Name and contact person of the party responsible in accordance with Article 4 Para. 7 GDPR
ZANH
Dentists on the Nordufer
Name: Karin Joschko und Dr. Peter Getz
Adress: Torfstraße 16, 13353 Berlin
Phone: +49 30 454 1021
Fax: +49 30 4502 4361
Mail: info@zanh.berlin
Data Protection Office
Name: Lars Getz
Adress: Torfstraße 16, 13353 Berlin
Mail: info@zanh.berlin
Ensuring the confidentiality of the personal data you provide and protecting it from unauthorised access is our priority. This is why we take extreme care and use the latest security standards to ensure the maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures that ensure that both we and our external service providers observe data protection regulations.
Definitions
We are required by law to process personal data lawfully, in good faith and in a way that is transparent for the person concerned ("legality, processing in good faith, transparency"). To ensure this, we inform you about the individual statutory terms that are also used in this data privacy statement.
1. Personal data
"Personal data" means all information relating to an identified or identifiable natural person (hereinafter referred to as the "person concerned"); a natural person is considered identifiable if that person can be identified directly or indirectly, especially by means of allocation to an identification such as a name, an identity number, location data, an online ID, or to one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
2. Processing
"Processing" means each operation executed with or without the help of automated procedures or any such series of operations in connection with personal data such as the collection, recording, organisation, arrangement, storage, modification or change, export, query, use, disclosure by means of transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.
3. Restriction of processing
"Restriction of processing" means the marking of stored personal data with the objective of restricting its future processing.
4. Profiling
"Profiling" means any kind of automated processing of personal data that consists of this personal data being used to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects regarding their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.
5. Pseudonymisation
"Pseudonymisation" means the processing of personal data in a way that the personal data can no longer be assigned to a specific person concerned without the addition of additional information, provided that this additional information is kept separate and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
6. File system
"File system" is each structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is maintained centrally, decentrally, or arranged according to functional or geographical factors.
7. Party responsible
"Party responsible" is a natural or legal person, authority, agency or other body which, alone or together with others, decides on the purpose and means of the processing of personal data; if the purpose and means of this processing are specified by European Union law or the law of the Member States, the party responsible or rather the specific conditions of its appointment in accordance with European Union law or the law of the Member States can be provided for.
8. Data processor
"Data processor" is a natural or legal person, authority, agency or other body that processes personal data on behalf of the party responsible.
9. Recipient
"Recipient" refers to a natural or legal person, public authority, agency or other body to whom person data is disclosed, regardless of whether or not this is a third party. Authorities who may receive personal data as part of a specific request for investigation according to European Union law or the law of the Member States do not count as a recipient, however; this data is processed by the named authorities in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
10. Third party
"Third party" is a natural or legal person, authority, agency or other body apart from the person concerned, the party responsible, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the party responsible or the data processor.
11. Consent
"Consent" granted by the person concerned means each statement of intent that is submitted for the specific case in an informed and unequivocal way in the form of a statement or another clearly confirming action, with which the person concerned intimates that he or she agrees to the processing of the personal data relating to that person.
The processing of personal data is lawful only if a legal basis exists for its processing. The legal basis for the processing can be in accordance with Article 6 Para. 1
(a) – (f) GDPR in particular:
(1) The following information relates to the collection of personal data during the use of our website. Personal data can be a name, address, e-mail addresses or usage behaviour, for example.
(2) If you make contact with us via e-mail or by using a contact form, the data you provide (your e-mail address or your name and telephone number) is stored by us so that we can answer your questions. We will delete the data that is generated in this context once its storage is no longer necessary, or its processing is restricted if there is a legal obligation to retain the data.
Collection of personal data during visits to our website
If you use our website for purely informational purposes, that is, if you do not register with us or send us any other information, we will collect only the personal data that your browser sends to our server. If you would like to view our website, we collect the following data that is technically necessary for us to present our website to you and to ensure its stability and security (the legal basis is the first sentence of Art. 6 Para. 1 (f) GDPR):
Use of cookies
(1) In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive assigned to the browser that you are using and certain information flows through the point that the cookie sets. Cookies cannot execute any programs or transfer viruses to your computer. They are used for making the Internet offering more user friendly and effective.
(2) This website uses the following types of cookies whose scope and functionality are explained below:
Additional functions and offerings on our website
(1) In addition to the use of our website purely for information purposes, we offer various services that you may be interested in using. To do this, you usually have to specify personal data which we use for providing the relevant service and to which the previously mentioned principles for data processing apply.
(2) We sometimes use external service providers for processing your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are monitored on a regular basis.
(3) We can also forward your personal data to third parties if we offer sale campaigns, competitions, contract conclusions or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.
(4) If our service providers or partners are based in a country outside of the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.
Newsletter
(1) With your consent, you can subscribe to our newsletter with which we inform you about our latest interesting offerings. The goods and services advertised in them are named in the declaration of consent.
(2) For registration to our newsletters, we use what is called the double opt-in procedure. This means that after your registration, we send an e-mail to the specified e-mail address in which we ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after a month. Furthermore, we store the IP addresses that you are using as well as the times of your registration and confirmation. The purpose of this procedure is to prove your registration and, where applicable, to be able to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and is used so that we can address you personally. Following your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is the first sentence of Art. 6 Para. 1 (a) GDPR.
(4) You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can unsubscribe from the newsletter by clicking on the link provided in every newsletter e-mail, by using this form on the website, by sending an e-mail to info@zanh.berlin or by sending a message to the contact details provided in the imprint.
(5) Please note that we assess your usage behaviour when sending the newsletter. For this assessment, the e-mails that are sent contain what are called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the assessments we link the above-mentioned data and the web beacons to your e-mail address and an individual ID. The data is collected pseudonymised, which means that the IDs are thus not linked to your additional personal data, thereby eliminating any direct reference to persons. You can object to this tracking at any time by clicking on the separate link that is provided in every e-mail or by contacting us via a different channel. The information is saved for as long as you are subscribed to the newsletter. When you unsubscribe, we store the data on a purely statistical and anonymous basis.
(6) We use an external service provider for sending newsletters. A separate data processing contract was concluded with the service provider in order ensure the protection of your personal data. We currently work together with the following service provider:
CleverReach GmbH & Co. KG
Mühlenstr. 43
26180 Rastede
Tel.: +49 (0) 4402 97390-00
E-Mail: info@cleverreach.com
The following data is transmitted to CleverReach for this purpose:
For additional information, please refer to the CleverReach data protection statement at https://www.cleverreach.com/de/datenschutz/
Our offering is intended for adults only. Persons under 18 years old should not pass personal data to us without the agreement of their parents or guardians.
(1) Withdrawal of consent
If the processing of personal data is based on consent that was granted, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of consent-based processing carried out up to the point of withdrawal.
You can contact us at any time to exercise your right of revocation.
(2) Right to obtain confirmation
You have the right to request confirmation from the party responsible regarding whether we process the personal data relating to you. You can request the confirmation at any time by using the contact details mentioned above.
(3) Right to information
If personal data is processed, you can demand information about this personal data and the following information at any time:
If personal data is transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate warranties in accordance with Article 46 GDPR in connection with the transmission. We provide a copy of the personal data that is the subject of the processing. For all other copies that you request, we can demand an appropriate charge based on administrative costs. If you make the request electronically, the information has to be provided in a common electronic format unless indicated otherwise. The right to receive a copy in accordance with Paragraph 3 must not affect the rights and freedoms of other persons.
(4) Right to correction
You have the right to request from us the immediate correction of incorrect personal data relating to you. Taking the purpose of the processing into account, you have the right to request the completion of incomplete personal data including by means of a supplementary statement.
(5) Right to deletion ("right to being forgotten")
You have the right to request the party responsible to delete personal data relating to you with immediate effect and we are obligated to delete personal data with immediate effect if one of the following reasons applies:
If the party responsible has disclosed the personal data and if the party responsible is obligated to its deletion in accordance with Paragraph 1, then taking into account the available technology and the implementation costs, the party responsible takes appropriate measures for informing the party responsible for data processing who processes the personal data that a person concerned has requested them to delete all links to this personal data, or copies or replications of this personal data.
The right to deletion ("right to being forgotten") does not exist if the processing is required:
(6) Right to restriction of processing
You have the right to request the restriction of the processing of your personal data if one of the following prerequisites applies:
If the processing was restricted in accordance with the prerequisites named above, then this personal data – apart from its storage – is processed only with the consent of the person concerned or to assert, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
To assert the right to restriction of processing, the relevant person can contact us at any time by using the contact details specified above.
(7) Right to portability
You have the right to obtain the personal data relating to you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to a different party responsible without any obstacle from the party responsible to whom the personal data was provided, if:
When exercising the right to data portability in accordance with Paragraph 1, you have the right to effect the direct transfer of personal data from one party responsible to another if this is technically feasible. The exercise of this right to data portability does not affect the right to deletion ("right to be forgotten"). This right does not apply to processing that is necessary for the performance of a task that is in the public interest, or in the exercise of official authority that was vested in the party responsible.
(8) Right to object
You have the right to object at any time to the processing of personal data relating to you resulting from your personal situation, which is based on Article 6 Paragraph 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. The party responsible will no longer process your personal data unless it can demonstrate compelling legitimate reasons that are worth protecting for the processing that the interests, rights and freedoms of the person concerned, or the processing serves to establish, exercise or defend legal claims.
If personal data is processed for the purpose of direct advertising, then you have the right to object at any time to the processing of personal data relating to you for the purpose of this type of advertising; this also applies to profiling if it is related to such direct advertising. If you object to the processing for purposes of direct advertising, the personal data will no longer be processed for these purposes.
In connection with the use of the services of the information society, regardless of Guideline 2002/58/EC, you can exercise your right to object by means of automated processes with which technical specifications are used.
You have the right to object for reasons resulting from your particular situation to the relevant processing of personal data relating to you that takes place for scientific or historic research purposes, or for statistical purposes in accordance with Article 89 Paragraph 1, unless the processing is required to fulfil a task in the public interest.
You can exercise your right to object at any time by contacting the respective party responsible.
(9) Automated decisions in individual cases including profiling
You have the right not to be subject to a decision that was based exclusively on automated processing – including profiling – that has a legal effect on you or similarly impairs you considerably. This does not apply if the decision:
The party responsible takes appropriate measures to protect the rights and freedom and the legitimate interests of the person concerned, to which at least the right to obtain intervention by a person on the part of the party responsible, to presenting their case, and the right to challenging the decision belongs.
The person concerned can execute this right at any time by contacting the respective party responsible.
(10) Right to complain to a supervisory authority
Irrespective of the provision of another administrative or legal judicial remedy, you also have the right to complain to a supervisory authority, especially in the Member State of your residence, your workplace or the location of the alleged infringement if the person concerned believes that the processing of the personal data relating to them violates this regulation.
(11) Right to effective judicial remedy
Irrespective of an available administrative or non-judicial remedy, including the right to complain to a supervisory authority in accordance with Article 77 GDPR, you have the right to effective judicial remedy if you believe that your rights based on this regulation were violated as a result of the processing of your personal data that is not in line with these regulations.
We use the cookiebot consent management service provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary to fulfill a legal obligation (Art. 7 Para. 1 GDPR) to which we are subject (Art. 6 Para. 1 S. 1 lit. c GDPR). For this purpose, the following data is processed with the help of cookies:
Your IP address (the last three digits are set to '0'). Date and time of consent. Browser information URL from which the consent was sent. An anonymous, random and encrypted key Your end-user consent status, as proof of consent
The key and consent status are stored for 12 months in the browser using the "CookieConsent" cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be verified and verified.
Additionally, if you enable the Bulk Consent Service feature to enable consent for multiple websites through a single end-user consent, the Service will store a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in encrypted form in the third-party cookie "CookieConsentBulkTicket" in your browser: You enable the bulk consent feature in the service configuration. You allow third-party cookies via browser settings. You have disabled Do Not Track via browser settings. You accept all or at least certain types of cookies if you give consent.
The functionality of the website is not guaranteed without processing.
Cybot is the recipient of your personal data and works for us as a processor.
The processing takes place in the European Union. You can find more information on how to object to and remove Cybot from: https://www.cookiebot.com/en/privacy-policy/...
Your personal data will be continuously deleted after 12 months or immediately after termination of the contract between us and Cybot.
Please note our general explanations about the deletion and deactivation of cookies above.
(1) This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses what is termed "cookies". These are text files saved to your computer. These cookies allow for analysis of the way in which you use our website. The information created by the cookie on your use of the website is as a rule transferred to a Google server in the USA and stored there. If the IP anonymisation is activated on this website, your IP address will however be shortened beforehand by Google within the member states of the European Union or in other member states of the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services associated with the use of the website and the Internet to the website operator.
(2) The IP address provided to Google Analytics by your browser will not be merged with any other data from Google.
(3) You can prevent the storage of cookies by selecting the relevant settings in your browser software; please note, however, that you may not be able to use all functions of this website in full in this case. Furthermore, you can prevent the transmission of the data that is created by the cookie relating to your use of the website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that abbreviated IP addresses are further processed to eliminate direct reference to persons. If the data relating to you that was collected gives rise to a reference to persons, this is immediately excluded and the personal data is deleted immediately.
(5) We use Google Analytics so that we can analyse the use of our website and improve it on a regular basis. We use the statistics obtained to improve our offering and make it more interesting to you as a user. For exceptional cases in which personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/.... The legal basis for the use of Google Analytics is the first sentence of Art. 6 Para. 1 (f) GDPR.
(6) Information about third-party providers: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001. Terms of use:
http://www.google.com/analytics/terms/de.html
http://www.google.com/intl/de/analytics/learn/privacy.html
http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for the cross-device analysis of visitor traffic which is carried out by using user IDs. You can deactivate the cross-device analysis of your use in your customer account under "My Data", "Personal Data".
(1) To display font types uniformly, this website uses what are called web fonts which are provided by Google. When a website is accessed, your browser loads the required web fonts in your browser cache so that texts and font types can be displayed correctly.
(2) For this purpose, the browser you use has to connect to the Google servers. This provides Google with the information that our website was called up via your IP address. Google web fonts are used in the interest of displaying our online offerings in a standardised and appealing manner. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
(3) If your browser does not support web fonts, a standard font from your computer is used.
For more information about Google web fonts, see https://developers.google.com/fonts/faq and Google's privacy policy at https://www.google.com/policies/privacy/.
(1) We currently use the following social media plug-ins: [Facebook, Google+, Xing, LinkedIn, Instagram]. In doing so, we use the two-click solution. In other words, when you visit our site, initially no personal data is forwarded to the provider of the plug-ins. You can identify the provider of the plug-in from the mark on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in by using the button. The plug-in provider receives the information that you have called up the corresponding website of our online offering only when you click on the selected field, thereby activating it. The data specified in Section 3 of this statement is also transmitted. In the case of Facebook and Xing, according to information from the respective providers in Germany, the IP address is immediately anonymised after it is collected. By activating the plug-in, personal data is transmitted by you to the respective plug-in provider where it is stored (in the USA in the case of US providers). Since the plug-in provider collects data via cookies in particular, we recommend that before clicking on the greyed out box, you delete all cookies by using your browser's security settings.
(2) We do not have any influence over the data that is collected and the data processing operations, nor are we aware of the full scope of the data collection, the purposes of the processing, or the storage periods. Nor do we have any information regarding the deletion of the data that is collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as a usage profile and uses this for the purpose of advertising, market research and/or to design its website to meet the needs of users. Such an assessment is carried out especially to display appropriate advertisements (even for users who are not signed in), in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile, but you have to contact the respective plug-in provider to exercise this right. With the plug-ins we give you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting to you as a user. The legal basis for the use of the plug-ins is the first sentence of Art. 6 Par. 1 (f) GDPR.
(4) The data is forwarded regardless of whether you have an account with the plug-in provider and are signed in there. If you are signed in with the plug-in provider, your data that is collected by us is allocated directly to your account with the plug-in provider. If you press the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and publicly shares it with your contacts. After using a social network, we recommend that you regularly sign out especially before you activate the button. In this way you can avoid the plug-in provider allocating this data to your profile.
(5) Additional information regarding the purpose and scope of the data collection and its processing by the plug-in provider is available in the privacy policies of these providers as listed below. Here you also obtain additional information about your rights and settings options to protect your privacy.
(6) Addresses for the respective plug-in providers and URL with their privacy policies:
21.03.2019