Andreas Haas, M.Sc. Zahnarzt & Dirk Weiser, Zahnarzt
"Personal data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. "processing" means any operation carried out with or without the aid of automated processes, or set of operations, involving personal data. The term is broad and covers practically every handling of data.
"Controller" shall mean any natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
In so far as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is required in accordance with Article 6 paragraph 1 littera b DSGVO for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Article 28 DSGVO..
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third party services or disclosure or transfer of data to third parties, this will only occur if it occurs to fulfill our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Article 44 of the following DSGVO are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
"Cookies" are small files that are stored on users' computers. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login jam can be stored.
"permanent" or "persistent" are cookies that remain stored even after closing the browser. For example, the login status can be saved if users visit it after several days. Likewise, the interests of users who are used for range measurement or marketing purposes can be stored in such a cookie. Third party cookies" are cookies that are offered by providers other than the person responsible for operating the online service (otherwise, if they are only the latter's cookies, we speak of "first party cookies").
If users do not want cookies to be stored on their computer, they will be asked to disable the appropriate option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of an online offer.
The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted.
This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons. According to legal requirements in Germany, data is stored in particular for six years in accordance with Section 257 (1) HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for ten years in accordance with Section 147 (1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation, etc.). Hosting.
The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the purpose of operating this online service.
We, respectively the hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of the legitimate interest in an efficient and secure provision of this online offer in accordance with Article 6 paragraph 1 littera f DSGVO in connection with Article 28 DSGVO (conclusion of an order processing contract).
We, respectively the hosting provider, collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 littera f DSGVO. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum period of seven days for security reasons (e.g. to investigate abuse or fraud) and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
When contacting us (by e-mail, telephone or via social media), the user's details will be processed in order to process the contact request and its processing in accordance with Article 6 paragraph 1 littera b DSGVO. The user's details can be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation software.
We delete the requests if they are no longer required. We check the necessity every two years. Furthermore, the statutory archiving obligations apply.