Data Protection Declaration
We are delighted about the visit of our website. We would like to inform you below about the processing of your personal data on our website.
CONTROLLER
medica Medizintechnik GmbH
Blumenweg 8, 88454 Hochdorf
Germany
Contact:
Tel: +49 7355-93 14-0
E-mail: info@thera-trainer.com
DATA PROTECTION OFFICER
DDSK GmbH
Dr.-Klein-Str. 29, 88069 Tettnang
Germany
Contact:
Tel: +49 7542 949 21 00
E-mail: datenschutz@thera-trainer.com
Terms
The special terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.
The terms “user” and “website visitor” are used synonymously in our privacy policy.
Recipient of data
Recipients of data are named in our privacy policy under the respective category/heading.
Categories of data subjects
The categories of data subjects are website visitors and other users of online services.
GENERAL INFORMATION ON DATA PROCESSING ON
THE WEBSITE
Automated data processing (log files etc.)
Our website can be visited without actively providing personal information about the user.
However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognize attacks on our website) for a period of 2 months.
This data is not merged with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and the abuse of the website.
Data categories: Meta and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which access is made (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent))
Purpose of the processing: Prevention and detection of errors/malfunctions, detection of abuse of the website
Legal basis: Legitimate interest according to Art. 6 para. 1 lit. f) GDPR
Legitimate interests: Fraud prevention to detect abuse of the website
Required cookies (functionality, opt-out links, etc.)
We use cookies on our website to enable the use of the basic functions on our website and to provide the service requested by the user.
Cookies are a standard Internet technology for storing and retrieving information for website users.
Cookies represent information and/or data that can be stored on the user’s end device, for example.
With classic cookie technology, the user’s browser is instructed to store certain information on the user’s device when a specific website is accessed.
Strictly required cookies are used to provide a digital service expressly requested by the user, e.g:
– Cookies for error analysis and security purposes
– Cookies for storing logins
– Cookies for storing data in online forms if the form extends over several pages
– Cookies for saving (language) settings
– Cookies to store articles in the shopping basket by users to complete the purchase
– Cookies for storing consent or withdrawal (opt-in, opt-out)
Some of the cookies used (session cookies) are erased after the end of the browser session, i.e. after closing the browser.
Cookies can be erased by users afterwards to remove data that the website has stored on the user’s computer.
The data processing described may also relate to information that is not personal but constitutes information within the meaning of the TDDDG.
In these cases, this information may be necessary for the use of an expressly requested service and may therefore be stored in accordance with § 25 TDDDG.
Opt-Out:
Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2
Opera: https://help.opera.com/en/latest/security-and-privacy/
Safari: https://support.apple.com/de-de/HT201265
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR in conjunction with § 25 para. 2 no. 2 TDDDG), consent (Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG
Legitimate interests: Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website
Storage and processing of not required information and data
Beyond the required scope, user data may be processed by cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalized advertising etc.. Data may be transmitted to third-party providers.
The storage and further processing of user data that is not necessary to provide the digital service, is then carried out on the basis of consent within the meaning of Art. 6 para. 1 lit. a) GDPR (if applicable in conjunction with § 25 para. 1 sentence 2 TDDDG).
Consent Management Platforms (Consent Management)
We use a consent management procedure on our online offering in order to be able to prove, store and manage the consent granted by our website visitors in accordance with the requirements of the GDPR.
The consent management platform used helps us to identify all cookies and tracking technologies and to control them based on the consent status.
At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button.
The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device.
The time of the declaration of consent is also recorded.
Data categories: Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)
Purposes of processing: Fulfillment of accountability, consent management
Legal basis: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)
Manage consent/revocation
Borlabs Cookie
Recipient: BORLABS GmbH, Hamburger Str.11 22083 Hamburg, Germany
Third country transfer: Does not take place.
Privacy policy: https://de.borlabs.io/datenschutz/
Hosting (incl. content delivery network)
Our website is hosted by an external service provider. Data of visitors to our website, in particular log files, are stored on the servers of our service provider.
By using a specialized service provider, we can provide our website efficiently.
The hosting provider we use does not process the data for its own purposes.
We also use a Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly.
For example, when website visitors access graphics, scripts or other content, these are provided quickly and optimized with the help of regionally and internationally distributed servers.
When the data files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.
Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)
Purposes of the processing: Correctly presentation and optimization of the website, faster and location-independent accessibility of the website
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Prevention of unplanned availability time, high scalability, reduction of the bounce rate on the website
Content Delivery Network
Recipient: Cloudflare Germany GmbH, Rosental 7, 80331 München, Germany; Cloudflare Inc., 101 Townsend St San Francisco, CA, 94107, US
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.cloudflare.com/de-de/privacypolicy/
Hosting
Recipient: Mittwald CM Services GmbH & Co. KG, Königsberger Strasse 4-6, 32339 Espelkamp, Germany
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Third country transfer: Does not take place.
Privacy policy: https://www.mittwald.de/datenschutz
Content Management System (without data transfer)
We use a content management system (CMS) to edit, organize, and display digital content on our website.
This system is used locally on our servers without any data transfer.
With the help of the CMS, our website can be created, edited, and managed and equipped with the necessary functions (e.g., forms, blogs, images, and other digital content).
In addition, the website designed by the CMS helps our website to be found more easily by users on the search engine results page (SERP) when they enter a query.
Support from an integrated firewall within the CMS ensures that our website is protected against external attacks, thereby preventing misuse of the website.
In addition, we ensure that the CMS undergoes regular updates and patches to guarantee the security of our website, which is based on the CMS.
Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP anonymized addresses), interaction data (interest in content, etc.)
Purposes of the processing: Creating, editing, and managing page content, storing and archiving data, creating landing pages, statistics, reach measurement
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Optimization of user experience and content creation, ensuring a functional, user-friendly offering, increasing visibility
WordPress
Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
Data transfer: Does not take place.
WPML
Provider: OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong
Data transfer: Does not take place.
WEBSITE SUPPORT AND CONSULTING, WEB AGENCY
We have commissioned a web agency to provide support and advice for services and applications on our website.
This agency supports us in all activities related to the design and functionality of our website.
In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.
The web agency also supports us in maintaining and managing our social media accounts, our content management system and our accounts with search engine providers.
Access to personal data, such as data from forms or log data of website visitors, cannot be ruled out.
The web agency therefore acts as a processor for us and only acts on our instructions.
Data is not processed for any other purpose.
Data categories: Usage data (e.g. access times), Meta and communication data (e.g. device information, IP addresses), Contact data (e.g. email address), Content data (e.g. text information), Analysis data from social media accounts (e.g. anonymized statistics)
Purposes of processing: Support for web analysis and optimization, analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Support and assistance with website maintenance through high level of technical expertise, efficiency through outsourcing
Web agency
Recipient: M39A, Haiduk & Weustermann GbR, Mirker Straße 39a, 42105 Wuppertal, Germany
Third country transfer: Does not take place.
Privacy policy: https://m39a.de/datenschutz/
WEB ANALYSIS AND OPTIMIZATION
We use procedures on our website to analyze user behavior and measure reach.
For this purpose, information about the behaviour, interests or demographic information of visitors is collected to determine whether and where our website needs to be optimized or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).
We can also measure the click and scroll behavior of website visitors.
Among other things, this helps us to recognize at what time our website, its functions or content are most frequented.
This data is collected through the use of certain technologies (e.g. cookies).
The cookies are stored on users’ end devices as part of client-side tracking when they visit our website.
We take precautions to protect the identity of our website visitors.
We do not process any clear data of website visitors for the purpose of web analyses and optimization.
Website visitors get an ID (identification code) when they visit the website so that they can be recognized when they return.
The IDs and associated information are stored in user profiles.
In addition, the IP addresses of website visitors are anonymized and the storage duration of cookies is reduced.
Data categories: Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymized IP addresses, location data), contact data (e.g. e-mail address), content data (e.g. text details)
Purposes of processing: Checking the status of target achievement (success control) of all online activities: Analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website, lead evaluation, sales increase, budget control
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR
Google Analytics
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy?hl=en-US
Google Tag Manager
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy?hl=en-US
LinkedIn Insight Tag
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; LinkedIn Corporation, 100W Maude Avenue, Sunnyvale, California, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Microsoft Clarity
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
Matelso
Recipient: matelso GbmH, Europaallee 34, 67657 Kaiserslautern, Germany
Third country transfer: Does not take place.
Privacy policy: https://matelso.com/datenschutz/
Metricool
Recipient: METRICOOL SOFTWARE, SL based at C / Téllez, Nr. 12, Entreplanta H, 28007, Madrid, Spain
Third country transfer: Does not take place.
Privacy policy: https://metricool.com/de/datenschutzrichtlinie/
Geolocation (anonymized without data transmission)
We use anonymized geolocation technology to provide location-based content that is technically correct (e.g., language selection, regional settings).
Processing takes place exclusively locally on our server. No data is transferred to third parties.
The IP address is only processed briefly in the working memory, anonymized technically before geolocation, and discarded completely immediately afterwards.
There is no storage, logging, or merging with other data. This means that users cannot be identified.
Data categories: Meta and communication data (e.g. anonymized IP addresses), location data if applicable
Purposes of processing: Provision of location-based content
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Avoiding incorrect or false regional broadcasts, regional content settings
IP2Location
Provider: Hexasoft Development Sdn. Bhd. (645996-K) 70-3-30A D’Piazza Mall, Jalan Mahsuri, 11950 Bayan Baru, Penang, Malaysia
Data transfer: Does not take place.
ONLINE MARKETING
We process personal data in order to promote our online offerings and continuously improve them.
To do this, we use cookies and similar technologies to store information about users.
This information includes, for example, content viewed, websites visited, and settings.
Our intention is to review the effectiveness of our marketing measures and identify potential interests so that we can better tailor our offerings to the needs of our users.
This enables us to increase our reach and awareness and offer our users a better online experience.
We can determine the success of our advertisements using summarized data made available to us by the provider of the online marketing process (known as conversion measurement).
As part of these conversion measurements, we can track whether a marketing measure has led to a purchase decision by a visitor to our online offering.
This evaluation serves to analyze the success of our online marketing.
Data categories: User and interaction data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, anonymized IP addresses), location data if applicable, contact data (e.g. email addresses)
Purposes of processing: Marketing (partly also interest-based and behavior-related), conversion measurement, target group formation, click tracking, development of marketing strategies, and increasing campaign efficiency
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Optimization and further development of the website, profit increase, customer loyalty, and new customer acquisition
Google Ads/ AdSense
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy?hl=en-US
LinkedIn Ads
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; LinkedIn Corporation, 100W Maude Avenue, Sunnyvale, California, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Presence on social media
We have a company profile on social networks and career platforms to increase our visibility among potential customers and interested parties and to make our company visible to the public.
Social networks help us to increase our reach and actively promote interaction and communication with users.
Social media activity and communication is very important in attracting new customers and employees.
Social media and the website can be used to share relevant information about our company, publish events and communicate important short-term announcements and job postings.
They also help us to communicate quickly and easily with users.
Social media platform operators create user profiles based on user behavior, for example by listing interests (likes, shares).
These are used to adapt advertisements to the interests of target groups.
When users are active on social media channels, cookies or other technologies are regularly stored on users’ end devices, in some cases regardless of whether they are registered users of the social network.
Management of our social media channels
We use METRICOOL SOFTWARE, SL, based at C / Téllez, No. 12, Entreplanta H, 28007, Madrid, Spain, to prepare and publish content, evaluate interactions, and manage our social media channels.
Your personal data is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the uniform management and analysis of our social media channels and in targeted and uniform communication with users.
There is no transfer to third countries. The recipient’s privacy policy can be viewed at the following link: https://metricool.com/de/datenschutzrichtlinie/
Social media marketing
We use our social media channels to promote our products and services.
Our goal is to reach a broad community that we cannot reach through traditional advertising channels, e.g., offline marketing (e.g., flyers).
Social media advertising is displayed to users in the form of text, display, or video ads on their social media channels.
The evaluation is provided to us in the form of statistics via our tracking tool and is used to analyze the success of our online activities (performance review).
Social Media Messenger
In connection with the use of social media, we may use the associated messengers to be able to communicate easily with users.
The security of individual services may depend on the user’s account settings.
Even in the case of end-to-end encryption, the social media platform operator can draw conclusions about the fact that and when users communicate with us.
Location data can also be recorded.
Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area.
The processing may result in risks for users, as it makes it more difficult for them to enforce their own rights.
Data categories: User names (e.g. surname, first name), contact data (e.g. e-mail address), content data (e.g. text details, photographs, videos), usage and interaction data (e.g. websites visited, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, location data if applicable)
Purposes of the processing: Increasing reach, awareness-raising activities, rapid networking
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)
Legitimate interests: Interaction and communication on social media presence, profit increase, insights about target groups
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.facebook.com/privacy/explanation
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://help.instagram.com/155833707900388
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; LinkedIn Corporation, 100W Maude Avenue, Sunnyvale, California, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Recipient: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policy.pinterest.com/de/privacy-policy
YouTube
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy
Vimeo
Recipient: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://vimeo.com/privacy
PLUGINS AND INTEGRATED THIRD-PARTY CONTENT
We have integrated functions and content obtained from third-party providers into our website.
Our website includes functions and elements that are obtained from third-party providers.
For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated.If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and linked to the website visitor’s end device in the form of cookies or other technologies (e.g. pixels, Java Script commands or web assembly) and transmitted to the server of the third-party provider used.
The third-party provider thereby receives usage and interaction data from the website visitor and makes this available to us in the form of statistics via a dashboard.
Without this processing operation, it is not possible to load and display this third-party content.
In order to protect the personal data of website visitors , we have taken protective measures to prevent the automatic transmission of this data to the third-party provider.
This data is only transmitted when users actively use the buttons and click on the third-party content.
Data categories: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address)
Purposes of processing: Sharing posts and content, interest- and behavior-based marketing, evaluation of statistics, cross-device tracking, increasing reach in social media
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Google Content Security
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy?hl=en-US
Vimeo
Recipient: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://vimeo.com/privacy
Newsletter and mass communication (with tracking)
On our online offering, users have the option of subscribing to our newsletter or to notifications on various channels (hereinafter referred to overall as ‘newsletters’).
We only send newsletters to data subjects who have agreed to receive the newsletter, and within the framework of statutory provisions.
We use a select service provider to send out our newsletter.
An email address must be provided to subscribe to our newsletter.
If applicable, we collect extra data, such as your name to include a personal greeting in our newsletter.
Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed.
If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent.
The subscription to our newsletter can be ended at any time with future effect.
An unsubscription (opt-out) link is given at the end of every newsletter.
In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter.
To this end, we collect and store their IP address, along with the time of subscription and unsub-scription.
Newsletter Tracking
Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers.
We are able to do this thanks to a ‘web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read.
For technical reasons, we can associate this information with individual subscribers.
Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)
Purposes of processing: Marketing, increase in customer loyalty and new customer acquisition, analysis and evaluation of the success of the campaign
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Brevo
Recipient: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Third country transfer: Does not take place.
Privacy policy: https://www.brevo.com/de/datenschutz-uebersicht/
Advertising communication
We also use data provided to us for advertising purposes, for example, in the context of an order or commissioning of a service particularly to provide information on various channels about new products from us or in our portfolio of offerings.
However, promotional contact from our side is only undertaken within the framework of the legal requirements, and once consent has been granted, insofar this is necessary.
If the data subjects of our advertising do not want to receive it, they can inform us of this at any time with future effect.
We are happy to acquiesce to their request.
The unsubscribe button in our email can be used for this purpose.
Only those users who have not revoked to receiving our advertising in advance will receive it.
We have commissioned a service provider to send out the advertising. This service provider acts exclusively on our instructions.
The data will not be processed for other purposes.
Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number if applicable)
Purposes of the processing: Direct marketing
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests: Customer loyalty and acquisition of new contacts or contractual partners, information about similar goods and services
Brevo
Recipient: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Third country transfer: Does not take place.
Privacy policy: https://www.brevo.com/de/datenschutz-uebersicht/
INTERNAL AREA AND DIGITAL SERVICES
Contact us
On our online offering, we offer the option of contacting us directly or requesting information via various contact options.
We use a management tool/ our CRM-System for these enquiries so that we always have an overview of contact that has been made with us.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry.
Which data is processed depends on the way in which contact is made with us.
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text input, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).
Purposes of processing: Processing requests
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)
Brevo
Recipient: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Third country transfer: Does not take place.
Privacy policy: https://www.brevo.com/de/datenschutz-uebersicht/
Downloads
We offer downloads on our website to provide our visitors with current information or information relevant to them.
In order to statistically evaluate the use of this content and to improve our offering in a targeted manner, we record clicks on the respective download buttons.
In doing so, personal data, in particular the IP address, is stored to enable evaluation.
Data categories: Meta and communication data (e.g. device information, IP addresses), usage data (e.g. access time)
Purposes of processing: Marketing, acquiring new customers, increasing sales
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Google Analytics
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://policies.google.com/privacy?hl=en-US
Online meetings, webinars, online events
We make use of the opportunity to hold online conferences, meetings and/or webinars.
To do so, we use offerings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process.
When selecting providers, we ensure that communication via the selected services is encrypted using TLS.
Data categories: Master data (e.g. surname, first name), contact data (e.g. e-mail address), content data (e.g. text input), meta and communication data (e.g. device information, IP addresses)
Purposes of processing: Processing of enquiries, increasing efficiency, promoting cross-company and cross-location cooperation
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
MS Teams
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
GoToWebinar
Recipient: GoTo Technologies USA Inc., 333 Summer Street, 5. Stock, Boston, MA 02210, USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy policy: https://www.goto.de/company/rechtliches/datenschutz
Career
Our careers page provides visitors to our website with a comprehensive overview of our current job vacancies.
If you are interested in one of the advertised positions, you can apply for the desired position by email or using the online application form provided.
We process the data sent to us in connection with the application in order to assess suitability for the position (or other open positions within our company, if applicable) and to carry out the application process.
In addition, we process personal data that you have published on the Internet and that we are permitted to process in accordance with data protection laws.
This includes, for example, your resume, career history, etc.
If you contact us, we process the data of the inquiring person to the extent necessary to respond to or process the application.
Data categories: Master data (e.g., name, address), contact details (e.g., email address, telephone number), content data (e.g., CV, text entries, photographs, videos), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP address)
Purposes of processing: Processing of applications
Legal basis: Fulfillment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)
FURTHER MANDATORY INFORMATION ON
DATA PROCESSING
Data transfer
We transfer the personal data of website visitors for internal purposes (e.g. for internal administration or to the HR department in order to comply with legal or contractual obligations).
Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
It may be necessary for us to disclose personal data in order to perform contracts or to fulfill a legal obligation.
If we are not receiving the personal data, it may not be possible to conclude the contract with the data subject.
If your data is processed outside the EU/EEA, in third countries (e.g. USA), we ensure that the legal requirements of Art. 44 et seq. GDPR are fulfilled. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects.
The guarantee applicable to the transfer to third countries is specified in our privacy policy under the respective recipients.
Data processing
Recipients of personal data may act as data processors. We have concluded “data processing agreements” with them in accordance with Art. 28 para. 3 GDPR. This means that the processors may only process your personal data on explicit instruction.
Processors take adequate technical and organizational measures to process your data securely and in accordance with our instructions.
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject.
In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Storage period for required cookies: 60 days
Storage period for non-essential cookies/technologies: After 60 days and with withdrawal by the data subject
Automated decision-making (including profiling)
We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.
Legal bases
The relevant legal bases are primarily arise from the GDPR.
They are supplemented by national laws of the member states and can, if applicable, be applied alongside or in addition to the GDPR.
Consent: Art. 6 para.1 lit. a) GDPR serves as the legal basis for data processing activities for which we have obtained consent for a specific processing purpose.
Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing re-quired to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation: Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not out-weighed by the interests or fundamental rights and funda-mental freedoms of the data subject that require personal da-ta to be protected, particularly if the data subject is a child.
Rights of data subjects
Right to information: Pursuant to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the further information listed in Art. 15 para. 1 GDPR and a copy of their data.
Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under ar-ticle 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate inter-ests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
WITHDRAWAL OF CONSENT
Some data processing procedures can only be carried out with the express consent of the data subject.
You have the option to withdraw any consent you have already given.
All you need to do is send an email to: datenschutz@thera-trainer.com.
The consent of data processing operations on our online offer can be directly adjusted in our [Consent Manager-Tool].
The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
External links
Our website contains links to the online offerings of other providers.
We would like to point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This privacy policy was drawn by
DDSK GmbH
www.ddsk.de