naturheilzentrum bottrop data protection policy
farid zitoun & christian rüger
kirchhellener strasse 9a
phone +49 (0) 2041 7207-0
fax +49 (0) 2041 7207-20
data protection is a particularly high priority for the management of naturheilzentrum bottrop. in general, use of the naturheilzentrum bottrop’s internet pages is possible without providing any Personal data. however, Personal-data processing may be required if an ‘affected Person’ wishes to make use of our services via our internet site. if Personal-data processing is required and there is no legal basis for such processing, we will generally obtain the consent of the affected Person.
the processing of an affected Person’s Personal data (e.g. name, address, e-mail address or telephone number) shall always take place in accordance with the ‘general data protection regulation’ and in compliance with the country-specific data protection regulations that are applicable to naturheilzentrum bottrop. with the aid of this data protection policy, our company wishes to inform the public about the nature, scope and purpose of the Personal data that we collect, use and process. furthermore, the affected People shall be informed of their rights via this data protection policy.
as the controller that is responsible for the processing, naturheilzentrum bottrop has implemented numerous technical and organizational measures to ensure that the protection of Personal data, which is processed via this internet site, is as complete as possible. nevertheless, internet-based data transmissions can generally contain security gaps, so absolute protection cannot be guaranteed. for this reason, each affected Person is free to forward Personal data to us via alternative means, e.g. by telephone.
- definitions of the terms used
naturheilzentrum bottrop’s data protection policy is based on the terms that were used by the european-directive legislators and regulators when decreeing the ‘general data protection regulation’ (gdpr). our data protection policy should be easy to read and understand, both for the public and for our customers and business partners. to ensure this, we would like to explain, in advance, the terms that are used.
we use the following terms in this data protection policy, among others:
1.) Personal data
‘Personal data’ refers to all the information that relates to an identified or identifiable natural Person (hereinafter referred to as an ‘affected Person’). a natural Person is considered to be identifiable if he or she can be identified directly or indirectly - in particular by means of an identifier such as a name, a license number, location details, an online identifier or by one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural Person.
2.) affected Person
an ‘affected Person’ refers to any identified or identifiable natural Person whose Personal data is processed by the controller that is responsible for the processing.
‘processing’ refers to any procedure that is performed with or without the aid of an automated process, or any such procedure relating to Personal data, e.g. collecting, recording, organizing, arranging, storing, adjusting or changing, reading, querying, using, disclosing through transmission, disseminating or any other form of provision, comparing or linking to it, restricting, deleting or destroying it.
4.) restriction of the processing
‘restriction of the processing’ refers to the marking of stored Personal data in order to limit its future processing.
‘profiling’ refers to any type of automated Personal-data processing in which the Personal data is used to assess certain Personal aspects pertaining to a natural Person - in particular, to analyze or predict aspects related to this natural Person’s work performance, economic position, health, Personal preferences, interests, reliability, behavior, place of residence or change of location.
‘pseudonymization’ refers to the way in which Personal data can be processed to no longer allow it to be attributed to a specific affected Person without additional information. this should be the case as long as such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal data will not be assigned to an identified or identifiable natural Person.
7.) controller or controller that is responsible for the processing
a ‘controller’ or a ‘controller that is responsible for the processing’ refers to a natural or legal Person, authority, institution or other entity that decides - alone or together with others - on the purposes and means of processing Personal data. if the purposes and means of this processing are determined by eu law or the law of the member states, the controller or the specific criteria of his designation may be provided for under eu law or the law of the member states.
‘processor’ refers to a natural or legal Person, agency, authority, institution or other entity that processes Personal data on behalf of the controller.
‘recipient’ refers to a natural or legal Person, agency, authority, institution or other entity to which Personal data is disclosed – regardless of whether or not it is a third party. however, authorities that may receive Personal data in the context of a specific audit under eu law or the law of the member states shall not be considered as recipients.
10.) third party
a ‘third party’ is a natural or legal Person, authority, institution or entity other than the affected Person, the controller, the processor, and the People who are authorized to process the Personal data under the direct supervision of the controller or the processor.
‘consent’ refers to each declaration of willingness that is voluntarily submitted in an informed and unambiguous manner by the affected Person for specific cases. it shall take the form of a statement or other clearly acknowledged action, in which the affected Person indicates that he/she agrees to the processing of his/her Personal data.
- name and address of the controller that is responsible for the processing
the controller - within the meaning of the ‘general data protection regulation’, other applicable data protection laws in the member states of the european union, and other regulations pertaining to data protection law - is the joint practice:
naturheilzentrum bottrop | farid zitoun & christian rüger | kirchhellener straße 9 a | 46236 bottrop | germany
- cookies, plug-ins and analysis services
users have the opportunity to access what we offer without cookies. to do this, the corresponding settings must be changed in the browser. please familiarize yourself with your browser’s ‘help’ function, which will show you how cookies can be deactivated. however, we would like to point out that this may affect some of the features of this website and restrict its usability. the sites http://www.aboutads.info/choices/ (usa) and http://www.youronlinechoices.com/uk/your-ad-choices/ (europe) will allow you to manage online advertising cookies.
facebook social plug-in
we include plug-ins of the social network, facebook (address: 1601 south california avenue, palo alto, ca 94304, usa) on our web pages. you will recognize the plug-ins by the ‘like’ button (’gefällt mir’ in german) or by the facebook logo – and you can find an overview here: http://developers.facebook.com/docs/plug-ins/. if you access one of our websites with the facebook plug-in, a direct connection to facebook will be established. we have no influence on the type and extent of the data that will be collected, stored and processed by facebook. we can only inform you about what we know. facebook will be notified via the plug-in that you have accessed what we offer on the corresponding website. this also applies to users who have not registered with facebook. in this case, there is the possibility that facebook will store the ip address. if you are a member of facebook and are logged in, the accessing of a website with the facebook plug-in can be clearly assigned to your facebook user account. in addition, the plug-ins transmit all interactions, e.g. if you use the like button or leave a comment. to prevent facebook from storing data about you, please log out of facebook before visiting our web pages. you can also block the plug-ins with add-ons for the browser (for example, ‘facebook blocker’). information on the data protection regulations, the purpose and extent of the data collection, data processing, and the settings options for the protection of privacy on facebook can be found here: http://www.facebook.com/privacy/explanation.php.
google + social plug-in
we include the social plug-in for google + (google plus) on our web pages; it can be recognized by the "+1" sign on a white or colored background. the plug-in of google inc is also provided. (it is known as ‘google’ for short and its address is: 1600 amphitheater parkway, mountain view, ca 94043, usa). when you visit a website with the google + button, a connection to google's servers will be established. google transmits the content of the button and includes it on the corresponding website. at the same time, google receives the information on which site has just been accessed. according to a statement by google, Personal data is only collected when the google + button is clicked. for members of google + who are logged in, the following applies: even without interaction, google will, at least, store and process the ip address. we have no influence on the extent of data stored in this context. users of google + who are logged into their accounts can recommend our web pages by clicking on the "+1" button. in this case, google will not only store the ip address and the browser, but also the content for which +1 was given and the site. this information will be saved on the user's profile and can be displayed along with the user's profile name and image in google services, including search results. google uses the data to optimize its own services, among other things. you can find information on google's data protection regulations and the settings options for the protection of privacy here: http://www.google.de/intl/de/policies/privacy/. members of google plus who do not want data about themselves to be collected and stored via our web pages, should please log out of their google + account before accessing what we have on offer.
twitter social plug-in
this offer uses twitter service features. they are provided by twitter inc., 1355 market st, suite 900, san francisco, ca 94103, usa. twitter offers the so-called ‘tweet’ feature. if you use the twitter feature on our web pages, the web pages you visit will be linked to your twitter account and may be shared with other users. data is also transmitted to twitter. as a provider, we have no knowledge of the content of the transmitted data and its use by twitter. further information can be found in twitter’s data protection policy at http://twitter.com/privacy. twitter offers you the possibility to adjust your data protection settings yourself under the following link: http://twitter.com/account/settings.
tumblr social plug-in
the tumblr plug-in is integrated into our web pages. the plug-in is provided by tumblr inc. (address: 3 east 21st st, 10th floor, new york, ny 10010, usa, firstname.lastname@example.org). the plug-ins can be recognized by the ‘tumblr’ appellation. you can follow us via tumblr by using the plug-in and sharing individual posts or pages of what we offer. accessing a website that contains a tumblr plug-in will establish a connection to tumblr's servers. tumblr transmits the content of the button directly to the user's browser. we have no influence on the extent of data collected by tumblr in this context. according to tumblr, solely the ip address and the url of the website will be transmitted – and only to be able to display the button. you can find tumblr’s data protection policy here: https//mydata.oath.com/my-data/#meetoath.
pinterest social plug-in
we use social plug-ins from the social network pinterest on our site. they are operated by pinterest inc., 808 brannan street, san francisco, ca 94103-490, usa (‘pinterest’).
when you visit a page that contains such a plug-in, your browser directly connects to the pinterest servers. the plug-in transmits log files to the pinterest server in the usa. these log files may include your ip address, the address of the web pages you’ve visited that also contain pinterest features, the browser's type and settings, date and time of the enquiry, your use of pinterest, and cookies.
vimeo social plug-in
our internet site uses plug-ins from the video portal, vimeo. the provider is vimeo inc., 555 west 18th street, new york, new york 10011, usa.
if you visit one of our pages which is equipped with a vimeo plug-in, a connection to the vimeo servers will be established. in the process, the vimeo server will be informed which of our pages you have visited. in addition, vimeo will obtain your ip address. this also applies if you are not logged in to vimeo or do not have an account with vimeo. the information collected by vimeo will be transmitted to the vimeo server in the usa.
by logging into your vimeo account, you enable vimeo to directly associate your surfing behavior with your Personal profile. you can prevent this by logging out of your vimeo account.
xing social plug-in
our internet site uses features from the network xing. the provider is xing ag, dammtorstraße 29-32, 20354 hamburg, germany.
each time that you visit one of our pages that contains xing features, a connection to the xing servers will be established. to our knowledge, Personal data is not stored. in particular, no ip addresses are stored nor is the usage behavior evaluated.
further information on data protection and the xing share button can be found in xing's data protection policy at: https://www.xing.com/app/share?op=data_protection.
linkedin social plug-in
our website uses features from the linkedin network. the provider is the linkedin corporation, 2029 stierlin court, mountain view, ca 94043, usa.
each time you visit one of our pages that contains linkedin features, a connection to linkedin servers will be established. linkedin will be informed that you have visited our internet site with your ip address. if you are logged in to your account at linkedin and click on linkedin’s ‘recommend button’, it is possible for linkedin to assign your visit to our internet site to you and your user account. we must point out that as a provider of the sites, we have no knowledge of the content of the transmitted data and its use by linkedin.
instagram social plug-in
features of the instagram service are integrated into our pages. these features are provided by instagram inc., 1601 willow road, menlo park, ca 94025, usa.
if you are logged in to your instagram account, you can link the content of our pages to your instagram profile by clicking on the instagram button. this allows instagram to associate your visit to our site with your user account. we must point out that as a provider of the sites, we have no knowledge of the content of the transmitted data and its use by instagram.
flickr social plug-in
we have integrated flickr's social plug-in into our web pages. flickr is a service provided by oath (emea) limited (address: 5-7 point square, north wall quay, dublin 1, ireland). flickr's data protection policy can be viewed at https://policies.oath.com/ie/de/oath/privacy/products/flickr/index.html. we have no influence on what data such a plug-in collects. likewise, we have no control over how flickr's data is used. it can be assumed that, at the very least, the ip address as well as information about the utilized terminal devices will be collected and used. likewise, it cannot be ruled out that flickr will try to store cookies on the utilized terminal devices. flickr can be informed about visits to certain sites on the internet via this. users who are logged into flickr at the same time can be identified by flickr. please refer to flickr’s data protection policy for information on the collected data and its use.
youtube social plug-in
our internet site uses plug-ins from the google-operated site, youtube. the site is run by youtube, llc, 901 cherry ave., san bruno, ca 94066, usa.
a connection to the youtube servers will be established if you visit one of our pages, which is equipped with a youtube plug-in. the youtube server will be told which of our pages you visited.
if you are logged into your youtube account, you will allow youtube to directly associate your surfing behavior with your Personal profile. you can prevent this by logging out of your youtube account.
the use of youtube is in the interest of providing an appealing presentation of our online offers. this constitutes a legitimate interest within the meaning of article 6, paragraph. 1, lit. f of the gdpr.
use of google analytics
this internet site uses features of the web analytics service, google analytics. the provider is google inc., 1600 amphitheater parkway, mountain view, ca 94043, usa.
google analytics uses so-called ‘cookies’. these are text files that are stored on your computer and allow an analysis of the use of the website by them. the information generated by the cookie about your use of this website is usually transmitted to a google server in the usa and stored there.
the storage of google analytics cookies is carried out on the basis of article 6, paragraph. 1, lit. f of the gdpr. the operator of the internet site has a legitimate interest in analyzing user behavior in order to optimize what it offers on its site and in its advertising.
we have activated the ip-anonymization feature on this internet site. this will shorten your google ip address within the member states of the european union or other states that have a contractual agreement on the european economic area, before it is transferred to the usa. only in exceptional cases will the full ip address be transferred to a google server in the united states and shortened there. google will use this information on behalf of the operator of this internet site to evaluate your use of the site, to compile reports on website activity, and to provide other services related to website activity and internet usage to the operator of the internet site. the ip address transmitted from your browser by google analytics will not be merged with other data from google.
you can prevent the storage of cookies by adjusting your browser software settings accordingly. however, we would like to point out that in this case, you may not be able to use all the features of this internet site to their full extent. you can also prevent google from collecting and processing the data which is generated by the cookies and related to your use of the internet site (including your ip address) by downloading and installing the browser plug-in that is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
opting out of data collection
you can prevent the collection of your data by google analytics by clicking on the following link. an opt-out cookie will be set up to prevent the collection of your data on future visits to this internet site: deactivate google analytics.
you can find more information on the handling of user data with google analytics in google's data protection policy: https://support.google.com/analytics/answer/6004245?hl=en.
contract data processing
we have concluded a contract on data processing with google and fully implement the strict requirements of the german data protection authorities when we use google analytics.
demographic features at google analytics
this website uses the ‘demographic features’ of google analytics. by doing so, reports can be prepared that contain statements about the age, gender and interests of the visitors to the site. this data comes from interest-based advertising of google as well as visitor data from third-party providers. this data cannot be assigned to a specific Person. you can disable this feature at any time via the advertising settings in your google account, or you can generally prohibit the collection of your data by google analytics as described in the ‘opting out of data collection’ section.
this site uses the google maps service via api. the provider is google inc., 1600 amphitheater parkway, mountain view, ca 94043, usa.
it is necessary to save your ip address to use the features of google maps. this information is usually transmitted to a google server in the usa and stored there. the provider of this site has no influence on this data transfer.
the use of google maps is in the interest of providing an appealing presentation of our online offers and allowing the places we have cited on the website to be easily found. this constitutes a legitimate interest within the meaning of article 6, para. 1, lit. f of the gdpr.
this website uses google adwords. adwords is an online advertising program from google inc., 1600 amphitheater parkway, mountain view, ca 94043, united states (‘google’).
we use so-called conversion tracking within the scope of google adwords. if you click on an advertisement that is displayed by google, a cookie will be implemented for conversion tracking. cookies are small text files that the internet browser stores on the user's computer. these cookies become invalid after 30 days and are not used for the Personal identification of the users. if the user visits certain pages of this internet site and the cookie has not yet expired, we (and google) may recognize that the user has clicked on the ad and been redirected to this site.
each google adwords customer gets a different cookie. the cookies cannot be tracked via the internet sites of adwords customers. the information gathered with the aid of conversion cookies is used to create conversion statistics for adwords customers who have opted for conversion tracking. the customers learn the total number of users who have clicked on their ad and were redirected to a site with a conversion tracking tag. however, they do not receive any information that will Personally identify the users. if you do not want to participate in tracking, you can opt out of this usage by simply disabling the google conversion-tracking cookie via your internet browser under ‘user settings’. you will not then be included in the conversion-tracking statistics.
the storage of ‘conversion cookies’ is based on article 6, para. 1 lit. f of the gdpr. the operator of the internet site has a legitimate interest in analyzing user behavior in order to optimize its advertising and what it offers on its site.
you can set your browser to notify you about the installation of cookies and only allow cookies in individual cases, accept them for specific cases, or exclude them in general. you can also enable the automatic deletion of cookies when the browser is closed. deactivating cookies may limit the functionality of this internet site.
- collection of general data and information
naturheilzentrum bottrop’s internet site collects a series of general data and information each time the internet site is accessed by an affected Person or an automated system. this general data and information is stored in the log files of the server. the browser types and the versions used, the operating system used by the accessing system, the internet page from which an accessing system is able to visit our internet site (the so-called ‘referrer’), the sub-web pages which are visited via an accessing system on our website, the date and the time of access to the website, an internet protocol address (ip address), the internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
naturheilzentrum bottrop does not draw conclusions about the affected Person when using the general data and information. on the contrary, this information is needed to correctly deliver the contents of our internet site, and to optimize both the content of our site and the advertising for it. it is also needed to ensure the permanent functionality of our information technology systems and the technology of our internet site, as well as to provide the authorities with information in the event of a cyberattack. the data and information are therefore collected anonymously and evaluated statistically by nabo with the aim of increasing data protection and security in our company. we ultimately want to ensure the best possible level of protection for the Personal data that is processed by us. the anonymous data of the server log files is stored separately from all Personal data provided by an affected Person.
- registration on our internet site
the affected Person has the possibility to register on the internet site of the controller that is responsible for the processing, by providing his/her Personal data. the type of Personal data, which is to be transmitted to the controller, will result from the respective entry form which is used for the registration. the Personal data entered by the affected Person is collected for his/her own purposes and stored solely for internal use by the controller. the controller may arrange for the transfer to one or more processors, such as a parcel service delivery, which will also use the Personal data solely for internal purposes, and attribute it to the controller that is responsible for the processing.
the ip address assigned by the affected Person’s internet service provider (isp), the date, and the time of the registration will also be stored through registering on the controller’s website. the storage of this data takes place in light of the fact that this is the only way to prevent misuse of our services, and this data will make it possible to solve any committed crimes, if needed. in this respect, the storage of this data is required to protect the controller that is responsible for the processing. fundamentally, this data will not be transferred to third parties if there is no legal duty to pass it on, unless it has to be transferred for the purposes of prosecution.
when the affected Person registers by voluntarily submitting Personal data, it enables the controller to provide him/her with content or services that can only be offered to registered users due to the nature of the matter. registered users are free to change the Personal data that they submitted at registration at any time, or to have it completely deleted from the controller’s database.
upon request, the controller shall provide each affected Person with information on what Personal data is stored about him/her, at any time. in addition, the controller shall rectify or delete the Personal data at the request or notice of the affected Person, insofar as this does not conflict with any statutory duty to preserve records. in this context, a data protection officer named in this data protection policy and the controller’s entire staff shall be available to the affected Person as contacts.
- newsletter subscription
users are given the possibility to subscribe to our company’s newsletter on the naturheilzentrum bottrop internet site. the type of Personal data, which is to be transmitted to the controller upon subscription to the newsletter, will result from the respective entry form that is used for this purpose.
naturheilzentrum bottrop shall inform its customers and business partners about the company's offers at regular intervals by way of a newsletter. the company newsletter can only be received by the affected Person if he/she has a valid e-mail address and subscribes to the newsletter. for legal reasons, a confirmation e-mail will first be sent to the e-mail address entered by an affected Person in a double opt-in procedure. this confirmation email shall be used to check whether the owner of the e-mail address has authorized the receipt of the newsletter as an affected Person.
upon subscription to the newsletter, we shall also store the ip address which the internet service provider (isp) assigned to the computer system used by the affected Person at the time of subscription, along with the date and time of registration. the collection of this data is necessary in order to be able to trace any (possible) misuse of the affected Person’s e-mail address at a later date, and therefore provides legal protection for the controller.
the Personal data collected as part of a subscription to the newsletter will solely be used to send our newsletters. in addition, subscribers to the newsletter could receive notifications by e-mail - if necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter offer or technical conditions. there will be no transfer of the collected Personal data to third parties within the scope of the newsletter service. the subscription to our newsletter can be terminated at any time by the affected Person. the consent to the storage of Personal data, which the affected Person granted us for the newsletter subscription, can be revoked at any time. there is a corresponding link in each newsletter for the purpose of revoking consent. it is also possible to directly unsubscribe from the newsletter at any time via the controller’s internet site, or to notify the controller in another way.
- newsletter tracking
the naturheilzentrum bottrop newsletter contains so-called web beacons. a web beacon is a miniature graphic which is embedded in certain e-mails that are sent in html format, allowing log-file recording and log-file analysis. this will permit a statistical evaluation of the success or failure of online marketing campaigns. with the aid of the embedded web beacons, naturheilzentrum bottrop will be able to recognize if and when an e-mail is opened by an affected Person and which of the links in the e-mail were accessed by the affected Person.
Personal data which is collected via the web beacons contained within the newsletters shall be stored and evaluated by the controller in order to optimize the dispatch of newsletters and better adapt the content of future newsletters to the interests of the affected Person. this Personal data will not be disclosed to third parties. affected People shall be entitled to revoke the separate declaration of consent for this matter, which was submitted via the double opt-in procedure, at any time. following the revocation, this Personal data will be deleted by the controller. unsubscribing from receipt of the newsletter will automatically indicate revocation for naturheilzentrum bottrop.
- contact possibilities via the internet site
due to statutory provisions, naturheilzentrum bottrop’s internet site contains information that enables fast electronic contact with our company as well as immediate communication with us - including a general address for so-called electronic post (e-mail address). if an affected Person contacts the controller by e-mail or via a contact form, the Personal data that is transmitted by the affected Person will be automatically saved. such data is transmitted on a voluntary basis by an affected Person to the controller and will be stored for the purposes of processing or contacting the affected Person. there will be no transfer of this Personal data to third parties.
- comments feature in the blog on the internet site
naturheilzentrum bottrop offers users the possibility to leave comments on the individual posts of a blog that is located on the controller’s internet site. a blog is a web-based portal that is usually visible to the public, and in which one or more People, (called ‘bloggers’ or ‘web bloggers’), can post articles or write down thoughts in so-called ‘blog posts’. the blog posts can usually be commented on by third parties.
if an affected Person leaves a comment on the blog that is published on this internet site, information on the time the comment was made and the username (pseudonym) chosen by the affected Person will also be stored and published, along with the comments left by the affected Person. furthermore, the ip address assigned to the affected Person by the internet service provider (isp) will also be recorded. the ip address will be stored for security reasons and in case the affected Person posts unlawful content or violates the rights of the third party by posting a comment. the storage of this Personal data is therefore in the controller’s own interest, possibly allowing for the controller to be exculpated if there is a breach of the law. this Personal data will not be disclosed to third parties, unless such a transfer is required by law or serves as a legal defense for the controller.
- subscription to comments on the blog on the internet site
the comments left on the naturheilzentrum bottrop blog can basically be subscribed to by third parties. in particular, it is possible for a commentator to subscribe to comments that follow a comment made by him/her on a particular blog post.
if an affected Person decides to subscribe to comments, the controller will send an automatic confirmation e-mail to check, via the double opt-in procedure, whether the owner of the submitted e-mail address has really selected this option. the option to subscribe to comments can be terminated at any time.
- routine deletion and blocking of Personal data
the controller shall only process and store Personal data of the affected Person for the period of time required to achieve the purpose of storage or if it is required to do so by the european-directive legislators and regulators, or by another authority whose laws or regulations the controller is subject to.
if the purpose of the storage no longer exists or if a storage period prescribed by the european-directive legislators and regulators or any other applicable authority expires, the Personal data will be routinely blocked or deleted in accordance with statutory provisions.
- rights of the affected Person
1.) right to confirmation
each affected Person has the right, as granted by the european-directive legislators and regulators, to demand that the controller confirms that the Personal data relating to him/her is being processed. if an affected Person wishes to exercise this right to confirmation, they can contact our data protection officer or another Person who is responsible for the processing at any time.
2.) right to information
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to obtain information about the Personal data that is stored on him/her at any time, free of charge, from the contractor and receive a copy of this information. furthermore, the european-directive legislators and regulators have provided the affected Person with the following information:
- the processing purposes
- the categories of Personal data being processed
- the recipients or categories of recipients to whom the Personal data has been disclosed or is still being disclosed, in particular to recipients in third-party countries or to international organizations
- if possible, the planned duration for which the Personal data will be stored or, if this is not possible, the criteria for determining that duration
- the right to rectify or delete the Personal data concerning him/her or to restrict the processing by the controller or a right to opt out of this processing
- the right of appeal to a supervisory authority
- if the Personal data is not collected from the affected Person: all available information on the origin of the data
- automated decision-making including profiling pursuant to article 22 (1) and (4) of the gdpr and - at least in these cases - meaningful information about the logic involved, as well as the scope and intended impact of such processing for the affected Person
furthermore, the affected Person has the right to know whether Personal data has been transmitted to a third-party country or to an international organization. if this is the case, then the affected Person shall have the right to obtain information on the appropriate guarantees connected with the transfer.
if an affected Person wishes to exercise this right to information, he/she can contact our data protection officer or another employee who is responsible for the processing, at any time.
3.) right to rectification
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to demand the immediate correction of incorrect Personal data concerning them. furthermore, the affected Person has the right, under consideration of the purposes of the processing, to demand the completion of incomplete Personal data, including by means of a supplementary statement.
if an affected Person wishes to exercise this right to rectification, they can contact our data protection officer or another employee who is responsible for the processing, at any time.
4.) right to deletion (right to be forgotten)
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to demand from the controller that the Personal data relating to him/her be deleted without delay, provided that one of the following reasons is satisfied and as long as processing is not required:
- the Personal data was collected or otherwise processed for purposes that are no longer necessary.
- the affected Person revokes his/her consent, to the processing , pursuant to article 6, para. 1 a) of the gdpr, or article 9, para. 2 a) of the gdpr, and there is no other legal basis for the processing.
- the affected Person submits an objection to the processing, pursuant to article 21 para. 1 of the gdpr, and there are no legitimate reasons for the processing. or the affected Person submits an objection pursuant to article 21, para. 2 of the gdpr.
- the Personal data was processed unlawfully.
- the deletion of Personal data is required to fulfill a legal obligation under eu law or the law of the member states, which the controller is subject to.
- the Personal data was provided in relation to services offered by the information society, pursuant to article 8 para. 1 of the gdpr.
if one of the above reasons is correct, and an affected Person wishes to initiate the deletion of Personal data stored at naturheilzentrum bottrop, they can contact our data protection officer or another employee who is responsible for the processing, at any time. the data protection officer or the other employee at naturheilzentrum bottrop will arrange for the request for deletion to be carried out without delay.
if the Personal data has been made public by naturheilzentrum bottrop and our company, as the controller, is obliged to delete the Personal data pursuant to article 17, para. 1 of the gdpr, naturheilzentrum bottrop shall
- a) take into account the available technology and implementation costs, and
- b) take appropriate measures (including technical means) to inform other data controllers, who are responsible for the processing of the published Personal data, that the affected Person has requested the deletion of all links to this Personal data or to copies or replications of this Personal data made by these other data controllers, as long as the processing is not necessary.
the data protection officer of the naturheilzentrum bottrop or another employee will arrange for the necessary action in individual cases.
5.) right to restrict the processing
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to demand that the controller restrict the processing if one of the following conditions applies:
- the correctness of the Personal data is disputed by the affected Person over a period of time that allows the controller to check the accuracy of the Personal data.
- the processing is unlawful. the affected Person refuses to delete the Personal data and instead demands a restriction on the use of the Personal data.
- the controller no longer needs the Personal data for the purposes of processing, but the affected Person needs it to assert, exercise or defend his/her legal rights.
- the affected Person has submitted an objection to the processing, pursuant to article 21 para. 1 of the gdpr and it is not yet clear whether the legitimate reasons of the controller outweigh those of the affected Person.
if one of the above-mentioned conditions is met and an affected Person wishes to request a restriction on the Personal data that is stored at naturheilzentrum bottrop, he/she may contact our data protection officer or another employee who is responsible for the processing, at any time. the data protection officer or the other employee at naturheilzentrum bottrop will initiate the restriction on processing.
6.) right to data transferability
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to receive the Personal data relating to him or her (which was provided to the controller by the affected Person) in a structured, established, and machine-readable format. he/she also has the right to transfer this data to another controller without hindrance from the controller who has already been provided with the Personal data, as long as
- the processing is carried out on the basis of the consent, pursuant to article 6 para. 1 a) of the gdpr, or article 9, para. 2 a) of the gdpr, or a contract in accordance with article 6 para. 1 b) of the gdpr, and
- the processing is carried out by automated means, provided that the processing is not required for the exercising of a task that is in the public interest or for exercising public authority that has been assigned to the controller.
furthermore, in exercising his/her right to data transferability, the affected Person also has the right (pursuant to article 20, para. 1 of the gdpr) to have the Personal data transmitted directly from one controller to another if this is technically feasible and does not affect the rights and freedoms of other People.
the affected Person can contact the data protection officer (or another employee) appointed by naturheilzentrum bottrop, at any time, in order to assert the right to data transferability.
7.) right to object
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to raise objections against the processing (which takes place on the basis of article 6 para. 1 e) or f) of the gdpr) of Personal data relating to him/her at any time, for reasons arising from his/her particular situation. this also applies to profiling based on these provisions.
naturheilzentrum bottrop will no longer process Personal data in the event of such an objection, unless we can establish compelling legitimate reasons for processing that outweigh the interests, rights, and freedoms of the affected Person, or if the processing is for the assertion, exercise or defense of legal claims.
if naturheilzentrum bottrop processes Personal data in order to engage in direct advertising, the affected Person shall have the right to object to it at any time. this also applies to profiling insofar as it is associated with such direct advertising. if the affected Person objects to the processing of the data for direct advertising purposes, naturheilzentrum bottrop will no longer process the Personal data for such purposes.
in addition, the affected Person has the right to raise an objection (for reasons arising from his / her particular situation) against the processing of Personal data relating to him or her at naturheilzentrum bottrop for scientific or historical research purposes, or for statistical purposes pursuant to article 89 para. 1 of the gdpr, unless such processing is necessary to fulfill a task that is in the public interest.
the affected Person can directly contact the data protection officer or another employee of naturheilzentrum bottrop to exercise the right to object. in connection with use of information-society services and irrespective of directive 2002/58/ec, the affected Person shall also be free to exercise his/her right to object by means of automated procedures, where technical specifications are used.
8.) automated decisions in individual cases, including profiling
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or, in a similar manner, significantly affects it; if the decision (1) is not required for the conclusion or fulfilment of a contract between the affected Person and the controller; or (2) is permitted on the basis of legal provisions of the eu or of the member states to which the controller is subject, and if such legislation provides for appropriate measures for the protection of the rights and freedoms as well as the legitimate interests of the affected Person or (3) takes place with the express consent of the affected Person.
if the decision (1) is required for the conclusion or the fulfillment of a contract between the affected Person and the controller; or (2) if it takes place with the express consent of the affected Person, naturheilzentrum bottrop shall take appropriate measures to protect the rights, freedoms, and the legitimate interests of the affected Person, including at least the right to obtain the intervention of a Person on the part of the controller, to explain his own point of view, and to challenge the decision.
if the affected Person wishes to assert his/her rights with regard to automated decisions, he/she can contact our data protection officer or another employee who is responsible for the processing, at any time.
9.) right to revoke consent in terms of data protection law
any Person affected by the processing of Personal data has the right, as granted by the european-directive legislators and regulators, to revoke consent to the processing of Personal data at any time.
if the affected Person wishes to assert his/her right to revoke consent, he/she can contact our data protection officer or another employee who is responsible for the processing, at any time.
- data protection for applications and in the application procedure
the controller collects and processes the applicants’ Personal data for the purpose of dealing with the application procedure. the processing can also be done electronically. this is especially the case if a candidate submits the application documents to the controller via electronic means, e.g. by e-mail or via a web form on the internet site. if the controller concludes an employment contract with an applicant, the transmitted data will be stored in compliance with statutory provisions for the purpose of settling the employment relationship. if no employment contract is concluded between the applicant and controller, the application documents will be automatically deleted two months after the announcement of the decision to decline employment, provided that deletion does not conflict with any of the controller’s other legitimate interests. ‘other legitimate interest’ in this sense would be, for example, a duty to furnish evidence in a lawsuit under the general equal treatment act (‘agg’ in german).
- legal basis of the processing
article 6, para. 1 a) of the gdpr serves as a legal basis for our company’s processing operations, where we obtain consent for a particular processing purpose. the processing shall be based on article 6, para. 1 b) of the gdpr if the processing of Personal data is required to fulfill a contract, where the controller is a contractual party, (as is the case, for example, in processing operations that are necessary for the delivery of goods or the provision of any other service or consideration). the same applies to processing operations that are necessary for pre-contractual measures to be carried out, e.g. in cases of inquiries about our products or services. if our company is subject to a legal obligation which requires the processing of Personal data, e.g. to fulfil tax obligations, the processing shall be based on article 6, para. 1 c) of the gdpr. in rare cases, Personal-data processing may be required to protect the vital interests of the affected Person or another natural Person. this would be the case, for example, if a visitor to our company were injured and his/her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. the processing would then be based on article 6, para. 1 d) of the gdpr. ultimately, processing operations could be based on article 6, para. 1 f) of the gdpr. processing operations that are not covered by any of the above-mentioned legal clauses will be based on this if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, basic rights, and freedoms of the affected Person are not outweighed. such processing operations are permitted because they have been specifically mentioned by the european legislators. in this regard, they take the view that a legitimate interest could be assumed if the affected Person is a customer of the controller (recital 47, p. 2 of the gdpr).
- legitimate interests in the processing, which are pursued by the controller or a third party
if the processing of Personal data is based on article 6 para. 1 f) of the gdpr, our legitimate interest shall be to carry out our business for the benefit of all of our employees and our shareholders.
- duration for which the Personal data is stored
the respective statutory retention period forms the criterion for the duration of the storage of Personal data. after the period has expired, the relevant data will be routinely deleted, provided that it is no longer required for the fulfillment or preparation of a contract.
- legal or contractual regulations for the provision of Personal data; necessity for the conclusion of a contract; obligation of the affected Person to provide the Personal data; possible consequences of not providing it
we can clarify that the provision of Personal data is partly required by law (e.g. tax regulations) or may also arise from contractual stipulations (e.g. information about the contractual partner). upon conclusion of a contract, it may be occasionally necessary for an affected Person to provide us with Personal data that must subsequently be processed by us. for example, the affected Person will be obliged to provide us with Personal data if our company enters into a contract with him/her. failure to provide the Personal data would mean that the contract could not be concluded with the affected Person. the affected Person must contact our data protection officer prior to providing Personal data. our data protection officer will clarify to the affected Person, on an individual-case basis, whether the provision of the Personal data is required by law or by contract, or whether it is required for the conclusion of the contract, whether there is an obligation to provide the Personal data, and what the consequences of not providing the Personal data would be.
- existence of an automated decision-making process
as a company that is conscious of its responsibilities, we refrain from automated decision-making or profiling.