Data Protection

Data protection
Privacy Notice

 

This privacy notices informs you of the type, scope and purpose of the processing of personal data (hereinafter “data”) as part of our online offer and the associated websites, functions and contents as well as external online presence, such as our social media profile (hereinafter “online offers”). Regarding the terminology used, such as “processing” or “controller”, we would like to refer to the definitions in Art. 4 of the General Data Protection Regulations (GDPR).

Controller

Name/Company: Dr. med. Frauke Del Bello
Street: Friedrichstr. 55A
Postal Code, City, Country: 10117 Berlin, Germany
Managing Director/Owner: Dr. med. Frauke Del Bello
Telephone: + 49 30 – 206 70 976
E-mail: mail@delbello.de
Imprint: https://www.delbello.de/imprint

Type of data processed:

– Inventory data (for example name and address).
– Contact data (for example telephone, e-mail)
– Content data (for example text input, photos, videos)
– Usage data (for example visited websites, interest in contents, access times)
– Meta and communication data (for example device information, IP addresses).

Categories of data subjects

Visitors and users of the online offer (hereinafter, we will refer to the data subjects as “Users”).
Purpose(s) of processing
– Provision of online offer, its functions and contents
– Reply to contact requests and communication with users
– Safety measures
– Range measurement / Marketing

Terminology used

“Personal data” is all data referring to an identified or identifiable natural entity (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” refers to procedures performed with or without the support of automated systems or any such sequence of procedures related to personal data. The term is loosely defined and basically includes any handling of data.
The “controller” is the natural or legal entity, public authority, institution or any other body which, solely or in cooperation with others, makes decisions about the purposes and means of processing of personal data.
Significant legal foundations
Pursuant to Art. 13 GDPR, we will share the legal foundation of our data processings with you. Where the legal foundation in the data protection statement is not mentioned, the following shall apply: The legal foundation for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal foundation for data processing to fulfil our services and perform contractual measures as well as reply to requests is Art. 6 Para. 1 lit. b GDPR, the legal foundation for data processing to fulfil our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal foundation for data processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In case the processing of personal data is required due to the vital interests of the data subject or of any other natural person, Art. 6 Para. 1 lit. d GDPR serves as legal basis.

Cooperation with order processors and third parties

Where we disclose data to other persons and companies (contract processors or third parties) during our processing or transmit them or grant other persons and companies access to such data, we only do so on the basis of legal permission (for example, if transmission of data to third parties is mandatory, such as payment service providers, as per Art. 6 Para. 1 lit. b GDPR), if you have provided consent, if a legal obligation exists or on the basis of our legitimate interests (for example when using representatives, web hosters, etc.).
Where we commission third parties with data processing on the basis of a “data processing agreement”, we do so on the basis of Art. 28 GDPR.

Transmission to third countries

Where we process data in a third country (meaning outside of the European Union (EU) or of the European Economic Area (EEA)) or data is processed as part of the utilization of services of third parties or is disclosed and/or transmitted to third parties, we do so only to fulfil our (pre-)contractual obligations, if based on your consent, due to a legal obligation or on the basis of our own legitimate interests. Subject to legal or contractual permissions, we process or let process data in a third country only in case of special prerequisites as per Art. 44 ff. GDPR. That means, data is processed, for example, on the basis of special guarantees, such as the officially recognized identification of data protection level corresponding to that of the EU (such as the “Privacy Shield” for the United States) or adherence to recognized special contractual obligations (such as “standard contract provisions”).

Rights of the data subjects

You have the right to request information whether certain data is being processed and the right to information about such data and further information and copies of the data pursuant to Art. 15 GDPR.
Pursuant to Art. 16 GDPR, you have the right to demand completion of your data or correction of your data where incorrect.
Pursuant to Art. 17 GDPR, you have the right to demand erasure of your data or a restriction of processing of your data as per Art. 18 GDPR.
You have the right to demand that you receive the data you have provided to us as per Art. 20 GDPR and demand transmission of such data to other controllers.
Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the responsible supervisory authority.

Right of withdrawal

You have the right to withdraw your granted consent as per Art. 7 Para. 3 GDPR with effect for the future.
Right to object
You may object to the future processing of your personal data any time as per Art. 21 GDPR. Such an objection may be particularly directed against processing for the purposes of direct marketing.

Cookies and right to object in case of direct marketing

“Cookies” are small files which are stored on the computers of users. Cookies may contain different kinds of information. Primarily, the purpose of a cookie is to store information regarding a user (or the device on which the cookie is stored) as part of an online offer during or even after the visit. Temporary cookies, also referred to as “session cookies” or “transient cookies”, are cookies which are deleted after a user leaves an online offer and closes the browser. Such a cookie may store the contents of a shopping basket in an online shop or the login status, for example. Cookies are “permanent” or “persistent” if they are stored even after the browser is closed. That way, the login status may be stored, for example, if users return after several days. Such cookies may also contain the interests of users which are generally used to measure reach or for marketing purposes. “Third-party cookies” are those offered by other providers than the controller operating the online offer (otherwise we refer to “first-party cookies”).
We may use temporary and permanent cookies, providing explanation about their use within the context of our privacy statement.
If users do not want cookies to be stored on their computers, they must deactivate the corresponding option in the system settings of their browser. Cookies which have been stored may be deleted in the system settings of your browser. However, the deletion of cookies may lead to functional restrictions of the online offer.
A general objection against the use of cookies for the purposes of online marketing may be declared to a number of services, especially in case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be switched off in the browser settings. Please note that you may not be able to use all the functions of this online offer in that case.

Deleting data

Data processed by us is deleted as per Art. 17 and 18 GDPR or restricted in processing. Unless specified otherwise in this privacy statement, stored data is deleted once it is no longer required for the original purpose and if such an erasure is not opposed by legal retention periods. Where data is not deleted because it is required for other and legally permitted purposes, the processing of such data will be restricted. That means, the data is blocked and not processed for other purposes. This may be data, for example, which must be stored for commercial or tax reasons,
Pursuant to statutory regulations in Germany, the retention period is specified to be 6 years in accordance with § 257 Para. 1 HGB (Commercial Code) (manuals, inventories, opening balances, annual reports, business letters, booking receipts, etc.) and 10 years in accordance with § 147 Para. 1 AO (Fiscal Code) (accounts, records, progress reports, accounting records, business letters, documentation relevant for taxation, etc.).
Pursuant to statutory regulations in Austria, the retention period is specified to be 7 years in accordance with § 132 Para. 1 BAO (Federal Fiscal Code) (accounting documentation, receipts/invoices, accounts, receipts, business documents, list of outgoing and incoming payments, etc.), 22 years in association with real estate and 10 years for documentation relating to electronically performed services, telecommunication, radio and television services performed for non-entrepreneurs in EU member states and for whom mini-one-stop-shop (MOSS) is exercised.

Collection of access data and log files

We or our hosting provider collect data about each access to the server hosting this service (server log files) on the basis of our legitimate interests as defined by Art. 6 Para. 1 lit. f GDPR. The access data includes the name of the visited website, the file, date and time of access, transmitted data volume, report about successful activation, browser type and version, operating system of the user, referrer URL (the previously visited site), IP address and the requesting provider.
Log file information is stored for a period of max. 7 days for security reasons (for example to resolve misuse or fraudulent acts) and then deleted. Where required to retain data as further proof, such data will not be deleted until the situation has been fully clarified and resolved.

Contact

When contacting us (for example via contact form, e-mail, telephone or social media), the information provided by the user will be processed as part of the contact request as per Art. 6 Para. 1 lit. b) GDPR. The user information may be stored in a customer relationship management system (CRM system) or a comparable way of organizing requests.
We will delete requests when they are no longer required. We review the requirements every two years. In addition, all statutory archival obligations apply.

Retrieval of profile images at Gravatar

As part of our online offer and blog, we use Gravatar services provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, United States.
Gravatar is a service for which users can register and submit profile images and e-mail addresses. Where users with the corresponding e-mail address leave contributions or comments on other online presences (especially in blogs), their profile images may be displayed next to the contributions or comments. For this purpose, the e-mail address provided by the users will be transmitted to Gravatar in encrypted form to check whether a profile corresponds with this e-mail address. This is the only purpose of transmitting the e-mail address which will not be used for any other purposes and is then deleted.
Gravatar services are used based on our legitimate interests as defined by Art. 6 Para. 1 lit. f) GDPR as we use Gravatar to provide the authors of contributions and comments with the opportunity to personalize their contributions through a profile picture.
Automattic is certified as per the Privacy Shield Agreement and offers the guarantee of adhering to European data protection rights (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
By displaying the images, Gravatar collects the IP address of users as it is required for communication between the browser and an online service. More information about the collection and use of data by Gravatar is available in the privacy statement of Automattic: https://automattic.com/privacy/.
If users to do not want the profile picture associated with an e-mail address to appear in the comments, they must use an e-mail address which is not registered with Gravatar. Furthermore, we would like to inform you that it is also possible to use an anonymous e-mail address or none at all if users do not want their own e-mail address to be transmitted to Gravatar. Users can completely prevent the collection ad transmission of data by refraining from using our comment system.

Jetpack (WordPress Stats)

On the basis of our legitimate interests (meaning an interest in the analysis, optimization and economic operation of our online offer as defined in Art. 6 Para. 1 lit. f. GDPR), we use the plugin Jetpack (here the sub-function “WordPress Stats”) which integrates a tool for statistical evaluation of user access and is operated by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, United States. Jetpack uses “cookies”, text files that are stored on your computer to analyze your use of the website.
Automattic is certified as per the Privacy Shield Agreement and offers the guarantee of adhering to European data protection rights (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
The information created by the cookie regarding your use of this online offer is stored on a server in the United States. The processed data may be used to create user profiles but will only be used for analytical purposes and not for advertising purposes. Further information is available in the Automattic privacy statements: https://automattic.com/privacy/ and information regarding Jetpack cookies: https://jetpack.com/support/cookies/.

Use of Facebook social plugins

On the basis of our legitimate interests (meaning interests in the analysis, optimization and economic operation of our online offer as defined by Art. 6 Para. 1 lit. f GDPR), we operate social plugins (“plugins”) of the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may represent interaction elements or content (for example videos, graphs or text contributions) and can be recognized by the Facebook logo (white “f” on blue tile, the term “Like” or by a thumbs-up symbol) or are marked as “Facebook social plugin”. A list and the look of Facebook social plugins is available here: https://developers.facebook.com/docs/plugins/.
Facebook is certified as per the Privacy Shield Agreement and offers the guarantee of adhering to European data protection rights (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user activates a function of the online offer which contains such a plugin, the device of the user will establish a direct connection with Facebook’s servers. Facebook transmits the content of the plugin directly to the device of the user where it is integrated into the online offer. User profiles may be created from the processed data in the process. Therefore, we have no influence on the scope of data collected by Facebook through this plugin and are hereby informing users in accordance with our state of knowledge.
The integration of the plugin enables Facebook to collect the information that a user visited a specific site of the online offer. If the user is logged into Facebook, Facebook may allocate the visit to that specific Facebook account. When users interact with plugins, for example by using the “Like” button or leaving a comment, the corresponding information will be directly transmitted from your device to Facebook and stored there. If a user is not registered with Facebook, Facebook may still determine the IP address and store it. According to Facebook, only anonymized IP addresses are stored in Germany.
The purpose and scope of data collection as well as further processing and use of such data by Facebook as well as the rights and setting options for the protection of user privacy are found in the privacy statement of Facebook: https://www.facebook.com/about/privacy/.
If a user is registered with Facebook and does not want Facebook to collect data about the user as part of this online offer and allocate it to stored member data, such a user must log out of Facebook and delete cookies before using our online offer. Further settings and objections regarding the use of data for marketing purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Such settings will be accepted regardless of the platform, meaning for all devices, such as desktop computer or mobile devices.

Integration of services and contents of third parties

On the basis of our legitimate interests (meaning interests in analysis, optimization and economic operation of our online offer as defined by Art. 6 Para. 1 lit. f GDPR), we use contents or service offers by third parties in order to integrate their contents and services, such as videos or fonts, for example (hereinafter referred to as “contents” by default).
Such a step always presupposes that the third parties who offer such contents will discern the IP address of users as they will not be able to dispatch such contents to the browser without the IP address. The IP address is required for the presentation of such contents. We strive to only use contents whose provider uses the IP address solely for delivery of the contents. Third-party providers may also use pixel tags (invisible graphs, also referred to as web beacons) for statistical or marketing purposes. The pixel tags enable the analysis of information, such as visitor traffic, on the pages of this website. The anonymous information can also be saved in cookies on the device of the users and may contain technical information about the browser and operating system, referring websites, visiting times and any other information regarding the use of our online offer and may be connected with information from other sources.

Google Maps

We integrate the maps of the service “Google Maps” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy Notice: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate the fonts (“Google fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy Notice: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the function for identifying bots, for example when filling out online forms (“ReCaptcha”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy Notice: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.
Generated using Datenschutz-Generator.de by RA Dr. Thomas Schwenke