We attach great importance to the protection of information. Collection and processing of your personal data is carried out in accordance with the applicable data protection rules, in particular, with the General Data Protection Regulation (GDPR) adopted in the European Union.
1. Responsible person
The person responsible for the collection, processing and use of your personal data within the meaning of paragraph 4 of Article 7 of the GDPR is:
Booking Health GmbH
Phone: +49 228 972 723 72
Fax: +49 228 972 723 1320
2. General objectives of data processing
We use personal data to manage the website and to the extent that it is necessary to fulfill the contract.
3. What data do we use and why
The hosting service we use provides the following services: infrastructure and platform services, memory space, storage and database services, security and maintenance services that we use to manage the website.
Based on our legitimate interest in an effective and secure provision of our website to users in accordance with paragraph 1f of Article 6 of the GDPR in conjunction with Article 28 of the CDPR, we or our hosting provider process the inventory data, contact details, content data, contract data, website usage data, metadata and communication data of customers, stakeholders and visitors on this website.
3.2 Access data
When you use this website, we collect information about you. We automatically collect information about your behavior as a user and about your interaction with us, as well as register information about your computer or mobile device. We collect, store and use data about each visit to our website (so-called server log files). Access data includes:
- Name and URL of the requested file
- Search date and time
- Transferred amount of data
- Successful retrieval message (HTTP response code)
- Browser type and browser version
- Operating system
- URL referrer (i.e. the page from which the user came to the website)
- Websites that the user's system accesses through our website
- User’s Internet service provider
- IP address and requesting provider
We use log data without identifying you as an individual and without creating any profile for statistical assessments to manage, secure and optimize our website, as well as for anonymous registration of the number of visitors to our website (traffic), and degree and nature of the use of our website and services, as well as for financial reporting to measure the number of referrals made by cooperation partners. Based on this information, we can provide personalized content considering user location, analyze traffic, eliminate errors and improve the quality of our services.
This also contains our legitimate interest in accordance with paragraph 1f of Article 6 of the CDPR.
We reserve the right to retrospectively analyze the log data if, on the basis of concrete evidence, there is a reasonable suspicion of the illegal use of the website. If this is necessary for security purposes or for providing services or making payments for the service, for example, if you use one of our commercial offers, we store IP addresses in log files for a limited period of time. Once the order process has been completed or the payment has been made, we will delete the IP address if it is no longer required for security purposes. Also, we store IP addresses in cases when we have a specific suspicion of having committed illegal acts in connection with the use of our website. In addition, as part of your account, we keep the date of your last visit (for example, when registering, logging in, cross-referencing, etc.).
3.3 Information files (cookies)
To optimize our website, we use the so-called session cookies. Session cookies are small text files that are sent from the appropriate servers and stored temporarily on your hard drive when you visit a website. These files contain a so-called session identifier, through which various requests from your browser can be linked in a shared session. This will allow you to recognize your computer when you re-enter our website. Once your browser is closed, these cookies will be deleted. For example, with their help you can use the shopping cart function when visiting several pages.
We also use a small amount of persistent cookies (also small text files stored on your device) that remain on your device and allow us to recognize your browser during your next visit. These cookies will be stored on your hard drive and will be deleted after a specified time. Their lifespan is from 1 month to 10 years. With the help of cookies we can present our offer to you in a more convenient, efficient and safe way, for example, to show you a page with the information corresponding to your interests.
Our legitimate interest in using cookies in accordance with paragraph 1f of Article 6 of the CDPR is to make our website more user-friendly, efficient and safe.
Cookies store the following data and information:
- Information about the user name
- Language settings
- Entered search words
- Information on the number of visits to our website and the use of individual functions of our website
When the cookie is activated, it is assigned an identification number without any binding of your personal data to it. Your name, surname, IP-address or similar data, which could serve for establishing communication between you and cookies, is not included in the cookie. With the help of cookie technology, we get only pseudonymous data, for example, what pages of our store you have visited, what products you were interested in, etc.
You can configure your browser in such a way that you will be notified in advance about the forthcoming placement of cookies on your device and decide in each case whether to exclude the reception of cookies in certain cases or at all, or completely block the maintenance of cookies. Such actions may result in the limited functionality of the website.
3.4 Data required to fulfill our contractual obligations
We process personal data that we need to fulfill our contractual obligations, such as name, surname, address, email, ordered products, payment requisites. The collection of these data is necessary for contract conclusion.
These data will be deleted after the expiration of warranty periods and storage statutory periods. Any data associated with the user account (see below) will in any case be retained for the duration of this account existence.
The legal basis for processing this data is paragraph 1b of Article 6 of the CDPR, since this data is necessary for us to be able to fulfill our contractual obligations to you.
3.5 User account
You can create a user account on our website. If you have such a desire, we will need your personal data, which will be requested at registration. Afterwards, only your email or username and password you choose will be required to log in.
When registering a new user, we collect basic data (for example, name, surname, address), contact details (for example, email) and payment (bank) details, as well as access data (username and password).
In order to ensure proper registration and prevent unauthorized registration of third parties, after registration you will receive an activation link to your email, using which you can activate your account. We will begin to store the data transferred by you in our system only after the completion of registration.
At your instruction, your account can be deleted at any time at no cost, other than the cost of data transmission in accordance with the basic tariffs. To this end, the only thing you need to do is to send a text message to the mail requisites specified in paragraph 1 (for example, by email, fax, letter). Then we will delete your personal data that we have stored, unless we need to save it for processing orders or in connection with the requirements of the storage legislation.
The legal basis for the processing of this data is your consent in accordance with paragraph 1 of Article 6 of the CDPR.
3.6 Communication by email
When you contact us (for example, through a contact form or by email), we use your data to process the request, as well as in case there are additional questions.
If data processing is carried out either to perform pre-contractual arrangements at your request or to fulfill the contract, if you are already our client, the legal basis for such data processing is paragraph 1b of Article 6 of the CDPR.
We process additional personal data only if you agree with this (paragraph 1a of Article 6 of the CDPR), or if we have a legitimate interest in the processing of your data (paragraph 1f of Article 6 of the CDPR). For example, the legitimate interest lies in responding to your email messages.
4. Google Analytics
We use Google Analytics, which is an online analysis service provided by Google Inc. Google Analytics uses the so-called cookies, which are text files stored on your computer and allowing to analyze your use of our website. The cookie generated information about the use of this website by visitors, its pages is usually transmitted to Google server in the United States and stored there.
This also contains our legitimate interest under paragraph 1f of Article 6 of the CDPR.
Google adheres to the Agreement on Privacy Protection between the European Union and the United States and has been certified. Thus, Google is committed to comply with the standards and provisions of the European Data Protection Regulation. For more information, please visit the company's website at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
On this website, we activated the IP anonymity function (anonymizeIp). As a result, your IP address will be truncated by Google even within the members of the European Union or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases a full IP address will be sent to the Google server in the United States and reduced already there. Google will use this information on our behalf to evaluate your use of the website, collect reports on the operation of the website and provide us with other services related to the operation of the website and the use of the Internet.
The IP address transferred from your browser to the Google Analytics system will not be combined with other Google data. You can prevent the preservation of cookies by using the appropriate software settings of your browser. However, please note that if you do this, you may not be able to use all the options of this website in the full volume.
In addition, you can prevent the transfer of data generated by the cookie and associated with your use of the website (including your IP address) in Google and the processing of this data by Google via downloading the following link and installing the browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or settings within the browser on mobile devices, you can forward the following link to set the "Opt-Out-cookie" function, which will prohibit Google Analytics from collecting data on this website in the future (this Opt-Out-cookie works only in this browser and only for this domain.) After deleting cookies in your browser, you should click this link again: [deactivate Google Analytics]
5. Duration of data storage
Unless otherwise specified, we store personal data only as long as it is necessary to fulfill our goals.
In some cases, for example, in the field of tax or commercial law, legislation provides for longer storage of personal data. In these cases, the data will be kept by us only for these legal purposes, but will not be processed in any other way and will be deleted after the expiration of the legal storage period.
6. Your rights as a subject of personal data processing
In accordance with current legislation, you have different rights regarding your personal information. If you want to confirm these rights, please send your request with the exact identification of your identity by email or by mail to the address specified in section 1.
Below is a list of your rights.
6.1 Right for confirmation and reference information
You have the right to receive clear reference information regarding the processing of your personal data.
You have the right to receive confirmation from us about whether your personal data is being processed at any time. If so, you have the right to request from us free information about your personal data stored with a copy of this data. In addition, you are entitled to the following information:
- goals of data processing;
- categories of personal data being processed;
- recipients or categories of recipients to whom the personal data has already been disclosed or will be disclosed, in particular to recipients in third countries or in international organizations;
- if possible, the planned duration of personal data storage or, if this is not possible, the criteria for determining this duration;
- right to correct or delete your personal data or limit the processing by the responsible person or the right to object to such processing;
- right to appeal to the supervisory authority;
- if personal information was not obtained from you, then all available information about the data source;
- whether the process of automated decision making, including profiling, is applied in accordance with paragraphs 1 and 4 of Article 22 of the CDPR and, at least in these cases, the informative data about the involved logic scheme, as well as the consequences and desired results of such processing for you.
If the personal data is transferred to a third country or to an international organization, you are entitled to receive information on the relevant guarantees under Article 46 of the CDPR in connection with the transfer of data.
6.2 Right for rectification
You have the right to demand from us correcting and, if necessary, supplementing your personal data.
You have the right to demand immediate correction of incorrect personal data relating to you. Taking into account the purposes of processing, you have the right to demand the completion of incomplete personal data, including through an additional application.
6.3 Right for deleting the data
In some cases, we are obliged to delete your personal information.
Under paragraph 1 of Article 17 of the CDPR, you have the right to demand immediate erasing your personal data, whereas we are required to immediately erasure your personal data if there is one of the following reasons:
- Personal data is no longer needed for the purposes for which it was collected or otherwise processed.
- You withdraw your consent, on the basis of which the processing was carried out in accordance with the paragraph 1a of Article 6 of the CDPR or paragraph 2a of Article 9 of the CDPR, and there is no other legal basis for processing.
- In accordance with paragraph 1 of Article 21 of the CDPR, you object to processing, and there are no prioritized justified reasons for processing, or you object to processing in accordance with paragraph 2 of Article 21 of the CDPR.
- Personal data was processed illegally.
- Deletion of personal data is required to comply with a legal obligation under EU law or under national law to which we relate.
- Personal data was collected to provide services for information companies in accordance with paragraph 1 of Article 8, CDPR.
If we make personal data publicly available and will be obliged to erasure it in accordance with paragraph 1 of Article 17 of the CDPR, we will take appropriate measures, including those of technical order, taking into account available technologies and implementation costs to inform the persons responsible for processing personal data that you have requested the deletion of all links to this personal information or copies, or the replication of this personal information.
6.4 Right for limited processing
In some cases, you may require to limit the processing of your personal information.
You have the right to require from us limited processing if one of the following conditions is fulfilled:
- the accuracy of your personal information is disputed by you for a period of time allowing us to verify the accuracy of your personal information,
- processing is illegal, but you objected to the deletion of personal data, and instead required the restriction of the use of personal data;
- we no longer need your personal data for processing purposes, but you need data to present, enforce or protect your legal claims or
- you have protested against the processing under paragraph 1 of Article 21 of the CDPR for a time until it is established that the legal grounds of our company outweigh your legal grounds.
6.5 Right for data portability
You have the right to receive, transfer or allow us to transfer any personal data relating to you in a machine readable form.
You have the right to receive personal information provided to us in a structured, standard and machine readable format, and have the right to freely transfer this information to another responsible person provided that:
- processing is carried out on the basis of consent in accordance with paragraph 1a of Article 6, CDPR or paragraph 2a of Article 9 of the CDPR, or on the basis of a contract in accordance with paragraph 1b of Article 6 of the CDPR, and
- processing is carried out with the use of automated procedures.
By exercising your right to the data portability in accordance with paragraph 1, you have the right for personal data to be transferred by us directly to another responsible person, as far as is technically possible.
6.6 Right to protest
You have the right to object to the legal processing of your personal data by us, if it depends on your specific situation, and if our interests in processing are not predominant.
You have the right to protest against the processing of your personal data in accordance with paragraph 1e or paragraph 1f of Article 6 of the CDPR at any time for reasons arising from your specific situation. This also applies to profiling based on these provisions. We stop processing personal information if we can not demonstrate a convincing legal basis for processing that outweighs your interests, rights and freedoms, or processing is designed for the purposes of filing, implementing or protecting lawsuits.
If personal data is processed by us for the purpose of direct advertising, you have the right to protest against the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling, since it is associated with such direct advertising.
You have the right to object to the processing of your personal data for scientific or historical research or for statistical purposes conducted in accordance with paragraph 1 of Article 89, CDPR, for reasons related to your specific situation, unless this processing is required for the performance of tasks, connected with public interests.
6.7 Automated decision-making, including profiling
You have the right not to be exposed to decisions based solely on automated processing, including profiling, which will have a legal effect against you or similarly cause you significant damage.
Automated decision-making based on collected personal data will not be carried out.
6.8 Right to withdraw consent to data processing
You have the right to withdraw your consent to personal data processing at any time.
6.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular, in the participating country, at your place of residence, at your place of work or at the place of the alleged violation, if you believe that the processing of your personal data is illegal.
7. Data security
We make every effort to ensure your data security under the applicable data protection legislation and our technical capabilities.
Your personal data will be transmitted in the coded form. This applies to your orders, as well as to your customer login. We use the SSL (Secure Socket Layer) encoding system, but please note that data transfer via the Internet (for example, when communicating by email) can be vulnerable in terms of security. It is impossible to provide complete data protection from third-parties.
To protect your data, we support technical and organizational security measures in accordance with Article 32 of the CDPR, which we always adapt to the latest technologies.
We also do not guarantee that our offer will remain available at certain times: interference, interruptions or malfunctions can not be excluded. The servers we use are regularly backed up.
8. Disclosure of data to third parties, lack of data transfer to foreign countries that are not a part of the EU
We only use your personal data within our company.
In cases when third parties are involved in the implementation of contracts (for example, logistics service providers), they will receive personal data only to the extent necessary to provide the relevant service.
In case we transfer some parts of data processing to contractors ("order processing"), we oblige contractors to use personal data only in accordance with the requirements of data protection legislation and to protect the rights of the data subject.
With the exception of the case referred to in paragraph 4, the transfer of data to agencies or persons outside the EU is impossible and is not planned.