Privacy policy - Molecular HealthMolecular Health

Data Protection Policy – Information for visitors to our website

 

I. General Information

 

This policy informs you about the processing of your personal data while you are using our website.

 

1. The data controller according to the General Data Protection Regulation (GDPR) as well as other data protection laws and dispositions of individual EU Member States is:

Molecular Health GmbH
Kurfuersten-Anlage 21
69115 Heidelberg
Germany
Tel: +49-6221-43851-0
Email: media@molecularhealth.com

2. The data protection officer according to the GDPR and other data protection laws and dispositions is:

Mr Sebastian Feik
legitimis GmbH
Dellbrückerstraße 116
51469 Bergisch Gladbach
Germany

 

II. Introduction

This data protection policy aims to provide you, as a client or an interested party, with a detailed overview how and within which scope your personal data is collected, stored, processed, and transferred when visiting our website or using our services. Additionally, it aims to provide you with an overview of which data protection measures we use, and which options are available to you when visiting our website or using our services.

In order to continue protecting your personal data in the future, especially when adapting to new data protection regulation or technical developments, it is inevitable that we will occasionally adapt our data protection policy. We therefore advise to regularly check our information regarding data processing in order to remain up to date.

 

  1.  Object of protection

The object of protection is your personal data. In the GDPR, personal data is defined in Art. 4, 1., as data regarding an identified or identifiable natural person. It is therefore all data in relation to you (regardless of direct or indirect), such as first name, surname, address, email address, user behavior, etc. Data related to websites or online services which do not belong to us or which we do not control is not part of this data protection policy.

 

  1. When and within which scope do we process personal data?

In following you will find an overview of all activities within which your personal data is processed:

2.1. For the performance of contractual services / registration

We process inventory data and contractual data to execute our contractual obligations and provide our services (Art. 6, 1., b)).

2.2. Contact
If you contact us per email or through our contact form, the information will be processed as necessary to answer your request.

2.3. Visit of our website

When you visit our website, we may use authorised cookies from service providers or other similar technology. Information is thereby sent automatically from your browser to our website’s servers. This server is then stored as so-called log-files for a short period. The information acquired through this process help us to adapt our services to the expectations of our clients as well as to improve them and their security. Additionally, they are used for advertisement purposes.

  1. Legal basis for the processing of personal data

If we acquire your consent for the processing for personal data, the legal basis is Art. 6, 1., a) of the GDPR.

If the processing of personal data is necessary to execute a contract to which the data subject is a party, the legal basis is Art. 6, 1., b). This legal basis also applies for processing within the scope of pre-contractual measures.

If the processing is necessary to comply with a legal requirement, the legal basis is Art. 6, 1., c).

If the processing is necessary to comply with the legitimate interest of our company or of a third party which is not overweighed by the rights and interests of the data subject, the legal basis is Art. 6, 1., f).

  1. Data deletion and storage duration

The data which we store is deleted as soon as the purpose of the processing no longer exists, as long as no legal storage obligation prevents it. If the data is not deleted because it is required for legal purposes, the processing is restricted. This means the data is locked up and will not be processed for any other purposes. This applies for example to user data which must be stored due for financial or tax law purposes. Under German law, according to § 257 Abs. 1 HGB, the storage may be required for 6 years (Commercial books, inventory, opening reports, yearly reports, commercial letters, accounting receipts…) or for 10 years (books, records, storage reports, tax relevant information…).

  1. How do we protect personal data?

We implement physical, technical, and administration security measures to properly protect your data from loss, misuse, unallowed access, transfer, or modification. These security measures include firewalls, data encryption, access rights for the access to data, and we carefully select our servers’ location. We are committed to the security of our systems and services.

You are however responsible for the safety and the confidentiality of your passwords and your user account such as your registration data. It is your responsibility to verify that the personal data we process about you is accurate and current. We are not liable for the protection of personal data which is transferred to third parties on the basis of account connection you have authorised.

  1. When do we transfer data?

Our priority is to ensure that we do not sell or rent personal data. Data is only transferred when this is inevitable, for example for the execution of a contract, or we have a legitimate interest or your consent to do so. Each of our contractual partners is chosen carefully and has an obligation to protect data according to the legal dispositions. For this reason, we conclude data processing agreements with our service providers.

  1. Links

There may be links on our website to third party websites, the content of which we are not responsible for and to which this data protection policy does not extend.

  1. Your rights

As soon as your personal data is processed, you are considered a data subject according to the GDPR. As such, you have the following rights owed to you by the controller (therefore, us):

  • Right to access,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object,
  • Right to data portability.

Additionally, you have the right to complain to the data protection authority about the processing of your personal data.

III. Provision of the website and creation of log files

  1. Scope and duration of the data processing

As soon as you visit our website, our system collects information and data about the computer system of the device visiting the page, regardless of registration. The following data is processed and stored for safety purposes for a short period:

  • Information about the type of browser and the version used
  • http-status code / access status
  • Time difference to Greenwich Mean Time (GMT)
  • The user’s operating system
  • The user’s IP address
  • Time and date of the visit
  • Duration of the visit
  • Websites from which the user’s system reached our page
  • The user’s service providers
  • Websites which are accessed by the user’s system through our page
  • Device type and brand

As soon as you have left the session, the data is deleted. If the data is processed longer, it is anonymised and evaluated for optimisation purposes.

The collection and storage of data is absolutely necessary for the provision of our website. As such, there is no possibility to object.

  1. Purpose and legal basis for the data processing

The storage of the IP address on our system for a short period is necessary to provide access to our website for the user’s device. For this purpose, your IP address is stored for the duration of your visit to our website.

The storage in so-called log file takes place in order to guarantee the functionality of our website. Furthermore, we require the data to optimise our website and to guarantee the safety of our information systems. As such, we have a legitimate interest under Art. 6, 1., f) GDPR.

IV. Cookies

  1. Description and scope of the data processing

Our website uses cookies which are text files which are stored either on the user’s browser or on their device. These cookies are composed of a singular series of symbols which permit the identification of the browser when returning to visit the website. Cookies cannot transmit programs or viruses.

1.1. Temporary cookies

Temporary cookies are so-called “session cookies” which store a session-ID to recognise the device when the website is revisited. Session cookies are automatically deleted when the browser is closed.

1.2. Persistent cookies

Persistent cookies are stored as long as they are not deleted from the device. Cookies are used to make our website more user friendly. Several elements of our website require that the browser be recognisable when switching pages. Those technically necessary cookies store and transfer following data: 

  • Language settings

1.3. Analysis cookies

Furthermore, our website uses cookies which provide information about user behaviour. Those are cookies are in majority third party provider cookies (e.g. Google Analytics). The data is anonymised and exclusively evaluated by us. When you open a website, a cookie can be stored on your operating system and transfer the following data:

  • Usage of website functions
  • User behaviour
  • Classification of the source of the website access
  • Frequency of the visits
  • Entered search terms

When opening a website, you are informed about the use of cookies for analysis purposes and your consent is acquired for the ensuing processing of personal data. This also includes a reference to this data protection policy.

  1. Legal basis for the processing

The legal basis of the data processing when using technically necessary cookies is Art. 6, 1., f) GDPR whereas it is your consent according to Art. 6, 1., a) GDPR for analysis cookies.

  1. Purpose of the processing

The purpose of the technically necessary cookies is to simplify the use of our website. Several functions of our website cannot be offered without the use of cookies. It can be necessary to store the browser identification when changing pages on the website. For these purposes, following data is stored:

  • Language settings

The use of analysis cookies aims to improve the quality of our website and of its contents. Through analysis cookies, we can determine how our website is used and can therefore improve our offer.

  1. Storage duration and user rights

Cookies are stored on your device and transferred to our website. As a user you therefore also have control over the use of cookies through the settings of your browser where you can deactivate or restrict the storage of cookies. You can delete stored cookies at any time or set up an automatic deletion. If cookies are deactivated on our website, some functions may not be completely accessible.

V. Contact form and email contact

  1. Scope of the data processing

You can contact us both through email or through a contact form. If you use the contact form, the data which is indicated on the contact form page is transferred to us and stored. The following data is stored:

  • User’s email address
  • User’s name
  • User’s IP address
  • Time and date of the contact request

Your consent is acquired before you can send the contact request with reference to this data protection policy.

Furthermore, you may contact us directly through the provided email address. In this case, the personal data provide in the email will be stored. There is no transfer to thirds and the data is exclusively used for the purpose of managing your request.

 

  1. Purpose and legal basis for the processing

The process of your data occurs exclusively to manage your request. Further data transferred during through the contact form aims to prevent its misuse and to ensure the safety of our information systems.

The legal basis for the data processing is the user’s consent according to Art. 6, 1., a) GDPR. If contact per email is part of a process to conclude a contract, the legal basis is Art. 6, 1., b).

VI. Web analysis and statistics services

  1. Google Analytics

We use the services of Google Analytics on our website, as long as you have consented to it. It is a web analysis service from Google, LLC, Gordon House, Barrow Street, Dublin 4, Ireland, in following “Google.”

When visiting our website, the cookies set by Google collect the following information:

  • Two bytes of the IP address of the user’s system
  • The visited website
  • The website from which the user has accessed to the visited website (referrer)
  • The pages which are visited on the website
  • The duration of the visit on the website
  • The frequency of the visits

The software sets cookies on the device of the user. The cookie hereby gathers information about the usage of the online offer. This information is transferred to and stored on a Google server in the US. Google ensures that your IP address is not connected to other data. You can find more information about this under: https://policies.google.com/privacy.

Google is certified as complying with European Data Protection under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The storage of cookies can be prevented in the settings of your browser. However, this may lead to a restriction of the functionality and that you may not be able to use our website to its full capacity. Google provides a deactivation plugin under: http://tools.google.com/dlpage/gaoptout?hl=de. With this tool you can control the use of your data. However, the plugin does not prevent the transfer of data to us or to third web analysis services.

The legal basis for the processing is your consent in accordance with Art. 6, 1., a) GDPR.

VII. Social Media

  1. Facebook

    1
    .1.Joint Controllers

We run this Facebook-Fanpage on the online platform of the social media Facebook Ireland Ltd (Facebook).

For the processing of the personal data on the fanpage, we are joint controllers along with Facebook according to Art. 4, 7. GDPR. When you visit the fanpage, person data is processed both through Facebook and through us.

1.2. Purpose of the data processing

Use of our fanpage:

Exchange and communication

The purpose of the use of our Facebook-Fanpage is to get into contact with users and visitors of Facebook and to create an exchange with them. Amongst others, we inform about our company and the related offers such as the events we have held or are holding, special offers, etc.

User analysis

With our Facebook-Fanpage we are able to acquire statistical information established by Facebook about the visits and visitors. This allows us to better market and target our activity. We can, amongst other, get information about individual users who have liked our page or who use it. This allows us to provide the concerned users with improved content and functions over our Facebook-Fanpage.

In order to further improve the content on our Facebook fanpage, we can also acquire demographical or geographical information based on information provided during the visit. This allows us to provide targeted ads based on interests without having direct knowledge of the users identity.

If you use different devices to access Facebook, this evaluation and collection can cross devices as long as you are registered with your Facebook profile when visiting our fanpage.

User statistics which are established are transferred to us completely anonymised. Access to underlying information is not possible.

Use of Insights and Cookies

While running out fanpage, we use the Insights service provided by Facebook to acquire statistical data about the visitors of our fanpage.

When visiting our fanpage, Facebook sets a cookie on your browser which contains an identifiable user code. If not deleted before then, the cookie is valid active for two years. The user code can be linked to your data when you are registered on Facebook. The information is stored and processed by Facebook. It is also possible that thirds can use the information from Facebook cookies to provide services from the company advertising on Facebook.

You can find more information about the use of Cookies through Facebook in its cookie policy: https://www.facebook.com/policies/cookies/

1.3. Legal basis and legitimate interest of the data processing

The processing of personal data is based on our legitimate interest to create an efficient exchange and communication with Facebook users and the visitors of our Facebook fanpage according to Art. 6, 1., f) GDPR.

1.4. Data transfer

Data collected while visiting our fanpage may be transferred to Facebook Inc. in the USA and further processed there.

Data transfers to the USA are subjected to a determination of adequation through the EU Commission, the EU-US Privacy Shield. With this agreement, the Commission determines that the transfer of data to the US is compliant with the data protection standards in the EU. Facebook Inc. is certified as compliant: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

No data transfer occurs through us while running our fanpage.

1
.5. Possibility to object through your Facebook account

As a Facebook user, you have the right to determine, through advertising preferences in your settings, how your user behaviour can be collected while visiting our fanpage. Facebook provides an objection form: https://www.facebook.com/help/contact/1994830130782319

1.6. Your rights as a data subject

Right to access

You can get access to information regarding data we store about you at your request at any time and without cost.

Right to rectification, erasure, restriction of the processing, object

Should you no longer agree with the processing of your personal data or should the information no longer be accurate, we will appropriately update, delete or lock your data at your request (as long as legally applicable). The same rule applies if your data is only to process in a restricted manner in the future.

Right to data portability

At your request, we provide you with your personal data in an accessible, structured, machine-readable format to transfer your data to another controller.

Right to complain to the data protection authority

You have a right to complain to a data protection authority.

Right to object after consenting with future effect

You can retract your consent with future effect at any time. The validity of your consent up until the time of objection is not affected.

Restriction

Data which does not allow us to identify a person, for example when it is anonymised for analysis purposes, is not covered by the applicable regulations. Access, erasure, locking, correction or transfer to a third party are possible with this data when you provide us with additional information allowing us to identify you.

1.7. About joint controllership

Due to the existing agreement with Facebook regarding joint controllership it is most appropriate to directly contact Facebook for the exercise of your right to access as well as any further user rights. As the operator of the social network with the possibility to create Facebook fan pages, only Facebook can access necessary information through access rights and can take the immediate necessary measures or grant access. We are of course available to support you at any time as well as comply with our duties as data controller.

1.8. Contact to our company

For questions regarding the processing of data in our company, or for the exercise of your data subject rights, you can contact us at: media@molecularhealth.com .

You can find further information about the processing of your data under: https://www.molecularhealth.com/privacy-policy/.

1.9. Information about the processing of your personal data through Facebook

You can find information about the processing of your personal data through Facebook in their data protection policy: https://www.facebook.com/about/privacy

  1. Twitter

We use the short message service Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA.


The controller for the processing of data from people outside of the USA is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

If you use the interactive functions of twitter such as sharing (retweeting), liking or commenting, it is on your own responsibility.

2.1. Which data do we process when you use Twitter?

When using our twitter account on its own, we do not process data.

If you put data on Twitter, such as user name as well as any publicly available information, it may be processed hen you share or tweets or reply to them. The information which you willingly make available on twitter may be accessible to our followers or may be used within our twitter offer.

If you send us a private or direct message on Twitter, this will be stored for 18 months on Twitter.

You can exercise your rights as a data subject to access, restriction, data portability, erasure by contacting us at: media@molecularhealth.com.

You can find further information about the processing of your data under: https://www.molecularhealth.com/privacy-policy/.

2
.2. Which data does Twitter process?

You can find information about the processing of your personal data through Twitter as well as about the purpose of the processing in its data protection policy: https://twitter.com/de/privacy

Twitter is certified as compliant with EU data protection regulations under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Please be aware that we do not have any influence on the type and scope of data processing through Twitter within the frame of Instagram services, nor on the use or transfer of data to thirds.

As operator of a Twitter account, we do not have an influence on the use of analysis tools through Twitter, nor do we have information about its possible use from Twitter.

Should analysis tools be used by Twitter within our Twitter account, it is neither at our request nor has it been consented to or supported in any way, nor will it be. Any data acquired in this way by Twitter is not provided to us.

Only some, non-personal information about Twitter activity is available to us, such as the number of clicks on our Twitter profile or on links in a specific tweet, neither of which is linked to a specific Twitter account.

2
.3. How can you restrict the processing of your personal data through Twitter?

You have the possibility to restrict the data processing in the settings of your Twitter account, under “privacy and security.” You also have the possibility to use various setting options on your device (laptop, computer, phone) to restrict Twitter’s access to your calendar or contact data, photos, locations, etc. The latter depends on the operating system.

VIII. Social Media Plugins

  1. Scope and duration of the data processing

You can find social media plugins of the social media Facebook on our website, of which the provider is Facebook Inc., California 94025 1 Hacker Way, Menlo Park. The plugins can be used as interactive elements or content (e.g. videos, graphics, text elements) and are recognisable through a Facebook symbol (white “f” on a blue tile, the word “Like” or a “thumbs up” symbol) or are marked as “Facebook Social Plugin.” The list of possible plugins is available under: https://developers.facebook.com/docs/plugins/

When visiting our Website, the plugin creates a direct link between your browser and the Facebook server. This provides to Facebook the information that you have connected to our website with your IP address. When clicking on the “Like” button, you connect the content of our page with your Facebook account. Facebook thus connects the visit on our page to your profile and can use the processed data to create a profile of the user. Through the use of plugins, Facebook acquires the information that a user has accessed a certain page of the website. If the user is logged into Facebook, it can associate the content with your account. We do not know which type of content is transferred to Facebook and how it is used.

According to Facebook’s own statement, the data is stored for a duration of 90 days after which it is anonymised.

You can find further information about data processing by Facebook in their data protection policy: http://de-de.facebook.com/policy.php. You can prevent the linking of your visit of our website and your Facebook account by logging out of Facebook before the visit. However, even if you do not have a Facebook account, Facebook stores your IP address.

  1. Purpose and legal basis of the processing

Facebook social plugins show us the interests of visitors on our website in order to show those in a more targeted manner to present users only with content which corresponds with their interests.

If Facebook plugin cookies are set, it is on the basis of your consent to the use of cookies according to Art. 6, 1., a) GDPR. If no cookies are set, the processing is done on the basis of our legitimate interest (e.g. interest in the analysis, optimisation and commercial management of our website) according to Art. 6, 1., f) GDPR.

  1. Objection possibilities

When a visitor is a Facebook user but does not want Facebook to collect and store their data from our website, they must log out of Facebook and delete cookies before accessing our website. Further settings and objections to the use of data for advertising purposes can be managed within Facebook profile settings. The settings are saved for all devices.

IX. Marketing services

  1. Google Ads

    1.1. Scope of the processing

Google Ads is an advertisement tool through which targeted words in Google searches will give you a quicker access to our website.

Following data is processed through Google:

  • Data about the apps, browsers, and devices used to access Google services.
  • Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
  • Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
  • Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
  •  Searches
  • Content and ads which the user has viewed and interacted with.
  • Speaker and audio data in case of usage of the audio functions.
  •  Purchases
  • People with whom the user has communicated or shared content.
  • Activity on Google providers and on other websites and apps from third parties which use Google services.
  • If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
  • If necessary, google chrome history.
  • If necessary, name, email address, phone number, password, payment information.

Data which is processed through Google may be transferred to thirds.

1
.2 Legal basis and data subject rights

Your data is processed by Google with your consent according to Art. 6, 1., a) of the GDPR.

As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.

You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de

Google is an American company which is certified as compliant with data protection regulations under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

  1. Google Remarketing

We use the service Google Remarketing which is a service through which, after visiting our website, our ads may be included on other websites you visit with the same browser. This occurs with the setting of cookies on your browser with which your behaviour on different websites is gathered and analysed by Google. Google can therefore register previous visitors to our website. According to Google, no connection is made between data collected through Google Remarking and any further data Google may have about you. In particular, Google indicated that Remarketing data is pseudonymised.

  1. Use of Social Media icons or internet links

No personal data is transferred automatically when using social media icons of Facebook, Twitter, YouTube, etc. on our website. To prevent the automatic transfer of data to the social media provider, the setting of those services occurs through a link. No social media plugins are used for data protection purposes.

We do not have any joint control over the processing of your personal data for the purposes set out by these services.

Our presence on social media is part of our publicity in order to inform and exchange with the targeted groups.

All our social media are certified under the Privacy Shield Agreement as compliant with EU data protection regulations. Facebook: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active, Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

  1. Vimeo

To provide videos on our website, we use the service Vimeo with your consent (legal basis: Art. 6, 1., a) GDPR). This is a service of the Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

Part of the data processing through Vimeo occurs in the USA. Vimeo is certified as a compliant with EU data protection regulations under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active

If you visit a page of our website on which a video is embedded, a connection is created with the Vimeo servers in the USA. For technical reasons, it is necessary for Vimeo to process your IP address. Additionally, information about the date and time of your visit is collected. If you are logged in on Vimeo when visiting a page on which a Vimeo-video is embedded, Vimeo can associate the data to the personal data on your profile with your consent.

For the purpose of functionality and user analysis, Vimeo uses the web analysis tool Google Analytics (legal basis: Art. 6, 1, a) GDPR). Google Analytics sets cookies on your device through your browser in order to store information about your use of our webpages on which a Vimeo video is embedded. It is not to be excluded that the data is processed by Google in the USA.

You can find further information in the data protection policy of Vimeo: https://vimeo.com/privacy

X. Safety management

  1. Google reCAPTCHA

    1.1. Scope of the processing

Google reCAPTCHA is used as a security feature on our website in order to protect our website as well as its users from spam and other security attacks.

Following data is processed through Google:

  • Data about the apps, browsers, and devices used to access Google services.
  • Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
  • Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
  • Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
  •  Searches
  • Content and ads which the user has viewed and interacted with.
  • Speaker and audio data in case of usage of the audio functions.
  •  Purchases
  • People with whom the user has communicated or shared content.
  • Activity on Google providers and on other websites and apps from third parties which use Google services.
  • If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
  • If necessary, google chrome history.
  • If necessary, name, email address, phone number, password, payment information.

Data which is processed through Google may be transferred to thirds.

1
.2. Legal basis and user rights

The legal basis for the processing is your consent according to Art. 6, 1., a) of the GDPR.

As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.

You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de

Google is an American company which is certified as compliant with data protection regulations under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

XI. Fonts

Google Fonts

  1. Scope of the processing

Google Fonts is a font service provided by Google which is used on our website. In order to implement this function, Google sets cookies on your browser.

Following data is processed through Google:

  • Data about the apps, browsers, and devices used to access Google services.
  • Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
  • Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
  • Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
  •  Searches.
  • Content and ads which the user has viewed and interacted with.
  • Speaker and audio data in case of usage of the audio functions.
  •  Purchases.
  • People with whom the user has communicated or shared content.
  • Activity on Google providers and on other websites and apps from third parties which use Google services.
  • If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
  • If necessary, google chrome history.
  • If necessary, name, email address, phone number, password, payment information.

Data which is processed through Google may be transferred to thirds.

  1. Legal basis and user rights

The legal basis is your consent according to Art. 6, 1., a) of the GDPR

As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.

You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de

Google is an American company which is certified as compliant with data protection regulations under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

XII. Data subject rights

  1. Right to access (Art. 15 GDPR)

You can request a confirmation whether we process your personal data at any time. Unless exceedingly frequent, this request is free of cost. If data processing occurs, you have a right to the following information:

  • The purpose of the processing
  • The categories of processed data
  • The recipients or categories of recipients to whom the personal data is transferred, especially recipients in third countries or in international organisations
  • If possible, the duration of the processing or, if not possible, the criteria to determine that duration
  • The existence of a right to rectification and erasure of your personal data or restriction of the processing by the controller or to object the processing
  • The existence of a right to complain
  • If the data was not collected from the data subject, the origin of the data
  • The existence of automated decision-making, including profiling according to Art. 24, 1., and 4., and in those cases at least, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  1. Right to rectification Art. 16 GDPR

Should you processed data not be correct or complete, you have the right to rectification or completion. The modification is to be executed by us without delay.

  1. Right to restriction of the processing, Art. 18 GDPR

In the following situations, you can request that the processing of your personal data be restricted:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

  1. Right to erasure

Unless a legitimate interest prevents it, you have the right to request the deletion of your data at any time.

  1. Objection

Any data processing based on the data subject’s consent can be ended upon the objection to the consent. The objection can be formulated at any time and is valid in the future. Due to our duty of accountability, we must store consent forms. As such, the objection must be done in writing. An email is sufficient for this purpose.