes (BDSG) [Federal Data Protection Act] and the Telekommunikation-Telemedien-Datenschutzgesetz (TTDSG) [Telecommunications Telemedia Data Protection Act]. The purpose of this Privacy Policy is to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain the rights you have to protect and enforce your data privacy.
TERMS
Our Privacy Policy contains technical terms that are in the GDPR and the BDSG. For your better understanding we want to explain these terms in simple language in advance:
Personal data
"Personal data" is any information relating to an identified or identifiable individual (Art. 4 No. 1 GDPR). Information about an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one's own or third-party information and thereby ascertaining who the data subject is. A person becomes identifiable, for example, through the provision of their address or bank details, their date of birth or user name, their IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Processing
The term "processing" is understood by Art. 4 No. 2 GDPR to mean any operation related to personal data. This applies in particular to the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
Health data
The term "health data" is defined in Art. 4 No. 15 GDPR as personal data relating to the physical or mental health of an individual, including the provision of health care services, and revealing information about that individual's health status.
II. Person responsible and data protection officer
RESPONSIBLE PERSON
The party responsible for data processing is:
Company: Kleinsman Varzideh MVZ GmbH ("we")
Legal representative: Dr. Sven Pfleging, Nils Grave (Managing Director)
Address: Casinowall 1-3, 46399 Bocholt
Phone: 02871 / 236800
Email: info@kleinsman.de
DATA PROTECTION OFFICER
We have appointed an external data protection officer for our company. You can reach him at:
Daniel Schaar, Graduate in Business Administration (BA)
kraussfirmengruppe GmbH & Co. KG
kraussmanagement – kraussakademie – kraussmedien
Streitheimer Straße 22
D-86477 Adelsried
Phone: +49 (8294) 511 48 0
Fax: +49 (8294) 511 48 29
Mobile: +49 (176) 460 83 572
Email: info@kraussmanagement.de
III. Processing framework
PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data from you listed in detail below in section IV. We only process data from you which you actively provide on the website (e.g. by filling out forms) or which you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called commissioned processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use external service providers for hosting. We host our website with the external provider Amazon Web Services AWS (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA) in the data center location in Germany. If further external service providers are used for individual processing operations listed in Section IV, they will be named there.
We do not transfer data to third countries and do not plan to do so. We will inform about exceptions to this principle in the processing operations presented below. Any data transfer to third countries then takes place on the basis of the so-called EU standard contractual clauses.
IV. The processing in detail
PROVISION OF THE WEBSITE AND SERVER LOGFILES
Processing description
Each time you visit our website, we automatically collect information that your browser transmits to our server. These are the following data:
IP address
Browser software used, as well as its version and language
Operating system
The website from which visitors have reached the website (so-called referrer)
The subpages accessed on the website
The date and time of the call of the website
These are also stored in the so-called logfiles of our system. The temporary storage of your IP address by the system is necessary to deliver our website to a user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session. The IP address is recorded in the log files only shortened by the last three digits.
Purpose
The processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
Legal basis
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 6.2.
Storage duration
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The logfiles are deleted after 7 days.
COOKIES
Processing description
Our website uses cookies. Cookies are small text files that are stored on the user's terminal device when a website is visited. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. So-called "session cookies" and "persistent cookies" are used on our site. "Session cookies" are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your terminal device for a longer period of time. If cookies are technically necessary for the operation of our site, this does not require your consent. All other cookies that are not technically necessary are only set after you have actively consented to the use of cookies via our consent tool. We use a self-programmed application to obtain and document consent. The consent tool itself stores your selection in a cookie on your terminal. This means that you do not need to make a decision about cookies again on a subsequent visit to our website.
You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the [...]consent tool.
Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 7.1.
Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the consent tool to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the purpose named in section 7.2. In the case of processing with regard to all other - i.e. non-technically necessary - cookies, the legal basis is consent (Art. 6 para. 1 lit. a of the GDPR in conjunction with Section 25 para. 1 of the TTDSG). Such consent is voluntary.
Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your terminal device, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted. This can also be done automatically. If cookies are deactivated, deleted or restricted for our website, it may be that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you may have given for the use of cookies at any time in the settings of the [...] consent tool with effect for the future.
Recipient
When cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer of data to third countries in the settings of the consent tool or in the corresponding section on the third-party service in this Privacy Policy.
CONTACT FORM AND CONTACT BY EMAIL
Processing description
We have provided a contact form on our website for contacting us. In this form you will be asked to enter your email address, name and a message to us. When you click the "Submit" button, the data is transmitted to us using SSL encryption (see item 12.). The contact form can only be transmitted if you confirm that you have taken note of this Privacy Policy by clicking on the corresponding checkbox. You can also contact us via the email addresses provided on the website. In this case, the personal data transmitted with the email will be processed by us.
Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your email will be used exclusively for the purpose of processing and responding to your request.
Legal basis
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 8.2. If the email contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).
Storage duration
We delete the data as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the legal retention period has expired.
SOCIAL NETWORKS
Processing description
Our website does not use so-called social media plugins. The Facebook, Instagram and YouTube logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.
Our profiles within the social networks do, however, constitute data processing. If you are logged in to the respective social network when visiting such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, "share", "like" or "retweet" a post, this information will also be stored in your user account. Your interactions with our profile are usually also viewable by us.
On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page and our Instagram profile, respectively, via the so-called "Insights" function. These statistics are provided by Facebook and Instagram, respectively. The "Insights function" cannot be deactivated. We cannot opt to turn this feature on or off. It is available to all Facebook Fan Page operators and all Instagram business account operators, regardless of whether you use the Insights feature or not.
We are provided with the following data via Facebook Insights for a selectable period of time in anonymized form with regard to fans, subscribers, people reached, and people interacting: Total page views, "likes" including origin, page activity, post interactions, reach, post reach (broken down into organic, viral, and paid interactions), comments, shared content, replies, and demographic analysis, i.e. country of origin, gender, and age. Insights statistics do not allow us to identify subscribers and fans of our site and view their profiles.
Furthermore, Instagram Insights provides us with anonymized data about the development and reach of our Instagram profiles, as well as the posts, stories, and videos we post there. We also receive statistical information in Instagram Insights about the place of origin, gender, and age of subscribers to our Instagram profile.
The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the social networks directly.
Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 9.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) lit. a GDPR. The data processing with regard to our presences on Facebook, and Instagram otherwise takes place on the basis of joint responsibility pursuant to Art. 26 GDPR.
Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. For further information on data protection with regard to our profile on the social networks, please refer to the linked data protection regulations.
Facebook: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data protection regulations: www.facebook.com/policy.php;www[AC1] .facebook.com/help/186325668085084,www.facebook.com/about/privacy/your-info-on-other#applications as well as www.facebook.com/about/privacy/your-info#everyoneinfo.
Instagram: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Data Policy: help.instagram.com/155833707900388/
Youtube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection regulations of Youtube/Google: policies.google.com/technologies/partner-sites
The social networks also process your personal data in the USA.
GOOGLE ANALYTICS
Processing description
Our website uses "Google Analytics", a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Analytics uses cookies (see item 7.), which enable an analysis of your use of our offer. The information generated by the cookies is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymization. This means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. The statistics generated by Google Analytics record in particular how many users visit our website, from which country or location the access takes place, which subpages are accessed and via which links or search terms visitors reach our website. The Google Analytics Terms of Use can be found at marketingplatform.google.com/about/analytics/terms/us/ An overview of data protection at Google Analytics is available at marketingplatform.google.com/intl/en_uk/about/. Google's privacy policy can be viewed at policies.google.com/privacy
Purpose
The processing takes place in order for us to be able to evaluate the use of our website. The information obtained in this way is used to improve our online presence and to design it in line with requirements.
Legal basis
The processing is based on consent pursuant to Art. 6 para. 1 lit. a of the GDPR. This is obtained by us via the consent tool (see section 7.1). Such consent is voluntary.
Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 7.4. You can revoke the consent you have given with regard to Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics is automatically deleted by us after 14 months.
Recipients and transfer to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics is jointly responsible for data processing on our behalf. With this in mind, we have also entered into the "Google Measurement Controller-Controller Data Protection Terms" with Google. Google also processes your personal data in the USA.
GOOGLE TAG MANAGER
Our website uses the "Google Tag Manager", a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). No personal data is collected via the Google Tag Manager and no cookies are set. This service only allows us to include and manage tags on our website. Tags are small pieces of code on our website that are helpful to build upon with other tools to, for example, measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and audience targeting, test and optimize the website. For more information about Google Tag Manager, visit www.google.com/intl/de/tagmanager/use-policy.html.
Applicant data processing
12.1 Processing description
We process the data you provide in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. This includes general information about you (such as your name, address and contact details), information about your professional qualifications and academic education, information about professional training, knowledge and skills, and other information that you disclose to us in connection with your application. This is usually done by means of letters of application, resume, references, correspondence, telephone or verbal information from you.
We would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain as far as possible from communicating "special categories of personal data" in accordance with Art. 9 of the General Data Protection Regulation in the application (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered.
If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment.
If we are currently unable to offer you employment, we will continue to process your data after sending the rejection in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process.
If you are not selected for the vacant position, we will transfer your data to our applicant pool - provided we have your consent to do so.
12.2 Purpose
Processing is carried out in order to conduct the application process, to decide on the establishment of an employment relationship with us and to document compliance with legal requirements in the application process.
12.3 Legal basis
Data processing in connection with the application procedure has its legal basis in Section 26 (1) sentence 1 BDSG and Article 6 (1) (1) b of the GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR in conjunction with Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is based on Art. 6 (1) (1) a GDPR. The legal basis for data processing after a cancellation is Art. 6 (1) (1) (f) GDPR. Our legitimate interest is the defense against legal claims.
12.4 Storage duration
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool in the event of a subsequent establishment of an employment relationship or otherwise two years after inclusion.
12.5 Recipients of your data, transfer of data to third parties and transfer to third countries
After we have received your application, your applicant data will be viewed by the Human Resources department and by the personnel service provider zahneins GmbH commissioned by us (zahneins GmbH, Legal Representative: Daniel Wichels (Managing Director), Mühlenkamp 6c, 22303 Hamburg; phone:040 33 46 12 90. Suitable applications are then forwarded internally to the department managers for the respective open position. Then the further procedure is coordinated. In principle, only those persons in the company have access to your data who need it for the proper course of our application procedure. For the processing of personnel administration, the program Recruitee of Recruitee B.V., Keizersgracht 313,1016 EE Amsterdam, Netherlands is used within the framework of order processing. Data is not transferred to third countries.
Open Streetmap
13.1 Processing description
Our website uses the "JavaScript leaflet" to provide map data on our website. We use the service e.g. Open Streetmap which is provided by the Openstreetmap Foundation (St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS United Kingdom) (hereinafter referred to as "Open Streetmap") as a map. We use Open Streetmap by embedding a map with our business address on our website. For the use and function of Open Streetmap it is necessary to store your IP address. Your IP address is transmitted to Open Streetmap in connection with the address of our website. However, we have no influence on this data transmission. You have the option to deactivate the service of Open Streetmap and thus prevent the data transfer to Open Streetmap by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our pages, or only to a limited extent. For more information about Open Streetmap privacy, please visit: wiki.osmfoundation.org/wiki/Privacy_Policy. For more information about "JavaScript Leaflet", see: leafletjs.com.
13.2 Purpose
The processing is carried out in order to be able to show you an interactive map on our website.
13.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f of the GDPR). Our legitimate interest lies in the purpose named in section 13.2.
13.4 Recipients and transfer to third countries
Open Streetmap also processes your personal data in England.
V. Security measures
Security measures
To protect your personal data from unauthorized access, we have equipped our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's terminal device. You can recognize active SSL or TLS encryption by a small lock logo that appears on the far left of the browser's address bar.
VI. Your rights
Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
- Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.
- Rectification (Art. 16 GDPR)
You have the right to demand that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.
- Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data concerning you without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.
- Restriction of data processing (Art. 18 GDPR)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
- Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request the return of the data concerning you in a structured, common and machine-readable format.
- Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it functions for the future. The processing therefore does not become retroactively unlawful by the revocation of consent.
- Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right by contacting a supervisory authority in the EU Member State where you are located, where you work or where the alleged infringement took place.
- Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data - including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.
- Right of objection (Art. 21 GDPR)
If we process personal data from you on the basis of Art. 6 (1) f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any event - also irrespective of a specific situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.
14.whatsapp communication
14.1 Description of the processing
The Zahneins Group uses a WhatsApp channel in the context of making appointments. Here we process your telephone number, surname and first name, your profile picture if applicable, information that you provide to us in your WhatsApp messages and your preferences stored with us.
To use this service, you must already have an existing WhatsApp account. The responsible provider of the WhatsApp messenger service is WhatsApp, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. WhatsApp does not act for us either as a processor or as a joint controller. We have no precise knowledge of and no influence on data processing by WhatsApp. Further information on data protection at WhatsApp can be found in the privacy policy of the messenger service at www.whatsapp.com/legal/
14.2 Purpose
The processing takes place in order to be able to offer and send appointments via the WhatsApp channel. The collection and storage of date, time and telephone number serves to document booked appointments.
14.3 Legal basis
Processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. You can access the declaration of consent at any time. Your consent is voluntary
14.4 Storage period, revocation of consent
We process your personal data for the duration of your appointment. You can stop receiving our appointment confirmation at any time by revoking your consent with effect for the future. A simple declaration is sufficient for this. If you withdraw your consent, we will no longer send you WhatsApp messages and your personal data will be deleted.
14.5 Recipients and transfer to third countries
To provide this service, the booked appointment is transmitted to our dental practice and to the WhatsApp service provider. Further information on data protection can be found here:
WhatsApp: www.whatsapp.com/legal/privacy-policy-eea
Last updated: January 2023